Solved Dept of Justice ransomware

E

elmers

Posts: 20   +0
[LEFT][FONT=Arial]I'm dealing with a computer that has this. I've gathered from searching here that I should boot into safe mode with networking and run Farbar with [/FONT][/LEFT][LEFT][FONT=Arial]List Drivers MD5 checked. I have done that, but just incase things have changed since the thread I saw that suggested in I'm just going to hold off on posting any of that until guided to do so.[/FONT][/LEFT]

[LEFT][FONT=Arial]Windows 7 32bit. Boots fine in safe mode. Normal mode boots to the ransom screen and I'm unable to get past it.[/FONT][/LEFT]
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

NOTE 1. Use another working computer to download following tool.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Owner (administrator) on OWNER-PC on 04-11-2013 19:14:08
Running from D:\
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-31] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [476512 2009-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\TEco.exe [1324384 2009-08-27] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-12] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\AudioReset.exe [214328 2009-09-03] ()
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-18] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] - C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-03] (TOSHIBA)
HKLM\...\Run: [Yahoo Messenger] - [x]
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-17] ()
HKLM\...\Run: [SSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-04-09] (PC Tools)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2747744 2011-01-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Smart File Advisor] - C:\Program Files\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKCU\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-17] (Toshiba)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKCU\...\Run: [RegistryMechanic] - C:\Program Files\Registry Mechanic\RMTray.exe [292824 2010-04-09] (PC Tools )
HKCU\...\Run: [RegistryBooster] - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
HKCU\...\Run: [RGSC] - E:\Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [26192168 2010-05-14] (Skype Technologies S.A.)
HKCU\...\Run: [Yontoo Desktop] - C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)
HKCU\...\Run: [{87F6B6FB-1320-4E71-800D-3ACBDE8D543D}] - rundll32 "C:\Users\Owner\AppData\Local\{800163B3-0B76-470B-9450-357EC8656E5C}\{87F6B6FB-1320-4E71-800D-3ACBDE8D543D}\dgkbbkkepl.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [TimeServer] - C:\Users\Owner\AppData\Roaming\Media Center Programs\WIN39D0.exe [131584 2013-07-28] ()
HKCU\...\Run: [DisplaySwitch] - C:\ProgramData\DisplaySwitch.exe [67584 2013-10-02] ()
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NofolderOptions] 0
MountPoints2: D - D:\Autorun.exe
MountPoints2: {0859da9e-06f6-11df-bc0e-00269e96d164} - D:\LaunchU3.exe -a
MountPoints2: {44205fd9-c52e-11df-a87e-00269e96d164} - D:\LaunchU3.exe -a
MountPoints2: {47401381-fd75-11de-be1d-00269e96d164} - D:\LaunchU3.exe -a
MountPoints2: {5f14a566-8925-11df-82e4-0026b660e701} - D:\WIN\setup.exe
MountPoints2: {6c846dd4-20af-11df-83af-00269e96d164} - D:\LaunchU3.exe -a
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10...&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKCU - {EFB4A3AD-637D-4B3C-9512-C5284D020F69} URL =
SearchScopes: HKCU - {F4E35290-C124-40F9-BB1D-F45022F53F07} URL = http://websearch.ask.com/redirect?c...n_sauid=AEB9D75D-4693-4868-B258-3CD199CFB8D4&
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6}: [NameServer]209.183.33.23 209.183.35.23

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: ftdownloader2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader2@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4\
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox

========================== Services (Whitelisted) =================

S2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6128720 2011-01-06] (AVG Technologies CZ, s.r.o.)
S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1434416 2013-09-15] ()
S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-09] (PC Tools)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-28] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-18] (TOSHIBA Corporation)
S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
S2 Yontoo Desktop Updater; C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)
S3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x]
S3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x]

