Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google and Yahoo sign in blocked on all browsers [Closed]


  • This topic is locked This topic is locked

#1
Neilonekenobi

Neilonekenobi

    New Member

  • Member
  • Pip
  • 4 posts
I recall visiting a seemingly innocuous untrusted site shortly before my woes began. Lesson learned.

I have had trouble with Windows 7 sleeping, waking, and starting up. Whenever I try to log in to Google or Yahoo I get an 'untrusted site' warning in all browsers (I've tried Firefox, IE, Safari and Opera) and if I accept the untrusted site it appears to serve me a fake login page and not allow me to log in. It will even prevent me navigating to password recovery in Gmail.

I can still access my gmail through Thunderbird - although it seems a little funny at least there's some connection there. I can't access my yahoo emails at all, which is a wee inconvenience.

What has my system got and how do I remove it? I've run every antivirus and rootkit remover under the sun, avast, microsoft security essentials, Kaspersky TDSKiller, Antimalwarebytes, et cetera.

Also tried to boot Windows Defender offline from a flash disc and it won't work.

Anything to be done?
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please don't run any scans except what I instruct you while we are working together, as this can confuse my efforts. Did any of the scans you have run so far turn up anything?

Let's take a look:



Please download Farbar Recovery Scan Tool and save it to your desktop.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
Neilonekenobi

Neilonekenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

And thank you. Yes, GMER and Hijackthis both showed 'bad' stuff. The first time Hijackthis ran it analysed and seemed to show something but before I could properly read it the system crashed and blue screened. I re ran Hijack this and had to cut and paste the log to the hijackthis website which showed some bad things - particularly a URL hook that when I deleted I got access to my emails again, only the URL hook regenerates fast and blocks me again. GMER's log had bad things in it according to hijackthis website where I pasted it for analysis.

I downloaded Farbar Recovery Scan Tool as you suggested and below are the log results.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by Neil (administrator) on 06-08-2013 09:34:58
Running from C:\Users\Neil\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(FTR Pty. Ltd.) C:\Program Files (x86)\FTR\ForTheRecord\FTRSearchFolders.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Trend Micro Inc.) E:\1HijackThis2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-15] (SUPERAntiSpyware.com)
MountPoints2: {03eb8da2-6370-11e2-af5c-806e6f6e6963} - CD Wizard.exe
MountPoints2: {0f501b76-ce36-11e2-92fc-047d7b368ea5} - E:\Setup.exe
MountPoints2: {736f5cfb-fd5d-11e2-a6d6-001374000000} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A13B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
MountPoints2: {87f1e455-7182-11e2-9af1-047d7b368ea5} - E:\setup_QuickStart.exe
MountPoints2: {b08583a4-e1e0-11e2-b60f-047d7b368ea5} - E:\Setup.exe
MountPoints2: {d38ae019-dd67-11e2-b0b9-047d7b368ea5} - E:\Setup.exe
MountPoints2: {dae2876f-d00c-11e2-b5f3-047d7b368ea5} - F:\Setup.exe
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-30] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-11] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FTR Search Folders] - C:\Program Files (x86)\FTR\ForTheRecord\FTRSearchFolders.exe [94208 2012-12-06] (FTR Pty. Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
SearchScopes: HKLM - DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {5DBF0043-899B-4B69-87A5-34555198C7C2} http://winscribe.pac...ibeWebSetup.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 202.69.110.111 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\6yflg091.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SimilarWeb) - C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp\2.0.0.1_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 09:34 - 2013-08-06 09:34 - 00000000 ____D C:\FRST
2013-08-06 09:31 - 2013-08-06 09:31 - 00000015 _____ C:\Users\Neil\Desktop\geeks to go password.txt
2013-08-06 09:27 - 2013-08-06 09:28 - 01788685 _____ (Farbar) C:\Users\Neil\Desktop\FRST64.exe
2013-08-06 00:22 - 2013-08-06 00:22 - 00012122 _____ C:\Users\Neil\Desktop\hijackthis1
2013-08-06 00:04 - 2013-08-06 00:04 - 00001721 _____ C:\Users\Neil\Desktop\gmer log.log
2013-08-05 23:44 - 2013-08-05 23:44 - 00000288 _____ C:\Users\Neil\Downloads\RootkitRemover20130805234420.txt
2013-08-05 23:33 - 2013-08-05 23:33 - 00000008 _____ C:\Users\Neil\Desktop\new password.txt
2013-08-05 23:31 - 2013-08-05 23:31 - 00001105 _____ C:\Users\Public\Desktop\Express Zip.lnk
2013-08-05 23:24 - 2013-08-05 23:27 - 00000000 ____D C:\Users\Neil\Downloads\backups
2013-08-05 23:19 - 2013-08-05 23:19 - 00292288 _____ C:\windows\Minidump\080513-29016-01.dmp
2013-08-05 23:19 - 2013-08-05 23:19 - 00000000 ____D C:\windows\Minidump
2013-08-05 23:18 - 2013-08-05 23:18 - 979258949 _____ C:\windows\MEMORY.DMP
2013-08-05 23:15 - 2013-08-05 23:39 - 00011660 _____ C:\Users\Neil\Downloads\hijackthis.log
2013-08-05 23:10 - 2013-08-05 23:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Neil\Downloads\Hijack1This2.exe
2013-08-05 23:02 - 2013-08-05 23:03 - 03307552 _____ (PortableApps.com) C:\Users\Neil\Downloads\PortableApps.com_Platform_Setup_11.2.exe
2013-08-05 22:45 - 2013-08-05 22:45 - 00208216 _____ (Kaspersky Lab, GERT) C:\windows\system32\Drivers\76286478.sys
2013-08-05 22:40 - 2013-08-05 22:40 - 00000227 _____ C:\Users\Neil\Downloads\mbr.log
2013-08-05 22:38 - 2013-08-05 22:38 - 00089088 _____ C:\Users\Neil\Downloads\ab48ab.exe
2013-08-05 22:36 - 2013-08-05 22:36 - 00377856 _____ C:\Users\Neil\Downloads\q6dy1m1r.exe
2013-08-05 21:17 - 2013-08-05 21:18 - 02014704 _____ (Google) C:\Users\Neil\Desktop\GoogleDesktopSetup.exe
2013-08-05 21:15 - 2013-08-05 21:15 - 00022003 _____ C:\ComboFix.txt
2013-08-05 19:02 - 2013-08-06 15:34 - 00000000 ____D C:\windows\erdnt
2013-08-05 19:02 - 2013-08-05 21:15 - 00000000 ____D C:\Qoobox
2013-08-05 18:48 - 2013-08-05 18:49 - 00002958 _____ C:\Users\Neil\Desktop\Rkill.txt
2013-08-05 18:39 - 2013-08-06 15:34 - 00000000 ____D C:\Program Files (x86)\Opera
2013-08-05 18:39 - 2013-08-05 18:39 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Opera Software
2013-08-05 18:39 - 2013-08-05 18:39 - 00000000 ____D C:\Users\Neil\AppData\Local\Opera Software
2013-08-05 18:01 - 2013-08-06 15:34 - 00000000 ____D C:\cb5b39c98904fc3399a1f334
2013-08-05 17:54 - 2013-08-05 17:54 - 00000000 ____D C:\Users\Neil\AppData\Roaming\GetRightToGo
2013-08-05 15:10 - 2013-08-05 15:10 - 00000112 ___RH C:\Users\Neil\Downloads\Stinger.opt
2013-08-05 14:31 - 2013-08-05 14:31 - 00000000 ____D C:\Stinger_Quarantine
2013-08-05 14:30 - 2013-08-05 14:30 - 00494388 _____ C:\Users\Neil\Downloads\runtime.dat
2013-08-05 14:19 - 2013-08-05 14:19 - 00002262 _____ C:\Users\Neil\Desktop\HitmanPro_20130805_1419.log
2013-08-05 14:13 - 2013-08-05 14:19 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-05 13:29 - 2013-08-05 13:32 - 00000000 ____D C:\Users\Neil\Downloads\TMRBLog
2013-08-05 13:29 - 2013-08-05 13:29 - 00000000 ____D C:\Users\Neil\Downloads\log
2013-08-05 13:05 - 2013-08-05 13:10 - 19275792 _____ (Bitdefender LLC) C:\Users\Neil\Downloads\BootkitRemoval_x64.exe
2013-08-05 12:18 - 2013-08-05 12:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-05 12:15 - 2013-08-05 12:15 - 00001424 _____ C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-05 11:31 - 2013-08-05 11:31 - 00846864 _____ (Microsoft Corporation) C:\Users\Neil\Downloads\IE10-Windows6.1-en-us.exe
2013-08-05 10:54 - 2013-08-05 10:54 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-05 10:45 - 2013-08-06 09:23 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 10:45 - 2013-08-06 09:23 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 96a171f5-05c1-468f-80a2-e687421985b0.job
2013-08-05 10:45 - 2013-08-06 02:00 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 86031341-a712-4b5b-bc21-5e482ab89f6a.job
2013-08-05 10:45 - 2013-08-06 00:17 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 10:45 - 2013-08-05 11:09 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-05 10:45 - 2013-08-05 11:09 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-05 10:45 - 2013-08-05 10:45 - 00003578 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 86031341-a712-4b5b-bc21-5e482ab89f6a
2013-08-05 10:45 - 2013-08-05 10:45 - 00003504 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 96a171f5-05c1-468f-80a2-e687421985b0
2013-08-05 10:45 - 2013-08-05 10:45 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-05 10:45 - 2013-08-05 10:45 - 00000000 ____D C:\Users\Neil\AppData\Roaming\SUPERAntiSpyware.com
2013-08-05 10:44 - 2013-08-05 10:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-05 10:44 - 2013-08-05 10:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-05 10:37 - 2013-08-05 10:38 - 00000288 _____ C:\Users\Neil\Downloads\RootkitRemover20130805103721.txt
2013-08-05 10:37 - 2013-08-05 10:38 - 00000288 _____ C:\Users\Neil\Downloads\RootkitRemover20130805103720.txt
2013-08-05 10:35 - 2013-08-05 10:35 - 00551408 _____ (McAfee, Inc.) C:\Users\Neil\Downloads\rootkitremover.exe
2013-08-05 10:29 - 2013-08-05 10:34 - 26851216 _____ (SUPERAntiSpyware) C:\Users\Neil\Downloads\SUPERAntiSpyware.exe
2013-08-05 09:55 - 2013-08-05 09:55 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-05 09:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-05 09:52 - 2013-08-05 09:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-05 09:50 - 2013-08-05 09:51 - 02347384 _____ (ESET) C:\Users\Neil\Downloads\esetsmartinstaller_enu.exe
2013-08-05 09:43 - 2013-08-05 09:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 01:47 - 2013-08-05 09:10 - 00000000 ____D C:\Program Files (x86)\Safari
2013-08-05 01:39 - 2013-08-05 01:39 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Malwarebytes
2013-08-05 01:38 - 2013-08-05 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 01:38 - 2013-08-05 01:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 01:16 - 2013-08-05 01:16 - 00000000 ____D C:\Users\Neil\Desktop\The Master of Wisdom
2013-08-02 15:53 - 2013-08-02 15:53 - 00000000 ____D C:\Users\Neil\AppData\Roaming\tor
2013-08-01 22:34 - 2013-08-02 13:17 - 00000000 ____D C:\Users\Neil\Desktop\Auscript
2013-07-26 23:30 - 2013-08-05 09:26 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-26 23:29 - 2013-07-26 23:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-26 22:58 - 2013-07-26 22:58 - 00004353 _____ C:\Users\Neil\Desktop\ip.txt
2013-07-26 22:04 - 2013-08-05 17:42 - 00000000 ____D C:\Users\Neil\AppData\Roaming\EurekaLog
2013-07-25 18:28 - 2013-07-25 18:28 - 00000043 _____ C:\Users\Neil\Documents\ipcam.txt
2013-07-25 17:37 - 2013-07-25 17:38 - 00000992 _____ C:\Users\Public\Desktop\IP Camera Tool.lnk
2013-07-25 17:33 - 2013-07-25 17:46 - 00000000 ____D C:\Program Files (x86)\IP Camera Super Client
2013-07-25 17:33 - 2013-07-25 17:33 - 00000994 _____ C:\Users\Neil\Desktop\IP Camera Super Client.lnk
2013-07-25 17:33 - 2012-12-24 14:19 - 01863640 _____ (TODO: <公司名>) C:\windows\SysWOW64\oPlayer.ocx
2013-07-25 17:33 - 2012-12-24 14:19 - 00394200 _____ C:\windows\SysWOW64\H264Decoder.dll
2013-07-25 17:33 - 2011-12-09 09:51 - 00352256 _____ (H264) C:\windows\SysWOW64\Video.ocx
2013-07-25 17:33 - 2011-12-08 19:59 - 00057344 _____ () C:\windows\SysWOW64\PlaySdk.dll
2013-07-25 17:33 - 2011-06-26 10:37 - 00040960 _____ (WwW.YlmF.CoM) C:\windows\SysWOW64\CamSearch.ocx
2013-07-25 17:33 - 2011-06-04 13:33 - 00036864 _____ () C:\windows\SysWOW64\Socket.dll
2013-07-22 13:31 - 2013-07-22 13:36 - 21728904 _____ (Microsoft Corporation) C:\Users\Neil\Downloads\Windows-KB890830-x64-V5.2.exe
2013-07-22 12:21 - 2013-07-22 12:21 - 00000000 ____D C:\Users\Neil\AppData\Roaming\ResearchWare
2013-07-22 11:53 - 2013-07-22 11:55 - 12783616 _____ (Researchware, Inc.) C:\Users\Neil\Downloads\HyperTRANSCRIBE160_Installer.exe
2013-07-22 09:40 - 2013-05-09 18:59 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-07-21 22:17 - 2013-07-21 22:17 - 00015454 _____ C:\Users\Neil\Desktop\imgres.htm
2013-07-21 15:42 - 2013-07-21 15:42 - 02246990 _____ C:\Users\Neil\Downloads\Transcribe! v8.31 Full + Patch by nitincin1team.rar
2013-07-21 11:19 - 2013-07-21 11:19 - 00000000 ____D C:\Users\Neil\AppData\Roaming\QuickScan
2013-07-21 01:18 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\VoiceWalker
2013-07-21 01:18 - 2013-07-21 01:18 - 00001046 _____ C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VoiceWalker.LNK
2013-07-21 01:17 - 2013-07-21 01:18 - 03037251 _____ C:\Users\Neil\Downloads\vwalker2.zip
2013-07-21 01:16 - 2013-07-21 01:16 - 00000218 _____ C:\Users\Neil\.recently-used.xbel
2013-07-21 01:07 - 2013-07-21 01:07 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TranscriberAG
2013-07-21 01:06 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\TranscriberAG
2013-07-21 01:02 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\Transcriber
2013-07-21 00:59 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-07-21 00:46 - 2013-07-21 00:51 - 00000000 ____D C:\Users\Neil\AppData\Roaming\InqScribe
2013-07-21 00:43 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\InqScribe
2013-07-21 00:38 - 2013-07-21 16:01 - 00000000 ____D C:\windows\System32\Tasks\NCH Swift Sound
2013-07-21 00:38 - 2013-07-21 00:38 - 00000000 ____D C:\ProgramData\NCH Swift Sound
2013-07-20 23:52 - 2013-07-22 09:16 - 00000000 ____D C:\Users\Neil\AppData\Roaming\gtk-2.0
2013-07-20 23:52 - 2013-07-21 01:13 - 00000000 ____D C:\Users\Neil\WorkAG
2013-07-20 23:52 - 2013-07-21 01:12 - 00000000 ____D C:\Users\Neil\.TransAG-log
2013-07-20 23:52 - 2013-07-21 01:12 - 00000000 ____D C:\Users\Neil\.TransAG
2013-07-20 23:50 - 2013-07-22 09:16 - 00000000 ____D C:\windows\SysWOW64\Adobe
2013-07-20 23:36 - 2005-08-12 19:04 - 00606208 _____ () C:\windows\system32\CoreAAC.ax
2013-07-20 23:25 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\The FTW Transcriber
2013-07-20 21:06 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\Transcribe!
2013-07-20 21:05 - 2013-07-20 21:05 - 00001351 _____ C:\Users\Neil\Documents\AutoHotkey.ahk
2013-07-20 21:03 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files\AutoHotkey
2013-07-20 20:50 - 2013-07-22 09:16 - 00000000 ____D C:\Program Files (x86)\AST
2013-07-20 20:45 - 2013-07-22 09:16 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Audacity
2013-07-20 20:35 - 2013-07-20 20:38 - 04250753 _____ C:\Users\Neil\Downloads\AudacityTranscriber_Setup.zip
2013-07-20 12:43 - 2013-08-05 11:56 - 00000000 ____D C:\Users\Neil\Desktop\The Transcription People
2013-07-16 05:09 - 2013-07-16 05:09 - 00000027 _____ C:\Users\Neil\Desktop\MOnica's email address.txt
2013-07-12 01:59 - 2013-06-12 09:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-12 01:59 - 2013-06-12 09:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-12 01:59 - 2013-06-12 09:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-12 01:59 - 2013-06-12 09:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-12 01:59 - 2013-06-12 09:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-12 01:59 - 2013-06-12 09:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-12 01:59 - 2013-06-12 09:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-12 01:59 - 2013-06-12 09:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-12 01:59 - 2013-06-12 09:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-12 01:59 - 2013-06-12 09:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-12 01:59 - 2013-06-12 09:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-12 01:59 - 2013-06-12 09:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-12 01:59 - 2013-06-12 09:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-12 01:59 - 2013-06-12 09:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-12 01:59 - 2013-06-12 09:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-12 01:59 - 2013-06-12 09:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-12 01:59 - 2013-06-12 09:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-12 01:59 - 2013-06-12 09:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-12 01:59 - 2013-06-12 08:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 01:59 - 2013-06-12 08:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-12 01:59 - 2013-06-07 13:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-12 01:59 - 2013-06-07 12:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-10 18:03 - 2013-06-04 16:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 18:03 - 2013-06-04 14:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 18:03 - 2013-05-06 16:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 18:03 - 2013-05-06 14:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-10 17:58 - 2013-06-05 13:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 17:57 - 2013-04-10 09:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 17:57 - 2013-04-03 08:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 16:42 - 2013-07-10 17:03 - 51986432 _____ C:\Users\Neil\Downloads\Alfred_Health_Focus_Group_CE_July_9__2013.WMA
2013-07-09 14:29 - 2013-07-23 03:23 - 00000000 ____D C:\Users\Neil\.frostwire5
2013-07-09 14:29 - 2013-07-09 14:30 - 00000000 ____D C:\Users\Neil\FrostWire
2013-07-09 10:39 - 2013-07-09 10:39 - 00002057 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-07-09 10:39 - 2013-07-09 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-08 23:07 - 2013-06-24 12:50 - 00000000 ____D C:\Users\Neil\Downloads\Tor Browser
2013-07-08 22:56 - 2013-07-08 22:56 - 00000098 _____ C:\Users\Neil\Desktop\Important emails.txt
2013-07-08 22:49 - 2013-07-08 22:49 - 00001490 _____ C:\Users\Neil\AppData\Local\recently-used.xbel
2013-07-08 22:30 - 2013-07-08 22:30 - 00000000 ____D C:\Users\Neil\AppData\Local\webkit
2013-07-08 19:21 - 2013-07-08 22:49 - 05854910 _____ C:\Users\Neil\Downloads\Deprive injustice of her children.xcf
2013-07-08 18:32 - 2013-07-08 18:41 - 18815928 _____ (FrostWire Team) C:\Users\Neil\Downloads\frostwire-5.6.2.windows.exe
2013-07-08 11:55 - 2013-07-08 11:55 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Thunderbird
2013-07-08 11:55 - 2013-07-08 11:55 - 00000000 ____D C:\Users\Neil\AppData\Local\Thunderbird
2013-07-08 11:34 - 2013-07-08 11:43 - 19669472 _____ (Mozilla) C:\Users\Neil\Downloads\Thunderbird Setup 17.0.7.exe
2013-07-08 09:51 - 2013-07-08 22:56 - 00000137 _____ C:\Users\Neil\Desktop\8_7_13 open.txt
2013-07-07 18:04 - 2013-07-07 20:42 - 24916996 _____ C:\Users\Neil\Downloads\WS116202.WMA
2013-07-07 00:56 - 2013-07-15 04:15 - 00000752 _____ C:\Users\Neil\Desktop\Data on Natalia.txt