==================== Drivers (Whitelisted) ====================

S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
R0x01000000 papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()
R0x01000000 papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-16] (TOSHIBA)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-14] (Realtek Semiconductor Corporation )
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [545280 2009-08-22] (Realtek Semiconductor Corporation )
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [222720 2009-08-13] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [148992 2009-07-23] (Sierra Wireless Inc.)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-29] (C-Media Inc)
S4 AVGIDSDriver; system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH; system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter; system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim; system32\DRIVERS\AVGIDSShim.Sys [x]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix; system32\DRIVERS\avgtdix.sys [x]
U0 BMLoad; system32\drivers\BMLoad.sys [x]
S3 PCTINDIS5; \??\C:\windows\system32\PCTINDIS5.SYS [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [x]
S1 tcpipBM; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgldx86.sys 5FE5A2C2330C376A1D8DCFF8D2680A2D
C:\Windows\System32\DRIVERS\avgmfx86.sys 54F1A9B4C9B540C2D8AC4BAA171696B1
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 6427525D76F61D0C519B008D3680E8E7
C:\Windows\System32\drivers\CHDRT32.sys 5BCBAF10F36B46DD5ED4FBBBDB9EFE58
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys D909075FA72C090F27AA926C32CB4612
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys 315AAAA2BC9BC778ADC0454B3CA8DCCE
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\IntcHdmi.sys 264632ADE8127B7BAA2190CF6FAD435B
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F4647BB23DB9038A7536CF6B68F4207F
C:\Windows\System32\Drivers\ksecpkg.sys E73CAE53BBB72BA26918492C6B4C229D
C:\Windows\System32\DRIVERS\L1C62x86.sys A158CEA8644B8A5C1EC0E9A81B70F65A
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 81189C3D7763838E55C397759D49007A
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\papycpu2.sys F5CF06754AE54D9D3353FC9C59BC4E04
C:\Windows\System32\DRIVERS\papyjoy.sys B09A71E8E1E127455F3A2FE83D38851F
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys 1B5011DD8D57F53AED31FF0F7D635802
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\QIOMem.sys A0DB243AF3A2E427C172AF2BBA325473
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 244C83332F44589AE98FC347F11B2693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RimSerial.sys 2C4FB2E9F039287767C384E46EE91030
C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RTL8187Se.sys 8DF69AD5F515BC15D5C30666F56288AA
C:\Windows\System32\DRIVERS\rtl8192se.sys FD0B1D3CE2E7DEBD0AE8456494D21488
C:\Windows\System32\DRIVERS\rtl819xp.sys 1EA29CCF56816568F26D70AAA5A424DF
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swnc8u80.sys E67B60CF0482B5381CDBCA203E3AF9CA
C:\Windows\System32\DRIVERS\swumx80.sys 8D4EE23F4F326D246FA988A9D891D9F1
C:\Windows\System32\DRIVERS\SynTP.sys 3432D6A12FA5F0A7EA344D544CE2A1F9
C:\Windows\System32\drivers\tcpip.sys 65D10B191C59C5501A1263FC33F6894B
C:\Windows\System32\DRIVERS\tcpip.sys 65D10B191C59C5501A1263FC33F6894B
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdcmdpst.sys 4084EA00D50C858D6F9038F86AE2E2D0
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\thpdrv.sys 9528F2A39CB660A49F0592D57127F370
C:\Windows\System32\DRIVERS\Thpevm.SYS E17DCDE74FF00CA802643B4A9A4A4A5C
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS FC24015B4052600C324C43E3A79C0664
C:\Windows\System32\DRIVERS\TVALZFL.sys 866462F5AE3F375EF83EF9DCE436031C
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 83CAFCB53201BBAC04D822F32438E244
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\drivers\CM108.sys 41B758CFF0A3C10A69E088F440677399
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\Drivers\usbvideo.sys 45F4E7BF43DB40A6C6B4D92C76CBC3F2
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-04 19:13 - 2013-11-04 19:13 - 00000000 ____D C:\FRST
2013-11-04 18:20 - 2013-11-04 18:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
2013-10-31 05:18 - 2013-10-31 05:18 - 02250054 _____ C:\ProgramData\1.bmp
2013-10-31 05:18 - 2013-10-31 05:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{F642D1F7-6614-4370-8280-ECB80658CB8F}

==================== One Month Modified Files and Folders =======

2013-11-04 19:14 - 2009-09-01 13:06 - 00763148 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-04 19:13 - 2013-11-04 19:13 - 00000000 ____D C:\FRST
2013-11-04 19:07 - 2009-07-14 14:39 - 00292788 _____ C:\windows\setupact.log
2013-11-04 19:00 - 2009-11-22 22:33 - 01829243 _____ C:\windows\WindowsUpdate.log
2013-11-04 18:27 - 2009-07-14 14:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 18:27 - 2009-07-14 14:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 18:20 - 2013-11-04 18:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
2013-11-04 18:20 - 2011-02-21 19:09 - 00000332 _____ C:\windows\Tasks\RegistryBooster.job
2013-11-04 18:20 - 2011-02-11 11:08 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-04 18:20 - 2010-01-27 09:51 - 00000000 ____D C:\Users\Owner\Tracing
2013-11-04 18:20 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-31 05:18 - 2013-10-31 05:18 - 02250054 _____ C:\ProgramData\1.bmp
2013-10-31 05:18 - 2013-10-31 05:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{F642D1F7-6614-4370-8280-ECB80658CB8F}
2013-10-31 05:18 - 2013-04-01 15:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yontoo
2013-10-31 05:18 - 2010-01-10 14:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2926865940-254004707-1567494601-1000\$8fd6c7b0306e72fcc808d1d375a77526

Alureon:
C:\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll

Files to move or delete:
====================
C:\ProgramData\DisplaySwitch.exe
C:\Users\Owner\jagex_runescape_preferences2.dat


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\1SKKKKKKK.exe
C:\Users\Owner\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\Owner\AppData\Local\Temp\AE92.exe
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\ATTPreSetup.exe
C:\Users\Owner\AppData\Local\Temp\AutoUpdateDeployerUI.exe
C:\Users\Owner\AppData\Local\Temp\BrowserPlus.exe
C:\Users\Owner\AppData\Local\Temp\burnsetup.exe
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Owner\AppData\Local\Temp\enknhnibtojytmoyaao.exe
C:\Users\Owner\AppData\Local\Temp\ezGameXN.dll
C:\Users\Owner\AppData\Local\Temp\FlashLock v2.31.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\Frameworkutils.dll
C:\Users\Owner\AppData\Local\Temp\GameXNGO.exe
C:\Users\Owner\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Owner\AppData\Local\Temp\GLF588A.tmp.ConduitEngineSetup.exe
C:\Users\Owner\AppData\Local\Temp\hojilcnm.exe
C:\Users\Owner\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Owner\AppData\Local\Temp\iet5144.tmp.exe
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Owner\AppData\Local\Temp\msimg32.dll
C:\Users\Owner\AppData\Local\Temp\prismsetup.exe
C:\Users\Owner\AppData\Local\Temp\Refresh.exe
C:\Users\Owner\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SweetIESetup.exe
C:\Users\Owner\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Owner\AppData\Local\Temp\tbBitT.dll
C:\Users\Owner\AppData\Local\Temp\uninst.exe
C:\Users\Owner\AppData\Local\Temp\uninstaller.exe
C:\Users\Owner\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-04-02 18:41