==================== One Month Modified Files and Folders =======

2013-08-06 16:11 - 2013-06-20 16:27 - 00000000 ____D C:\ProgramData\WinScribe
2013-08-06 16:11 - 2013-06-20 16:27 - 00000000 ____D C:\Program Files (x86)\WinScribe
2013-08-06 16:11 - 2013-05-24 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-06 16:11 - 2013-05-05 20:59 - 00000000 ____D C:\Users\Neil\AppData\Roaming\vlc
2013-08-06 16:11 - 2009-07-14 13:20 - 00000000 ____D C:\windows\system32\NDF
2013-08-06 16:10 - 2013-01-26 12:50 - 00000000 ____D C:\Users\hedev
2013-08-06 16:10 - 2009-07-14 13:20 - 00000000 ____D C:\windows\registration
2013-08-06 15:34 - 2013-08-05 19:02 - 00000000 ____D C:\windows\erdnt
2013-08-06 15:34 - 2013-08-05 18:39 - 00000000 ____D C:\Program Files (x86)\Opera
2013-08-06 15:34 - 2013-08-05 18:01 - 00000000 ____D C:\cb5b39c98904fc3399a1f334
2013-08-06 09:34 - 2013-08-06 09:34 - 00000000 ____D C:\FRST
2013-08-06 09:31 - 2013-08-06 09:31 - 00000015 _____ C:\Users\Neil\Desktop\geeks to go password.txt
2013-08-06 09:28 - 2013-08-06 09:27 - 01788685 _____ (Farbar) C:\Users\Neil\Desktop\FRST64.exe
2013-08-06 09:27 - 2009-07-14 15:13 - 00779266 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-06 09:23 - 2013-08-05 10:45 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 09:23 - 2013-08-05 10:45 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 96a171f5-05c1-468f-80a2-e687421985b0.job
2013-08-06 02:00 - 2013-08-05 10:45 - 00000508 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 86031341-a712-4b5b-bc21-5e482ab89f6a.job
2013-08-06 00:24 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 00:24 - 2009-07-14 14:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 00:22 - 2013-08-06 00:22 - 00012122 _____ C:\Users\Neil\Desktop\hijackthis1
2013-08-06 00:20 - 2013-01-21 12:07 - 01755691 _____ C:\windows\WindowsUpdate.log
2013-08-06 00:17 - 2013-08-05 10:45 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 00:17 - 2013-01-22 17:59 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-08-06 00:16 - 2013-02-20 21:06 - 00045358 _____ C:\windows\setupact.log
2013-08-06 00:16 - 2013-01-21 12:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-06 00:16 - 2010-11-21 13:47 - 00453538 _____ C:\windows\PFRO.log
2013-08-06 00:16 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-06 00:11 - 2013-01-21 19:34 - 00000000 ____D C:\Users\Neil
2013-08-06 00:04 - 2013-08-06 00:04 - 00001721 _____ C:\Users\Neil\Desktop\gmer log.log
2013-08-05 23:44 - 2013-08-05 23:44 - 00000288 _____ C:\Users\Neil\Downloads\RootkitRemover20130805234420.txt
2013-08-05 23:39 - 2013-08-05 23:15 - 00011660 _____ C:\Users\Neil\Downloads\hijackthis.log
2013-08-05 23:33 - 2013-08-05 23:33 - 00000008 _____ C:\Users\Neil\Desktop\new password.txt
2013-08-05 23:31 - 2013-08-05 23:31 - 00001105 _____ C:\Users\Public\Desktop\Express Zip.lnk
2013-08-05 23:31 - 2013-01-26 07:52 - 00000000 ____D C:\ProgramData\NCH Software
2013-08-05 23:31 - 2013-01-26 07:52 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-08-05 23:27 - 2013-08-05 23:24 - 00000000 ____D C:\Users\Neil\Downloads\backups
2013-08-05 23:19 - 2013-08-05 23:19 - 00292288 _____ C:\windows\Minidump\080513-29016-01.dmp
2013-08-05 23:19 - 2013-08-05 23:19 - 00000000 ____D C:\windows\Minidump
2013-08-05 23:18 - 2013-08-05 23:18 - 979258949 _____ C:\windows\MEMORY.DMP
2013-08-05 23:13 - 2013-01-23 17:20 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Skype
2013-08-05 23:10 - 2013-08-05 23:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Neil\Downloads\Hijack1This2.exe
2013-08-05 23:03 - 2013-08-05 23:02 - 03307552 _____ (PortableApps.com) C:\Users\Neil\Downloads\PortableApps.com_Platform_Setup_11.2.exe
2013-08-05 22:45 - 2013-08-05 22:45 - 00208216 _____ (Kaspersky Lab, GERT) C:\windows\system32\Drivers\76286478.sys
2013-08-05 22:40 - 2013-08-05 22:40 - 00000227 _____ C:\Users\Neil\Downloads\mbr.log
2013-08-05 22:38 - 2013-08-05 22:38 - 00089088 _____ C:\Users\Neil\Downloads\ab48ab.exe
2013-08-05 22:36 - 2013-08-05 22:36 - 00377856 _____ C:\Users\Neil\Downloads\q6dy1m1r.exe
2013-08-05 22:33 - 2013-01-30 07:30 - 00000000 ____D C:\Users\Neil\Desktop\Pacific Solutions
2013-08-05 21:18 - 2013-08-05 21:17 - 02014704 _____ (Google) C:\Users\Neil\Desktop\GoogleDesktopSetup.exe
2013-08-05 21:15 - 2013-08-05 21:15 - 00022003 _____ C:\ComboFix.txt
2013-08-05 21:15 - 2013-08-05 19:02 - 00000000 ____D C:\Qoobox
2013-08-05 18:49 - 2013-08-05 18:48 - 00002958 _____ C:\Users\Neil\Desktop\Rkill.txt
2013-08-05 18:39 - 2013-08-05 18:39 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Opera Software
2013-08-05 18:39 - 2013-08-05 18:39 - 00000000 ____D C:\Users\Neil\AppData\Local\Opera Software
2013-08-05 17:54 - 2013-08-05 17:54 - 00000000 ____D C:\Users\Neil\AppData\Roaming\GetRightToGo
2013-08-05 17:42 - 2013-07-26 22:04 - 00000000 ____D C:\Users\Neil\AppData\Roaming\EurekaLog
2013-08-05 15:10 - 2013-08-05 15:10 - 00000112 ___RH C:\Users\Neil\Downloads\Stinger.opt
2013-08-05 14:31 - 2013-08-05 14:31 - 00000000 ____D C:\Stinger_Quarantine
2013-08-05 14:30 - 2013-08-05 14:30 - 00494388 _____ C:\Users\Neil\Downloads\runtime.dat
2013-08-05 14:19 - 2013-08-05 14:19 - 00002262 _____ C:\Users\Neil\Desktop\HitmanPro_20130805_1419.log
2013-08-05 14:19 - 2013-08-05 14:13 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-05 13:32 - 2013-08-05 13:29 - 00000000 ____D C:\Users\Neil\Downloads\TMRBLog
2013-08-05 13:29 - 2013-08-05 13:29 - 00000000 ____D C:\Users\Neil\Downloads\log
2013-08-05 13:10 - 2013-08-05 13:05 - 19275792 _____ (Bitdefender LLC) C:\Users\Neil\Downloads\BootkitRemoval_x64.exe
2013-08-05 12:45 - 2011-04-08 21:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-05 12:45 - 2011-04-08 21:05 - 00000000 ____D C:\Program Files\Toshiba
2013-08-05 12:18 - 2013-08-05 12:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-05 12:15 - 2013-08-05 12:15 - 00001424 _____ C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-05 11:56 - 2013-07-20 12:43 - 00000000 ____D C:\Users\Neil\Desktop\The Transcription People
2013-08-05 11:44 - 2013-04-16 08:57 - 00011002 _____ C:\windows\IE10_main.log
2013-08-05 11:31 - 2013-08-05 11:31 - 00846864 _____ (Microsoft Corporation) C:\Users\Neil\Downloads\IE10-Windows6.1-en-us.exe
2013-08-05 11:20 - 2009-07-14 13:20 - 00000000 ____D C:\windows\LiveKernelReports
2013-08-05 11:09 - 2013-08-05 10:45 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-05 11:09 - 2013-08-05 10:45 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-05 10:54 - 2013-08-05 10:54 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-08-05 10:45 - 2013-08-05 10:45 - 00003578 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 86031341-a712-4b5b-bc21-5e482ab89f6a
2013-08-05 10:45 - 2013-08-05 10:45 - 00003504 _____ C:\windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 96a171f5-05c1-468f-80a2-e687421985b0
2013-08-05 10:45 - 2013-08-05 10:45 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-05 10:45 - 2013-08-05 10:45 - 00000000 ____D C:\Users\Neil\AppData\Roaming\SUPERAntiSpyware.com
2013-08-05 10:45 - 2013-08-05 10:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-05 10:45 - 2013-01-22 17:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-05 10:44 - 2013-08-05 10:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-05 10:38 - 2013-08-05 10:37 - 00000288 _____ C:\Users\Neil\Downloads\RootkitRemover20130805103721.txt
2013-08-05 10:38 - 2013-08-05 10:37 - 00000288 _____ C:\Users\Neil\Downloads\RootkitRemover20130805103720.txt
2013-08-05 10:35 - 2013-08-05 10:35 - 00551408 _____ (McAfee, Inc.) C:\Users\Neil\Downloads\rootkitremover.exe
2013-08-05 10:34 - 2013-08-05 10:29 - 26851216 _____ (SUPERAntiSpyware) C:\Users\Neil\Downloads\SUPERAntiSpyware.exe