==================== End Of Log ============================
 
You didn't follow my instructions and you ran FRST from safe mode but let's see if it'll work.
You're infected with ZeroAccess rootkit and Alureon rootkit as well.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Important! Restart computer and...

Re-run FRST one more time and post new log.
 

Attachments

  • fixlist.txt
    3.7 KB · Views: 2
Run the scan or the fix? I just clicked Scan because I figured it was safe. Obviously I can click fix if that is what I needed to have done.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Owner (administrator) on OWNER-PC on 06-11-2013 21:08:03
Running from D:\
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG10\avgrsx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\windows\system32\dmwu.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Windows\System32\jmdp\stij.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(PC Tools ) C:\Program Files\Registry Mechanic\RMTray.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Yontoo LLC) C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-31] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [476512 2009-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\TEco.exe [1324384 2009-08-27] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-12] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\AudioReset.exe [214328 2009-09-03] ()
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-18] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] - C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-03] (TOSHIBA)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-17] ()
HKLM\...\Run: [SSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-04-09] (PC Tools)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2747744 2011-01-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Smart File Advisor] - C:\Program Files\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKCU\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-17] (Toshiba)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKCU\...\Run: [RegistryMechanic] - C:\Program Files\Registry Mechanic\RMTray.exe [292824 2010-04-09] (PC Tools )
HKCU\...\Run: [RegistryBooster] - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
HKCU\...\Run: [RGSC] - E:\Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [26192168 2010-05-14] (Skype Technologies S.A.)
HKCU\...\Run: [Yontoo Desktop] - C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)
HKCU\...\Run: [DisplaySwitch] - "C:\ProgramData\DisplaySwitch.exe"
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NofolderOptions] 0
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKCU - {EFB4A3AD-637D-4B3C-9512-C5284D020F69} URL =
SearchScopes: HKCU - {F4E35290-C124-40F9-BB1D-F45022F53F07} URL = http://websearch.ask.com/redirect?c...pn_sauid=AEB9D75D-4693-4868-B258-3CD199CFB8D4&
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6}: [NameServer]209.183.33.23 209.183.35.23
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: ftdownloader2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader2@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4\
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6128720 2011-01-06] (AVG Technologies CZ, s.r.o.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1434416 2013-09-15] ()
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-09] (PC Tools)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-28] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-18] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
R2 Yontoo Desktop Updater; C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)
S3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x]
S3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x]
==================== Drivers (Whitelisted) ====================
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
R0x01000000 papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()
R0x01000000 papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-16] (TOSHIBA)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-14] (Realtek Semiconductor Corporation )
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [545280 2009-08-22] (Realtek Semiconductor Corporation )
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [222720 2009-08-13] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [148992 2009-07-23] (Sierra Wireless Inc.)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-29] (C-Media Inc)
S4 AVGIDSDriver; system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH; system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter; system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim; system32\DRIVERS\AVGIDSShim.Sys [x]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix; system32\DRIVERS\avgtdix.sys [x]
U0 BMLoad; system32\drivers\BMLoad.sys [x]
S3 PCTINDIS5; \??\C:\windows\system32\PCTINDIS5.SYS [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-11-06 20:50 - 2013-11-06 20:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{F9F3CD53-14D9-452A-AF8E-4606122E606F}
2013-11-06 20:41 - 2013-11-06 20:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3B14115-6977-48BB-94F6-B3D27E848160}
2013-11-04 19:13 - 2013-11-04 19:13 - 00000000 ____D C:\FRST
2013-11-04 18:20 - 2013-11-04 18:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
2013-10-31 05:18 - 2013-10-31 05:18 - 02250054 _____ C:\ProgramData\1.bmp
2013-10-31 05:18 - 2013-10-31 05:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{F642D1F7-6614-4370-8280-ECB80658CB8F}
==================== One Month Modified Files and Folders =======
2013-11-06 21:07 - 2009-07-14 14:39 - 00292956 _____ C:\windows\setupact.log
2013-11-06 20:57 - 2009-07-14 14:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:57 - 2009-07-14 14:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:54 - 2009-09-01 13:06 - 00763148 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-06 20:53 - 2009-11-22 22:33 - 01840873 _____ C:\windows\WindowsUpdate.log
2013-11-06 20:50 - 2013-11-06 20:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{F9F3CD53-14D9-452A-AF8E-4606122E606F}
2013-11-06 20:50 - 2010-01-27 09:51 - 00000000 ____D C:\Users\Owner\Tracing
2013-11-06 20:49 - 2011-02-21 19:09 - 00000332 _____ C:\windows\Tasks\RegistryBooster.job
2013-11-06 20:49 - 2011-02-11 11:08 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-06 20:49 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-06 20:47 - 2009-12-18 11:01 - 00000000 ____D C:\Users\Owner
2013-11-06 20:41 - 2013-11-06 20:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3B14115-6977-48BB-94F6-B3D27E848160}
2013-11-04 19:13 - 2013-11-04 19:13 - 00000000 ____D C:\FRST
2013-11-04 18:20 - 2013-11-04 18:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
2013-10-31 05:18 - 2013-10-31 05:18 - 02250054 _____ C:\ProgramData\1.bmp
2013-10-31 05:18 - 2013-10-31 05:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{F642D1F7-6614-4370-8280-ECB80658CB8F}
2013-10-31 05:18 - 2013-04-01 15:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yontoo
2013-10-31 05:18 - 2010-01-10 14:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-04-02 18:41
==================== End Of Log ============================
 