2013-08-05 09:55 - 2013-08-05 09:55 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-05 09:55 - 2013-08-05 01:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 09:52 - 2013-08-05 09:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-05 09:51 - 2013-08-05 09:50 - 02347384 _____ (ESET) C:\Users\Neil\Downloads\esetsmartinstaller_enu.exe
2013-08-05 09:49 - 2013-08-05 09:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Neil\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-05 09:28 - 2013-01-22 17:59 - 00001933 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-05 09:28 - 2013-01-22 17:59 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-08-05 09:26 - 2013-07-26 23:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-08-05 09:26 - 2013-06-25 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-05 09:26 - 2013-06-09 23:32 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Mozilla
2013-08-05 09:26 - 2013-02-04 06:50 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-08-05 09:26 - 2013-02-04 06:46 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-08-05 09:26 - 2013-01-26 21:56 - 00000000 ____D C:\Users\Neil\AppData\Local\Microsoft Help
2013-08-05 09:26 - 2009-07-14 13:20 - 00000000 ____D C:\windows\AppCompat
2013-08-05 09:10 - 2013-08-05 01:47 - 00000000 ____D C:\Program Files (x86)\Safari
2013-08-05 01:39 - 2013-08-05 01:39 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Malwarebytes
2013-08-05 01:38 - 2013-08-05 01:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 01:16 - 2013-08-05 01:16 - 00000000 ____D C:\Users\Neil\Desktop\The Master of Wisdom
2013-08-02 15:53 - 2013-08-02 15:53 - 00000000 ____D C:\Users\Neil\AppData\Roaming\tor
2013-08-02 13:17 - 2013-08-01 22:34 - 00000000 ____D C:\Users\Neil\Desktop\Auscript
2013-07-26 23:29 - 2013-07-26 23:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-26 22:58 - 2013-07-26 22:58 - 00004353 _____ C:\Users\Neil\Desktop\ip.txt
2013-07-25 20:25 - 2013-01-23 17:13 - 00000000 ____D C:\Users\Neil\AppData\Local\CrashDumps
2013-07-25 18:28 - 2013-07-25 18:28 - 00000043 _____ C:\Users\Neil\Documents\ipcam.txt
2013-07-25 17:46 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\IP Camera Super Client
2013-07-25 17:38 - 2013-07-25 17:37 - 00000992 _____ C:\Users\Public\Desktop\IP Camera Tool.lnk
2013-07-25 17:33 - 2013-07-25 17:33 - 00000994 _____ C:\Users\Neil\Desktop\IP Camera Super Client.lnk
2013-07-23 16:23 - 2013-02-08 18:31 - 00000000 ____D C:\Users\Neil\Documents\Bluetooth
2013-07-23 16:23 - 2013-01-21 19:44 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Toshiba
2013-07-23 09:53 - 2013-06-08 23:48 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Apple Computer
2013-07-23 03:24 - 2013-05-29 10:37 - 00000000 ____D C:\Program Files (x86)\Sony
2013-07-23 03:24 - 2013-02-11 20:33 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-23 03:23 - 2013-07-09 14:29 - 00000000 ____D C:\Users\Neil\.frostwire5
2013-07-22 13:36 - 2013-07-22 13:31 - 21728904 _____ (Microsoft Corporation) C:\Users\Neil\Downloads\Windows-KB890830-x64-V5.2.exe
2013-07-22 13:12 - 2013-06-08 23:48 - 00000000 ____D C:\Users\Neil\AppData\Local\Apple Computer
2013-07-22 12:21 - 2013-07-22 12:21 - 00000000 ____D C:\Users\Neil\AppData\Roaming\ResearchWare
2013-07-22 11:55 - 2013-07-22 11:53 - 12783616 _____ (Researchware, Inc.) C:\Users\Neil\Downloads\HyperTRANSCRIBE160_Installer.exe
2013-07-22 09:16 - 2013-07-21 01:18 - 00000000 ____D C:\Program Files (x86)\VoiceWalker
2013-07-22 09:16 - 2013-07-21 01:06 - 00000000 ____D C:\Program Files (x86)\TranscriberAG
2013-07-22 09:16 - 2013-07-21 01:02 - 00000000 ____D C:\Program Files (x86)\Transcriber
2013-07-22 09:16 - 2013-07-21 00:59 - 00000000 ____D C:\Program Files (x86)\Audacity
2013-07-22 09:16 - 2013-07-21 00:43 - 00000000 ____D C:\Program Files (x86)\InqScribe
2013-07-22 09:16 - 2013-07-20 23:52 - 00000000 ____D C:\Users\Neil\AppData\Roaming\gtk-2.0
2013-07-22 09:16 - 2013-07-20 23:50 - 00000000 ____D C:\windows\SysWOW64\Adobe
2013-07-22 09:16 - 2013-07-20 23:25 - 00000000 ____D C:\Program Files (x86)\The FTW Transcriber
2013-07-22 09:16 - 2013-07-20 21:06 - 00000000 ____D C:\Program Files (x86)\Transcribe!
2013-07-22 09:16 - 2013-07-20 21:03 - 00000000 ____D C:\Program Files\AutoHotkey
2013-07-22 09:16 - 2013-07-20 20:50 - 00000000 ____D C:\Program Files (x86)\AST
2013-07-22 09:16 - 2013-07-20 20:45 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Audacity
2013-07-21 22:17 - 2013-07-21 22:17 - 00015454 _____ C:\Users\Neil\Desktop\imgres.htm
2013-07-21 16:01 - 2013-07-21 00:38 - 00000000 ____D C:\windows\System32\Tasks\NCH Swift Sound
2013-07-21 15:42 - 2013-07-21 15:42 - 02246990 _____ C:\Users\Neil\Downloads\Transcribe! v8.31 Full + Patch by nitincin1team.rar
2013-07-21 11:19 - 2013-07-21 11:19 - 00000000 ____D C:\Users\Neil\AppData\Roaming\QuickScan
2013-07-21 01:18 - 2013-07-21 01:18 - 00001046 _____ C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VoiceWalker.LNK
2013-07-21 01:18 - 2013-07-21 01:17 - 03037251 _____ C:\Users\Neil\Downloads\vwalker2.zip
2013-07-21 01:16 - 2013-07-21 01:16 - 00000218 _____ C:\Users\Neil\.recently-used.xbel
2013-07-21 01:13 - 2013-07-20 23:52 - 00000000 ____D C:\Users\Neil\WorkAG
2013-07-21 01:12 - 2013-07-20 23:52 - 00000000 ____D C:\Users\Neil\.TransAG-log
2013-07-21 01:12 - 2013-07-20 23:52 - 00000000 ____D C:\Users\Neil\.TransAG
2013-07-21 01:07 - 2013-07-21 01:07 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TranscriberAG
2013-07-21 00:51 - 2013-07-21 00:46 - 00000000 ____D C:\Users\Neil\AppData\Roaming\InqScribe
2013-07-21 00:38 - 2013-07-21 00:38 - 00000000 ____D C:\ProgramData\NCH Swift Sound
2013-07-20 21:05 - 2013-07-20 21:05 - 00001351 _____ C:\Users\Neil\Documents\AutoHotkey.ahk
2013-07-20 20:38 - 2013-07-20 20:35 - 04250753 _____ C:\Users\Neil\Downloads\AudacityTranscriber_Setup.zip
2013-07-16 05:09 - 2013-07-16 05:09 - 00000027 _____ C:\Users\Neil\Desktop\MOnica's email address.txt
2013-07-15 04:15 - 2013-07-07 00:56 - 00000752 _____ C:\Users\Neil\Desktop\Data on Natalia.txt
2013-07-12 09:06 - 2009-07-14 14:45 - 00342000 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-12 09:05 - 2010-11-21 17:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 09:05 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 09:05 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 17:03 - 2013-07-10 16:42 - 51986432 _____ C:\Users\Neil\Downloads\Alfred_Health_Focus_Group_CE_July_9__2013.WMA
2013-07-09 14:30 - 2013-07-09 14:29 - 00000000 ____D C:\Users\Neil\FrostWire
2013-07-09 10:39 - 2013-07-09 10:39 - 00002057 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-07-09 10:39 - 2013-07-09 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-08 23:04 - 2013-06-08 14:59 - 00000000 ____D C:\Users\Neil\AppData\Roaming\EVDO_General
2013-07-08 22:56 - 2013-07-08 22:56 - 00000098 _____ C:\Users\Neil\Desktop\Important emails.txt
2013-07-08 22:56 - 2013-07-08 09:51 - 00000137 _____ C:\Users\Neil\Desktop\8_7_13 open.txt
2013-07-08 22:53 - 2013-02-12 00:18 - 00000000 ____D C:\Users\Neil\.gimp-2.8
2013-07-08 22:49 - 2013-07-08 22:49 - 00001490 _____ C:\Users\Neil\AppData\Local\recently-used.xbel
2013-07-08 22:49 - 2013-07-08 19:21 - 05854910 _____ C:\Users\Neil\Downloads\Deprive injustice of her children.xcf
2013-07-08 22:30 - 2013-07-08 22:30 - 00000000 ____D C:\Users\Neil\AppData\Local\webkit
2013-07-08 18:41 - 2013-07-08 18:32 - 18815928 _____ (FrostWire Team) C:\Users\Neil\Downloads\frostwire-5.6.2.windows.exe
2013-07-08 11:55 - 2013-07-08 11:55 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Thunderbird
2013-07-08 11:55 - 2013-07-08 11:55 - 00000000 ____D C:\Users\Neil\AppData\Local\Thunderbird
2013-07-08 11:43 - 2013-07-08 11:34 - 19669472 _____ (Mozilla) C:\Users\Neil\Downloads\Thunderbird Setup 17.0.7.exe
2013-07-07 20:42 - 2013-07-07 18:04 - 24916996 _____ C:\Users\Neil\Downloads\WS116202.WMA