I absolutely did follow your instructions. Maybe your instructions are ambiguous or the text file didn't get overwritten from the previous one. I believe I followed your instructions, but this is twice you've told me I've screwed them up, so obviously I'm missing something.
 
I don't think my instructions are that complicated....


Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Important! Restart computer and...

Re-run FRST one more time and post new log.
Click to expand...

I don't see Fixlog.txt posted.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by Owner at 2013-11-06 20:47:36 Run:1
Running from D:\
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [Yahoo Messenger] - [x]
HKCU\...\Run: [{87F6B6FB-1320-4E71-800D-3ACBDE8D543D}] - rundll32 "C:\Users\Owner\AppData\Local\{800163B3-0B76-470B-9450-357EC8656E5C}\{87F6B6FB-1320-4E71-800D-3ACBDE8D543D}\dgkbbkkepl.dll",DllRegisterServer <===== ATTENTION
C:\Users\Owner\AppData\Local\{800163B3-0B76-470B-9450-357EC8656E5C}\{87F6B6FB-1320-4E71-800D-3ACBDE8D543D}\dgkbbkkepl.dll
HKCU\...\Run: [TimeServer] - C:\Users\Owner\AppData\Roaming\Media Center Programs\WIN39D0.exe [131584 2013-07-28] ()
C:\Users\Owner\AppData\Roaming\Media Center Programs\WIN39D0.exe
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
MountPoints2: D - D:\Autorun.exe
MountPoints2: {0859da9e-06f6-11df-bc0e-00269e96d164} - D:\LaunchU3.exe -a
MountPoints2: {44205fd9-c52e-11df-a87e-00269e96d164} - D:\LaunchU3.exe -a
MountPoints2: {47401381-fd75-11de-be1d-00269e96d164} - D:\LaunchU3.exe -a
MountPoints2: {5f14a566-8925-11df-82e4-0026b660e701} - D:\WIN\setup.exe
MountPoints2: {6c846dd4-20af-11df-83af-00269e96d164} - D:\LaunchU3.exe -a
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
S1 tcpipBM; No ImagePath
C:\$Recycle.Bin\S-1-5-21-2926865940-254004707-1567494601-1000\$8fd6c7b0306e72fcc808d1d375a77526
C:\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll
C:\ProgramData\DisplaySwitch.exe
C:\Users\Owner\jagex_runescape_preferences2.dat
C:\Users\Owner\AppData\Local\Temp\1SKKKKKKK.exe
C:\Users\Owner\AppData\Local\Temp\2SKKKKKKK.exe
C:\Users\Owner\AppData\Local\Temp\AE92.exe
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\ATTPreSetup.exe
C:\Users\Owner\AppData\Local\Temp\AutoUpdateDeployerUI.exe
C:\Users\Owner\AppData\Local\Temp\BrowserPlus.exe
C:\Users\Owner\AppData\Local\Temp\burnsetup.exe
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Owner\AppData\Local\Temp\enknhnibtojytmoyaao.exe
C:\Users\Owner\AppData\Local\Temp\ezGameXN.dll
C:\Users\Owner\AppData\Local\Temp\FlashLock v2.31.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\Frameworkutils.dll
C:\Users\Owner\AppData\Local\Temp\GameXNGO.exe
C:\Users\Owner\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Owner\AppData\Local\Temp\GLF588A.tmp.ConduitEngineSetup.exe
C:\Users\Owner\AppData\Local\Temp\hojilcnm.exe
C:\Users\Owner\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Owner\AppData\Local\Temp\iet5144.tmp.exe
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Owner\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Owner\AppData\Local\Temp\msimg32.dll
C:\Users\Owner\AppData\Local\Temp\prismsetup.exe
C:\Users\Owner\AppData\Local\Temp\Refresh.exe
C:\Users\Owner\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SweetIESetup.exe
C:\Users\Owner\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Owner\AppData\Local\Temp\tbBitT.dll
C:\Users\Owner\AppData\Local\Temp\uninst.exe
C:\Users\Owner\AppData\Local\Temp\uninstaller.exe
C:\Users\Owner\AppData\Local\Temp\WSSetup.exe
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo Messenger => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\{87F6B6FB-1320-4E71-800D-3ACBDE8D543D} => Value deleted successfully.
C:\Users\Owner\AppData\Local\{800163B3-0B76-470B-9450-357EC8656E5C}\{87F6B6FB-1320-4E71-800D-3ACBDE8D543D}\dgkbbkkepl.dll => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer => Value deleted successfully.
C:\Users\Owner\AppData\Roaming\Media Center Programs\WIN39D0.exe => Moved successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0859da9e-06f6-11df-bc0e-00269e96d164} => Key deleted successfully.
HKCR\CLSID\{0859da9e-06f6-11df-bc0e-00269e96d164} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44205fd9-c52e-11df-a87e-00269e96d164} => Key deleted successfully.
HKCR\CLSID\{44205fd9-c52e-11df-a87e-00269e96d164} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47401381-fd75-11de-be1d-00269e96d164} => Key deleted successfully.
HKCR\CLSID\{47401381-fd75-11de-be1d-00269e96d164} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f14a566-8925-11df-82e4-0026b660e701} => Key deleted successfully.
HKCR\CLSID\{5f14a566-8925-11df-82e4-0026b660e701} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c846dd4-20af-11df-83af-00269e96d164} => Key deleted successfully.
HKCR\CLSID\{6c846dd4-20af-11df-83af-00269e96d164} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Value deleted successfully.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
tcpipBM => Service deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2926865940-254004707-1567494601-1000\$8fd6c7b0306e72fcc808d1d375a77526 => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll => Moved successfully.
C:\ProgramData\DisplaySwitch.exe => Moved successfully.
C:\Users\Owner\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\1SKKKKKKK.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\2SKKKKKKK.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\AE92.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ATTPreSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\AutoUpdateDeployerUI.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\BrowserPlus.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\burnsetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7380014.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\enknhnibtojytmoyaao.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ezGameXN.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\FlashLock v2.31.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Frameworkutils.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\GameXNGO.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\GenericUninstall.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\GLF588A.tmp.ConduitEngineSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\hojilcnm.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\hsbing_717_active.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\iet5144.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\msimg32.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\prismsetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Refresh.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SweetIESetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\tbBitT.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uninst.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uninstaller.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\WSSetup.exe => Moved successfully.
==== End of Fixlog ====
 