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 11:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013
Ran by Neil at 2013-08-06 09:35:23
Running from C:\Users\Neil\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Bluetooth Filter Driver Package (Version: 1.00.007)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36)
Atheros Driver Installation Program (x32 Version: 9.2)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.04(T))
Canon Easy-WebPrint EX (x32)
Canon IJ Scan Utility (x32)
Canon MP230 series MP Drivers (Version: 1.00)
Canon MP230 series On-screen Manual (x32 Version: 7.5.0)
Canon My Image Garden (x32 Version: 1.0.0)
Canon My Image Garden Design Files (x32 Version: 1.0.0)
Canon My Printer (x32 Version: 3.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition update for Microsoft Office 2010 (KB982726) (x32)
dradis 2.9 (x32 Version: 2.9)
ESET Online Scanner v3 (x32)
exant HD Audio (Version: 8.51.1.0)
Express Scribe (x32)
Express Zip (x32)
FTR TheRecord Player (x32 Version: 5.6.1.0)
GIMP 2.8.4 (Version: 2.8.4)
Google Update Helper (x32 Version: 1.3.21.153)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
IP Camera Super Client 1.1.4.548 (x32)
IP Camera Viewer 1.0 (x32)
IPCamSetup (x32 Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 en-GB) (x32 Version: 17.0.7)
MSVCRT (x32 Version: 15.4.2862.0708)
NVIDIA 3D Vision Driver 266.69 (Version: 266.69)
NVIDIA Control Panel 266.69 (Version: 266.69)
NVIDIA Graphics Driver 266.69 (Version: 266.69)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669)
Python 3.3.2 (x32 Version: 3.3.2150)
Realtek USB 2.0 Reader Driver (x32 Version: 1.0.0.12)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
Ruby 1.9.3-p0 (HKCU Version: 1.9.3-p0)
Skype™ 6.5 (x32 Version: 6.5.158)
Sony Player Plug-in for Windows Media Player (x32)
SUPERAntiSpyware (Version: 5.6.1020)
Switch Sound File Converter (x32)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Bulletin Board (Version: 2.0.16.64)
TOSHIBA Bulletin Board (x32 Version: 2.0.16.64)
TOSHIBA ConfigFree (x32 Version: 8.0.37)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)
TOSHIBA eco Utility (Version: 1.2.25.64)
TOSHIBA Face Recognition (Version: 3.1.8.64)
TOSHIBA Face Recognition (x32 Version: 3.1.8.64)
TOSHIBA Hardware Setup (Version: 4.08.06.00)
TOSHIBA Hardware Setup (x32 Version: 4.08.06.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7)
TOSHIBA Media Controller (x32 Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.6.1)
TOSHIBA PC Health Monitor (Version: 1.7.4.64)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA ReelTime (x32 Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0)
TOSHIBA Service Station (x32 Version: 2.1.52)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.7)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (Version: 4.08.06.00)
TOSHIBA Supervisor Password (x32 Version: 4.08.06.00)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA Value Added Package (x32 Version: 1.5.4.64)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19)
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.3)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
WinScribe Client (x32 Version: 4.0.4)

==================== Restore Points =========================

04-08-2013 23:39:45 Windows Update
05-08-2013 00:58:27 Removed Java 7 Update 25
05-08-2013 01:47:44 Windows Modules Installer
05-08-2013 03:21:57 Removed WinScribe Client

==================== Hosts content: ==========================

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17A6E95D-67C0-4CD5-B6D9-7EF6DC053803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {44EF5747-17E9-4BF8-873F-05137C4B6964} - System32\Tasks\SUPERAntiSpyware Scheduled Task 96a171f5-05c1-468f-80a2-e687421985b0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-24] (SUPERAdBlocker.com)
Task: {49E94470-A45A-40EF-9DDC-DA0CEE6C91C6} - System32\Tasks\{ABE24EB4-1025-4C4B-B8CD-7F1C2CC824FF} => C:\Program Files\Internet Explorer\iexplore.exe [2013-06-12] (Microsoft Corporation)
Task: {51715239-3672-4E08-B82A-11F68032E05A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {52FCA67B-3509-4CC0-8E80-167815121611} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.)
Task: {99B75612-4C91-4A8E-BA9F-F4836B1EA72A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2012-09-12] (Microsoft Corporation)
Task: {C5A3B7B3-456C-476D-A373-1E5A26146723} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {E7529B1D-228A-4BB9-BCF3-315660371F7C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F4633A33-CFC7-44E1-9D57-01E5EF09EE66} - System32\Tasks\SUPERAntiSpyware Scheduled Task 86031341-a712-4b5b-bc21-5e482ab89f6a => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-24] (SUPERAdBlocker.com)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 86031341-a712-4b5b-bc21-5e482ab89f6a.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 96a171f5-05c1-468f-80a2-e687421985b0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2013 00:57:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2013 00:57:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2013 00:57:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2013 00:56:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2013 00:18:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 11:43:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/05/2013 11:20:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 10:14:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:58:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 05:59:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/06/2013 09:23:28 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/06/2013 09:23:27 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/06/2013 09:23:26 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/06/2013 00:10:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2013 00:10:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2013 00:10:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2013 00:10:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2013 00:10:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2013 00:10:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/06/2013 00:10:38 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/06/2013 00:57:15 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Neil\downloads\esetsmartinstaller_enu.exe

Error: (08/06/2013 00:57:12 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Neil\downloads\esetsmartinstaller_enu.exe

Error: (08/06/2013 00:57:10 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Neil\downloads\esetsmartinstaller_enu.exe

Error: (08/06/2013 00:56:18 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/06/2013 00:18:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 11:43:47 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Neil\Downloads\esetsmartinstaller_enu.exe

Error: (08/05/2013 11:20:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 10:14:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 09:58:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2013 05:59:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-08-05 22:40:51.308
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Neil\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 22:40:51.272
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Neil\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 22:40:51.142
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Neil\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 22:40:51.106
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Neil\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 22:40:45.447
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Neil\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-05 22:40:45.411
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Neil\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8173.86 MB
Available physical RAM: 5552.73 MB
Total Pagefile: 16345.9 MB
Available Pagefile: 13388.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (S3A4489D001) (Fixed) (Total:581.31 GB) (Free:410.18 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:1.95 GB) (Free:1.85 GB) FAT (Disk=1 Partition=1)
Drive f: () (Removable) (Total:15 GB) (Free:14.9 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: D77BF2C6)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=17)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

I noticed that you posted a new topic for help a Bleeping Computer. If you would like my help, please stick with this topic.

You have two anti-viruses running on your computer. This can cause conflicts and will make your computer slower and less secure. Please remove one. Either one is fine to keep:

AVAST
Microsoft Security Essentials

Also, could you please post the following logs from Combofix, found in C:\Qoobox, as well as the TDSSKiller log:

Combofix2.txt
Combofix3.txt
ComboFix-quarantined-files.txt

Did you download these files, or know what they are?

C:\Users\Neil\Downloads\ab48ab.exe
C:\Users\Neil\Downloads\q6dy1m1r.exe



Also, please run this scan:

Download CKScanner from here:http://downloads.mal...m/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
Give permission if necessary, and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program once only.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#5
Neilonekenobi

Neilonekenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I will stick with this topic and advice from you only and not take advice from multiple sources, such as Bleepingcomputer. As advised I have removed one of the antivirus programs, Microsoft Security Essentials.

[Not sure this is relevant, but I've noticed for a longer period of time - several weeks - that frequently when I type a URL in browser it serves a failed to connect page then when i refresh it serves the page - I'd always though this was more to do with quality of connection and ISP]

The two files: C:\Users\Neil\Downloads\ab48ab.exe
C:\Users\Neil\Downloads\q6dy1m1r.exe

I think are randomly named antimalware files - I think they do a random naming to prevent malware detecting and countering them. I think I can delete them both if you advise it. I think one is GMER, but not 100% sure. I can't really remember what the other one is.

I ran CKScanner once only, here is the short log: CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.NA.11.HLAPSL
----- EOF -----

I could not find a TDSSKiller log using text search in the start pane. I found only one Combofix log. I couldn't find one called ComboFix-quarantined-files.txt. I paste the Combofix log below. Thanks again for your time.