Very good.

Now RESTART COMPUTER, re-run FRST, click on "Scan" button and post new log.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Owner (administrator) on OWNER-PC on 06-11-2013 22:48:02
Running from C:\Users\Owner\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG10\avgrsx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\windows\system32\dmwu.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(PC Tools ) C:\Program Files\Registry Mechanic\RMTray.exe
() C:\Windows\System32\jmdp\stij.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Yontoo LLC) C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-31] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [476512 2009-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\TEco.exe [1324384 2009-08-27] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-12] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] - C:\Program Files\ConexantAudioPatch\AudioReset.exe [214328 2009-09-03] ()
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-18] (TOSHIBA Corporation)
HKLM\...\Run: [TUSBSleepChargeSrv] - C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-03] (TOSHIBA)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-17] ()
HKLM\...\Run: [SSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-04-09] (PC Tools)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2747744 2011-01-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Smart File Advisor] - C:\Program Files\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKCU\...\Run: [NortonOnlineBackupReminder] - C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-07-17] (Toshiba)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKCU\...\Run: [RegistryMechanic] - C:\Program Files\Registry Mechanic\RMTray.exe [292824 2010-04-09] (PC Tools )
HKCU\...\Run: [RegistryBooster] - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
HKCU\...\Run: [RGSC] - E:\Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [26192168 2010-05-14] (Skype Technologies S.A.)
HKCU\...\Run: [Yontoo Desktop] - C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)
HKCU\...\Run: [DisplaySwitch] - "C:\ProgramData\DisplaySwitch.exe"
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NofolderOptions] 0
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&...2&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}
SearchScopes: HKCU - {EFB4A3AD-637D-4B3C-9512-C5284D020F69} URL =
SearchScopes: HKCU - {F4E35290-C124-40F9-BB1D-F45022F53F07} URL = http://websearch.ask.com/redirect?c...pn_sauid=AEB9D75D-4693-4868-B258-3CD199CFB8D4&
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6}: [NameServer]209.183.33.23 209.183.35.23
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: ftdownloader2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader2@ftdownloader.com.xpi
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: Conduit Engine - \Extensions\engine@conduit.com
FF Extension: BitTorrentBar Community Toolbar - \Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4\
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-03] (Akamai Technologies, Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6128720 2011-01-06] (AVG Technologies CZ, s.r.o.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1434416 2013-09-15] ()
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-09] (PC Tools)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-28] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-18] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
R2 Yontoo Desktop Updater; C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-23] (Yontoo LLC)
S3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x]
S3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x]
==================== Drivers (Whitelisted) ====================
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34384 2010-09-07] (AVG Technologies CZ, s.r.o.)
R0x01000000 papycpu2; C:\Windows\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()
R0x01000000 papyjoy; C:\Windows\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-16] (TOSHIBA)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [359424 2009-07-14] (Realtek Semiconductor Corporation )
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [545280 2009-08-22] (Realtek Semiconductor Corporation )
S3 SWNC8U80; C:\Windows\System32\DRIVERS\swnc8u80.sys [222720 2009-08-13] (Sierra Wireless Inc.)
S3 SWUMX80; C:\Windows\System32\DRIVERS\swumx80.sys [148992 2009-07-23] (Sierra Wireless Inc.)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-29] (C-Media Inc)
S4 AVGIDSDriver; system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH; system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter; system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim; system32\DRIVERS\AVGIDSShim.Sys [x]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix; system32\DRIVERS\avgtdix.sys [x]
U0 BMLoad; system32\drivers\BMLoad.sys [x]
S3 PCTINDIS5; \??\C:\windows\system32\PCTINDIS5.SYS [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-11-06 22:45 - 2013-11-06 22:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{D1B6DD4A-36F9-4894-9F09-1BA964F03AD9}
2013-11-06 22:12 - 2013-11-05 10:28 - 01089445 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2013-11-06 20:50 - 2013-11-06 20:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{F9F3CD53-14D9-452A-AF8E-4606122E606F}
2013-11-06 20:41 - 2013-11-06 20:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3B14115-6977-48BB-94F6-B3D27E848160}
2013-11-04 19:13 - 2013-11-04 19:13 - 00000000 ____D C:\FRST
2013-11-04 18:20 - 2013-11-04 18:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
2013-10-31 05:18 - 2013-10-31 05:18 - 02250054 _____ C:\ProgramData\1.bmp
2013-10-31 05:18 - 2013-10-31 05:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{F642D1F7-6614-4370-8280-ECB80658CB8F}
==================== One Month Modified Files and Folders =======
2013-11-06 22:45 - 2013-11-06 22:45 - 00000000 ____D C:\Users\Owner\AppData\Local\{D1B6DD4A-36F9-4894-9F09-1BA964F03AD9}
2013-11-06 22:45 - 2011-02-21 19:09 - 00000332 _____ C:\windows\Tasks\RegistryBooster.job
2013-11-06 22:45 - 2011-02-11 11:08 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-06 22:45 - 2010-01-27 09:51 - 00000000 ____D C:\Users\Owner\Tracing
2013-11-06 22:45 - 2010-01-10 14:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-11-06 22:45 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-06 22:45 - 2009-07-14 14:39 - 00293124 _____ C:\windows\setupact.log
2013-11-06 22:44 - 2009-11-22 22:33 - 01850221 _____ C:\windows\WindowsUpdate.log
2013-11-06 20:57 - 2009-07-14 14:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:57 - 2009-07-14 14:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 20:54 - 2009-09-01 13:06 - 00763148 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-06 20:50 - 2013-11-06 20:50 - 00000000 ____D C:\Users\Owner\AppData\Local\{F9F3CD53-14D9-452A-AF8E-4606122E606F}
2013-11-06 20:47 - 2009-12-18 11:01 - 00000000 ____D C:\Users\Owner
2013-11-06 20:41 - 2013-11-06 20:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{C3B14115-6977-48BB-94F6-B3D27E848160}
2013-11-05 10:28 - 2013-11-06 22:12 - 01089445 _____ (Farbar) C:\Users\Owner\Desktop\FRST.exe
2013-11-04 19:13 - 2013-11-04 19:13 - 00000000 ____D C:\FRST
2013-11-04 18:20 - 2013-11-04 18:20 - 00000000 ____D C:\Users\Owner\AppData\Local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
2013-10-31 05:18 - 2013-10-31 05:18 - 02250054 _____ C:\ProgramData\1.bmp
2013-10-31 05:18 - 2013-10-31 05:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{F642D1F7-6614-4370-8280-ECB80658CB8F}
2013-10-31 05:18 - 2013-04-01 15:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Yontoo
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-04-02 18:41
==================== End Of Log ============================
 
Delete my previous "fixlist.txt" file so you won't get confused since we'll run another fix.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

When done see if you can boot normally.
 

Attachments

  • fixlist.txt
    184 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by Owner at 2013-11-06 23:44:39 Run:2
Running from D:\
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\smfqeiq\srxvwlx\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
*****************
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
==== End of Fixlog ====
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

11/10/2013 10:17:48 AM
mbam-log-2013-11-10 (10-17-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220878
Time elapsed: 21 minute(s), 57 second(s)

Memory Processes Detected: 1
C:\Windows\System32\dmwu.exe (Adware.InstallBrain) -> 628 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 36
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Extension.ExtensionHelperObject.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Extension.ExtensionHelperObject (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1 (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: 썛愘ᇜ犜ጀ유䞘 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {154B2BC5-9A8A-11E2-9FA4-00269E96D164} -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {154B2BC5-9A8A-11E2-9FA4-00269E96D164} -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM.A) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM.A) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10...&barid={154B2BC5-9A8A-11E2-9FA4-00269E96D164}) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 23
C:\Users\Owner\AppData\Local\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\libraries (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\resources (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Files Detected: 128
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Extension32.dll (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\E_4\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\E_4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\H29RE7K1\Johnson_Outboard_90_01-1-25_70hp_Workshop_Repair_Manual.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JDPL1EWK\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\fa43e.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\E_4\krnln.fnr (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dmwu.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Temp\E_4\com.run (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\E_4\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\DGChrome.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\InstallerHelper.dll (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\source.crx (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\unins000.dat (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\unins000.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome.manifest (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\install.rdf (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.bak (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.xul (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources\localscript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US\overlay.dtd (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin\overlay.css (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences\defaults.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\resources\localscript.js (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\onstart.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_blank.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Windows\System32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