ComboFix 13-08-05.01 - Neil 05/08/2013 20:52:47.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8174.5490 [GMT 10:00]
Running from: c:\users\Neil\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 )))))))))))))))))))))))))))))))
.
.
2013-08-05 11:00 . 2013-08-05 11:00 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-08-05 11:00 . 2013-08-05 11:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-05 08:39 . 2013-08-05 08:39 -------- d-----w- c:\users\Neil\AppData\Roaming\Opera Software
2013-08-05 08:39 . 2013-08-05 08:39 -------- d-----w- c:\users\Neil\AppData\Local\Opera Software
2013-08-05 08:39 . 2013-08-05 08:39 -------- d-----w- c:\program files (x86)\Opera
2013-08-05 08:01 . 2013-08-05 09:02 -------- d-----w- C:\cb5b39c98904fc3399a1f334
2013-08-05 08:00 . 2013-08-05 08:00 208216 ----a-w- c:\windows\system32\drivers\14308677.sys
2013-08-05 07:54 . 2013-08-05 07:54 -------- d-----w- c:\users\Neil\AppData\Roaming\GetRightToGo
2013-08-05 04:31 . 2013-08-05 04:31 -------- d-----w- C:\Stinger_Quarantine
2013-08-05 04:30 . 2013-08-05 05:10 -------- d-----w- c:\program files (x86)\stinger
2013-08-05 04:13 . 2013-08-05 04:19 -------- d-----w- c:\programdata\HitmanPro
2013-08-05 02:18 . 2013-08-05 02:18 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-05 00:45 . 2013-08-05 00:45 -------- d-----w- c:\users\Neil\AppData\Roaming\SUPERAntiSpyware.com
2013-08-05 00:44 . 2013-08-05 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-05 00:44 . 2013-08-05 00:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-04 23:55 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-04 23:52 . 2013-08-04 23:52 -------- d-----w- c:\program files (x86)\ESET
2013-08-04 23:40 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F2EC328-3808-46CE-A83A-9F530EA37ECE}\mpengine.dll
2013-08-04 23:28 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-04 15:47 . 2013-08-04 23:10 -------- d-----w- c:\program files (x86)\Safari
2013-08-04 15:39 . 2013-08-04 15:39 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2013-08-04 15:38 . 2013-08-04 15:38 -------- d-----w- c:\programdata\Malwarebytes
2013-08-04 15:38 . 2013-08-04 23:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-02 05:53 . 2013-08-02 05:53 -------- d-----w- c:\users\Neil\AppData\Roaming\tor
2013-07-26 13:30 . 2013-08-04 23:26 -------- d-----w- c:\program files (x86)\QuickTime
2013-07-26 13:30 . 2013-07-26 13:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-07-26 13:29 . 2013-07-26 13:29 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-07-26 12:04 . 2013-08-05 07:42 -------- d-----w- c:\users\Neil\AppData\Roaming\EurekaLog
2013-07-25 07:33 . 2012-12-24 04:19 1863640 ----a-w- c:\windows\SysWow64\oPlayer.ocx
2013-07-25 07:33 . 2012-12-24 04:19 394200 ----a-w- c:\windows\SysWow64\H264Decoder.dll
2013-07-25 07:33 . 2011-12-08 23:51 352256 ----a-w- c:\windows\SysWow64\Video.ocx
2013-07-25 07:33 . 2011-12-08 09:59 57344 ----a-w- c:\windows\SysWow64\PlaySdk.dll
2013-07-25 07:33 . 2011-06-26 00:37 40960 ----a-w- c:\windows\SysWow64\CamSearch.ocx
2013-07-25 07:33 . 2011-06-04 03:33 36864 ----a-w- c:\windows\SysWow64\Socket.dll
2013-07-25 07:33 . 2013-07-25 07:46 -------- d-----w- c:\program files (x86)\IP Camera Super Client
2013-07-22 02:21 . 2013-07-22 02:21 -------- d-----w- c:\users\Neil\AppData\Roaming\ResearchWare
2013-07-21 23:40 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-07-21 01:19 . 2013-07-21 01:19 -------- d-----w- c:\users\Neil\AppData\Roaming\QuickScan
2013-07-20 15:18 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\VoiceWalker
2013-07-20 15:02 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\Transcriber
2013-07-20 14:59 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\Audacity
2013-07-20 14:46 . 2013-07-20 14:51 -------- d-----w- c:\users\Neil\AppData\Roaming\InqScribe
2013-07-20 14:43 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\InqScribe
2013-07-20 14:38 . 2013-07-20 14:38 -------- d-----w- c:\programdata\NCH Swift Sound
2013-07-20 13:52 . 2013-07-21 23:16 -------- d-----w- c:\users\Neil\AppData\Roaming\gtk-2.0
2013-07-20 13:52 . 2013-07-20 15:13 -------- d-----w- c:\users\Neil\WorkAG
2013-07-20 13:52 . 2013-07-20 15:12 -------- d-----w- c:\users\Neil\.TransAG
2013-07-20 13:52 . 2013-07-20 15:12 -------- d-----w- c:\users\Neil\.TransAG-log
2013-07-20 13:50 . 2013-07-21 23:16 -------- d-----w- c:\windows\SysWow64\Adobe
2013-07-20 13:36 . 2005-08-12 09:04 606208 ----a-w- c:\windows\system32\CoreAAC.ax
2013-07-20 13:25 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\The FTW Transcriber
2013-07-20 11:06 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\Transcribe!
2013-07-20 11:03 . 2013-07-21 23:16 -------- d-----w- c:\program files\AutoHotkey
2013-07-20 10:50 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\AST
2013-07-20 10:45 . 2013-07-21 23:16 -------- d-----w- c:\users\Neil\AppData\Roaming\Audacity
2013-07-17 10:12 . 2013-07-17 10:11 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2B7D884-95D2-495C-9A2F-42DD4B659AF2}\gapaengine.dll
2013-07-10 08:03 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 08:03 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 08:03 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 08:03 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 08:03 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 08:03 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 08:03 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 08:03 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 08:03 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 08:03 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 08:03 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 07:58 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 07:58 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 07:58 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 07:58 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 07:58 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 07:58 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 07:57 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 07:57 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 04:29 . 2013-07-09 04:30 -------- d-----w- c:\users\Neil\FrostWire
2013-07-09 04:29 . 2013-07-22 17:23 -------- d-----w- c:\users\Neil\.frostwire5
2013-07-09 00:39 . 2013-07-09 00:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-07-08 12:30 . 2013-07-08 12:30 -------- d-----w- c:\users\Neil\AppData\Local\webkit
2013-07-08 01:55 . 2013-07-08 01:55 -------- d-----w- c:\users\Neil\AppData\Roaming\Thunderbird
2013-07-08 01:55 . 2013-07-08 01:55 -------- d-----w- c:\users\Neil\AppData\Local\Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 14:36 . 2013-07-03 14:36 98304 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe
2013-07-03 13:07 . 2013-07-03 13:07 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 13:07 . 2011-04-08 11:06 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-02 08:34 . 2013-08-05 11:03 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75751052-3DE8-4FBA-83AD-4F36881653AB}\mpengine.dll
2013-07-01 11:15 . 2013-06-30 23:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-01 11:15 . 2013-03-22 05:57 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-01 11:15 . 2013-03-22 05:57 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-23 14:57 . 2013-04-15 23:15 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 15:13 . 2013-03-13 04:04 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-13 05:51 . 2013-06-11 23:32 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 23:32 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 23:32 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 23:32 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 23:32 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 23:32 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 23:32 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 23:32 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:32 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:32 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 12:50 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-06-30 23:14 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-22 05:57 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-01-22 07:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-01-22 07:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-01-22 07:59 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-11 23:32 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FTR Search Folders"="c:\program files (x86)\FTR\ForTheRecord\FTRSearchFolders.exe" [2012-12-06 94208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-1-14 2749856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 23690378
*NewlyCreated* - 45033906
*Deregistered* - 23690378
*Deregistered* - 45033906
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05 00:45]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05 00:45]
.
2013-08-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 86031341-a712-4b5b-bc21-5e482ab89f6a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-08-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 96a171f5-05c1-468f-80a2-e687421985b0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 202.69.110.111 8.8.8.8
DPF: {5DBF0043-899B-4B69-87A5-34555198C7C2} - hxxp://winscribe.pacificsolutions.com.au/winscribe/setup/includes/WinScribeWebSetup.cab
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\6yflg091.default\
FF - ExtSQL: 2013-07-01 09:14; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-IP Camera Viewer_is1 - c:\program files (x86)\Deskshare\IP Camera Viewer 1.0\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-05 21:14:50
ComboFix-quarantined-files.txt 2013-08-05 11:14
ComboFix2.txt 2013-08-05 09:34
.
Pre-Run: 443,124,051,968 bytes free
Post-Run: 443,024,039,936 bytes free
.
- - End Of File - - D343B7EA5A2E874FC973FFC403E3295D
D41D8CD98F00B204E9800998ECF8427E
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Can you tell me what folders/files are in C:\Qoobox?