(end)
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

11/10/2013 10:51:20 AM
mbam-log-2013-11-10 (10-51-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220815
Time elapsed: 20 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Owner at 11:19:01 on 2013-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1755 [GMT 10:00]
.
AV: AVG Anti-Virus 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
BHO: MRI_DISABLED - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
uRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [RGSC] e:\games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [Akamai NetSession Interface] "c:\users\owner\appdata\local\akamai\netsession_win.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Yontoo Desktop] "c:\users\owner\appdata\roaming\yontoo\YontooDesktop.exe"
uRun: [DisplaySwitch] "c:\programdata\DisplaySwitch.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
mRun: [ConexantAudioPatch] c:\program files\conexantaudiopatch\Audioreset.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TUSBSleepChargeSrv] c:\program files\toshiba\toshiba usb sleep and charge utility\TUSBSleepChargeSrv.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6} : NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{3480CB13-8C25-4D3B-B524-9961F63ECFCA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD1F0963-2336-45A0-A3C5-9CD6E4D39A77} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD1F0963-2336-45A0-A3C5-9CD6E4D39A77}\14274786572772370205C6163656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FD1F0963-2336-45A0-A3C5-9CD6E4D39A77}\357464 : DHCPNameServer = 12.127.16.67
TCP: Interfaces\{FD1F0963-2336-45A0-A3C5-9CD6E4D39A77}\458656022496760244F6760223 : DHCPNameServer = 111.68.59.69 114.108.192.30
TCP: Interfaces\{FD1F0963-2336-45A0-A3C5-9CD6E4D39A77}\C41485D294E6475627E6164796F6E616C6D2C4F657E67656D2241636B6 : DHCPNameServer = 12.127.16.68 12.127.17.72
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-11 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-26 632792]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-28 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-4-1 23552]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-11 122880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-28 51712]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-11-22 24064]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-16 9216]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-11-22 859136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-18 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATTRcAppSvc;AT&T RcAppSvc;"c:\program files\at&t\communication manager\rcappsvc.exe" /n "attrcappsvc" --> c:\program files\at&t\communication manager\RcAppSvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CAATT;AT&T Con App Svc;"c:\program files\at&t\communication manager\conappssvc.exe" /n "caatt" --> c:\program files\at&t\communication manager\ConAppsSvc.exe [?]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-14 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-11-22 545280]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2009-8-13 222720]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2009-7-23 148992]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-22 51512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-15 52224]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-29 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-11-10 00:45:09 -------- d-----w- c:\users\owner\appdata\local\{951BAF0A-5401-4118-9EB3-8A8E97690B2C}
2013-11-10 00:14:52 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2013-11-10 00:14:42 -------- d-----w- c:\programdata\Malwarebytes
2013-11-10 00:14:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-10 00:14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-06 13:57:03 -------- d-----w- c:\users\owner\appdata\local\{4CBE1DF3-885F-4A01-B6BD-FF439D3ECC06}
2013-11-06 12:45:53 -------- d-----w- c:\users\owner\appdata\local\{D1B6DD4A-36F9-4894-9F09-1BA964F03AD9}
2013-11-06 10:50:27 -------- d-----w- c:\users\owner\appdata\local\{F9F3CD53-14D9-452A-AF8E-4606122E606F}
2013-11-06 10:41:32 -------- d-----w- c:\users\owner\appdata\local\{C3B14115-6977-48BB-94F6-B3D27E848160}
2013-11-04 09:13:23 -------- d-----w- C:\FRST
2013-11-04 08:20:55 -------- d-----w- c:\users\owner\appdata\local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
2013-10-30 19:18:27 -------- d-----w- c:\users\owner\appdata\local\{F642D1F7-6614-4370-8280-ECB80658CB8F}
.
==================== Find3M ====================
.
2013-09-15 12:26:10 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-09-09 08:54:24 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-09-09 08:54:24 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-09-09 08:54:24 479232 ----a-w- c:\windows\system32\msvcm80.dll
.
============= FINISH: 11:19:20.18 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2009 11:01:15 AM
System Uptime: 11/10/2013 10:43:13 AM (1 hours ago)
.
Motherboard: TOSHIBA | | Satellite T135
Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz | U2E1 | 1196/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 196.928 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP351: 1/21/2012 1:17:46 PM - Windows Update
RP352: 1/29/2012 12:15:06 PM - Windows Update
RP353: 2/6/2012 10:15:00 AM - Windows Update
RP354: 2/11/2012 1:04:23 PM - Windows Update
RP355: 2/15/2012 10:40:17 PM - Windows Update
RP356: 2/20/2012 12:40:54 AM - Windows Update
RP357: 2/23/2012 8:35:49 AM - Windows Update
RP358: 3/1/2012 9:10:16 PM - Windows Update
RP359: 3/12/2012 8:45:30 PM - Windows Update
RP360: 3/21/2012 11:31:05 AM - Windows Update
RP361: 3/27/2012 2:44:55 PM - Windows Update
RP362: 3/30/2012 7:27:58 PM - Windows Update
RP363: 4/6/2012 6:50:35 AM - Windows Update
RP364: 4/10/2012 2:44:54 PM - Windows Update
RP365: 4/12/2012 5:40:26 PM - Windows Update
RP366: 4/17/2012 10:42:21 AM - Windows Update
RP367: 6/19/2013 9:34:35 AM - Removed Windows Live Sync
RP368: 6/19/2013 9:40:13 AM - Removed WebSlingPlayer ActiveX
RP369: 6/19/2013 9:43:44 AM - Removed WebSlingPlayer ActiveX
RP370: 6/19/2013 9:48:04 AM - Removed SlingPlayer
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG 2011
Bonjour
Cisco Connect
Compatibility Pack for the 2007 Office system
Conexant HD Audio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver Installer
Geek Squad 24 Hour Computer Support
iCloud
Intel(R) Graphics Media Accelerator Driver
IntelÆ Matrix Storage Manager
Internet Explorer Toolbar 4.7 by SweetPacks
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToshiba
Nero 8 Essentials
neroxml
NetZero Launcher
Norton Internet Security
NVIDIA PhysX
OpenOffice.org 3.2
Pando Media Booster
PlayReady PC Runtime x86
Quickbooks Financial Center
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Registry Mechanic 9.0
Rockstar Games Social Club
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Ship Simulator Extremes
Skype Launcher
Skype Toolbars
Skypeô 4.2
Smart File Advisor 1.1.1
SmartSound Common Data
SmartSound Quicktracks 5
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 1.0.3
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Yahoo! Detect
Yontoo 2.051
.
==== Event Viewer Messages From Past Week ========
.
11/6/2013 8:48:06 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 8:46:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/6/2013 8:46:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/6/2013 8:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/6/2013 8:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/6/2013 8:46:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/6/2013 8:46:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/6/2013 8:46:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgrkx86 cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tcpipBM tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 8:46:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/6/2013 8:42:59 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
11/6/2013 8:41:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgrkx86 cdrom tcpipBM
11/5/2013 2:29:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/4/2013 7:09:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Avgrkx86 cdrom discache spldr tcpipBM Wanarpv6
11/10/2013 10:49:35 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by 56967 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.
11/10/2013 10:44:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgrkx86 cdrom
11/10/2013 10:44:24 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/10/2013 10:16:05 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by 56968 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 11/10/2013 13:30:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] YontooDesktop.exe -- C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe" [7]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : DisplaySwitch ("C:\ProgramData\DisplaySwitch.exe" [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2926865940-254004707-1567494601-1000\[...]\Run : Yontoo Desktop ("C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe" [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2926865940-254004707-1567494601-1000\[...]\Run : DisplaySwitch ("C:\ProgramData\DisplaySwitch.exe" [x]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6} : NameServer (209.183.33.23 209.183.35.23 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6} : NameServer (209.183.33.23 209.183.35.23 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6} : NameServer (209.183.33.23 209.183.35.23 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3263GSX +++++
--- User ---
[MBR] dba07aa1bc1832356d9f0f4d69fc2170
[BSP] 290c22aaaab728af5823c5614cfadfce : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295617 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608497664 | Size: 8127 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 75384b9c49e18508ca912df09032d9e2
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7632 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11102013_133019.txt >>





RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 11/10/2013 13:31:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] YontooDesktop.exe -- C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe" [7]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : DisplaySwitch ("C:\ProgramData\DisplaySwitch.exe" [x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2926865940-254004707-1567494601-1000\[...]\Run : Yontoo Desktop ("C:\Users\Owner\AppData\Roaming\Yontoo\YontooDesktop.exe" [7]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-2926865940-254004707-1567494601-1000\[...]\Run : DisplaySwitch ("C:\ProgramData\DisplaySwitch.exe" [x]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3263GSX +++++
--- User ---
[MBR] dba07aa1bc1832356d9f0f4d69fc2170
[BSP] 290c22aaaab728af5823c5614cfadfce : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295617 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608497664 | Size: 8127 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 75384b9c49e18508ca912df09032d9e2
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7632 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_11102013_133125.txt >>
RKreport[0]_S_11102013_133019.txt



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_29

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.296000 GHz
Memory total: 3079606272, free: 1718685696

Downloaded database version: v2013.11.10.04
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
11/10/2013 13:37:34
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\oyljh.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\Thpevm.SYS
\SystemRoot\system32\DRIVERS\thpdrv.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\papycpu2.sys
\SystemRoot\System32\DRIVERS\papyjoy.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\RimSerial.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\exfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\Owner\AppData\Local\Temp\mbr.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff8915b848
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff875ea888
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff871eaac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff86430028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff871eaac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff871ea7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff871eaac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff871e9030, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
DevicePointer: 0xffffffff863ca838, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86430028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80460331

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 605423616

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 608497664 Numsec = 16644096
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8915b848, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89303d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8915b848, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff875ea888, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 15630336

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 8004304896 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_608497664_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.10.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

11/10/2013 1:37:44 PM
mbar-log-2013-11-10 (13-37-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 225619
Time elapsed: 40 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
Good :)

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-11-10.02 - Owner 11/10/2013 15:31:11.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1684 [GMT 10:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\Roaming
c:\users\Owner\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\system32\pt
c:\windows\system32\pt\ThpProp.exe.mui
c:\windows\system32\pt\ThpSrv.exe.mui
.
.
((((((((((((((((((((((((( Files Created from 2013-10-10 to 2013-11-10 )))))))))))))))))))))))))))))))
.
.
2013-11-10 05:40 . 2013-11-10 05:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-10 05:27 . 2013-11-10 05:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66DC8A61-935A-4D53-82D3-48203B9A908D}\offreg