Also, TDSSKiller log should be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt

I really need to see what Combofix and TDSSKiller did on their initial runs. The ComboFix log you posted is from a 3rd run.
  • 0

#7
Neilonekenobi

Neilonekenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry for delay in replying to you - I didn't get an email notification of your post to me. Definitely no TDSSKiller log file using any spelling of that that I can find. I have no C:\Qoobox at all - searched and it's certainly not visible.

I'm almost certain I have a rootkit.

This is the first combofix log I can find:

ComboFix 13-08-05.03 - Neil 06/08/2013 15:15:01.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8174.6139 [GMT 10:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-06 to 2013-08-06 )))))))))))))))))))))))))))))))
.
.
2013-08-06 22:43 . 2013-08-06 22:43 -------- d-----w- c:\windows\Microsoft Antimalware
2013-08-06 05:19 . 2013-08-06 05:19 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-08-06 05:19 . 2013-08-06 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-05 08:39 . 2013-08-05 08:39 -------- d-----w- c:\users\Neil\AppData\Roaming\Opera Software
2013-08-05 08:39 . 2013-08-05 08:39 -------- d-----w- c:\users\Neil\AppData\Local\Opera Software
2013-08-05 08:39 . 2013-08-06 05:34 -------- d-----w- c:\program files (x86)\Opera
2013-08-05 08:01 . 2013-08-06 05:34 -------- d-----w- C:\cb5b39c98904fc3399a1f334
2013-08-05 07:54 . 2013-08-05 07:54 -------- d-----w- c:\users\Neil\AppData\Roaming\GetRightToGo
2013-08-05 04:31 . 2013-08-05 04:31 -------- d-----w- C:\Stinger_Quarantine
2013-08-05 04:13 . 2013-08-05 04:19 -------- d-----w- c:\programdata\HitmanPro
2013-08-05 02:18 . 2013-08-05 02:18 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-05 00:45 . 2013-08-05 00:45 -------- d-----w- c:\users\Neil\AppData\Roaming\SUPERAntiSpyware.com
2013-08-04 23:52 . 2013-08-04 23:52 -------- d-----w- c:\program files (x86)\ESET
2013-08-04 15:47 . 2013-08-04 23:10 -------- d-----w- c:\program files (x86)\Safari
2013-08-04 15:39 . 2013-08-04 15:39 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2013-08-04 15:38 . 2013-08-04 15:38 -------- d-----w- c:\programdata\Malwarebytes
2013-08-02 05:53 . 2013-08-02 05:53 -------- d-----w- c:\users\Neil\AppData\Roaming\tor
2013-07-26 13:30 . 2013-08-04 23:26 -------- d-----w- c:\program files (x86)\QuickTime
2013-07-26 13:30 . 2013-07-26 13:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-07-26 13:29 . 2013-07-26 13:29 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-07-26 12:04 . 2013-08-05 07:42 -------- d-----w- c:\users\Neil\AppData\Roaming\EurekaLog
2013-07-22 02:21 . 2013-07-22 02:21 -------- d-----w- c:\users\Neil\AppData\Roaming\ResearchWare
2013-07-21 23:40 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-07-21 01:19 . 2013-07-21 01:19 -------- d-----w- c:\users\Neil\AppData\Roaming\QuickScan
2013-07-20 15:18 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\VoiceWalker
2013-07-20 15:02 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\Transcriber
2013-07-20 14:59 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\Audacity
2013-07-20 14:46 . 2013-07-20 14:51 -------- d-----w- c:\users\Neil\AppData\Roaming\InqScribe
2013-07-20 14:43 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\InqScribe
2013-07-20 14:38 . 2013-07-20 14:38 -------- d-----w- c:\programdata\NCH Swift Sound
2013-07-20 13:52 . 2013-07-21 23:16 -------- d-----w- c:\users\Neil\AppData\Roaming\gtk-2.0
2013-07-20 13:52 . 2013-07-20 15:13 -------- d-----w- c:\users\Neil\WorkAG
2013-07-20 13:52 . 2013-07-20 15:12 -------- d-----w- c:\users\Neil\.TransAG
2013-07-20 13:52 . 2013-07-20 15:12 -------- d-----w- c:\users\Neil\.TransAG-log
2013-07-20 13:50 . 2013-07-21 23:16 -------- d-----w- c:\windows\SysWow64\Adobe
2013-07-20 13:36 . 2005-08-12 09:04 606208 ----a-w- c:\windows\system32\CoreAAC.ax
2013-07-20 13:25 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\The FTW Transcriber
2013-07-20 11:06 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\Transcribe!
2013-07-20 11:03 . 2013-07-21 23:16 -------- d-----w- c:\program files\AutoHotkey
2013-07-20 10:50 . 2013-07-21 23:16 -------- d-----w- c:\program files (x86)\AST
2013-07-20 10:45 . 2013-07-21 23:16 -------- d-----w- c:\users\Neil\AppData\Roaming\Audacity
2013-07-17 10:12 . 2013-07-17 10:11 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2B7D884-95D2-495C-9A2F-42DD4B659AF2}\gapaengine.dll
2013-07-10 08:03 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 08:03 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 08:03 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 08:03 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 08:03 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 08:03 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 08:03 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 08:03 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 08:03 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 08:03 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 08:03 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 07:58 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 07:58 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 07:58 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 07:58 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 07:58 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 07:58 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 07:57 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 07:57 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 00:39 . 2013-07-09 00:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-07-08 12:30 . 2013-07-08 12:30 -------- d-----w- c:\users\Neil\AppData\Local\webkit
2013-07-08 01:55 . 2013-07-08 01:55 -------- d-----w- c:\users\Neil\AppData\Roaming\Thunderbird
2013-07-08 01:55 . 2013-07-08 01:55 -------- d-----w- c:\users\Neil\AppData\Local\Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-03 14:36 . 2013-07-03 14:36 98304 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe
2013-07-03 13:07 . 2013-07-03 13:07 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 13:07 . 2011-04-08 11:06 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-01 11:15 . 2013-06-30 23:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-01 11:15 . 2013-03-22 05:57 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-01 11:15 . 2013-03-22 05:57 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-23 14:57 . 2013-04-15 23:15 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 15:13 . 2013-03-13 04:04 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-13 05:51 . 2013-06-11 23:32 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-11 23:32 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-11 23:32 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-11 23:32 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-11 23:32 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-11 23:32 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-11 23:32 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-11 23:32 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:32 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-11 23:32 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 12:50 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-06-30 23:14 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-22 05:57 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-01-22 07:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-01-22 07:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-01-22 07:59 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-11 23:32 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FTR Search Folders"="c:\program files (x86)\FTR\ForTheRecord\FTRSearchFolders.exe" [2012-12-06 94208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-1-14 2749856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\System32\drivers\SMR322.SYS;c:\windows\SYSNATIVE\drivers\SMR322.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMR322
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05 00:45]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-05 00:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 202.69.110.111 8.8.8.8
DPF: {5DBF0043-899B-4B69-87A5-34555198C7C2} - hxxp://winscribe.pacificsolutions.com.au/winscribe/setup/includes/WinScribeWebSetup.cab
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\6yflg091.default\
FF - ExtSQL: 2013-07-01 09:14; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-06 15:21:06
ComboFix-quarantined-files.txt 2013-08-06 05:21
ComboFix2.txt 2013-08-05 11:15
ComboFix3.txt 2013-08-05 09:34
.
Pre-Run: 459,624,747,008 bytes free
Post-Run: 459,767,013,376 bytes free
.
- - End Of File - - 1002296F1C00561D6F3ACF4DBDBC269A
D41D8CD98F00B204E9800998ECF8427E
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. Let's get a current look at your machine. Please run the scans below. Please also post the GMER log if you still have it.


Download this simple little tool 'TDDS Qlook' to your desktop.
Firefox users will need to right click the link and click Save Target As..
  • Double click the TDSSQlook.exe file to run it. (Windows Vista /7 users will need to click Allow on the UAC window.)
  • TDSSQlook will open and you will see three options.
  • Type A and press the Enter key.
  • A log will be produced named TDSSQ.txt. Copy and paste the contents into your next post.


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    dir "%systemdrive%\*" /S /A:L /C
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



Download aswMBR.exe
to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#9
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP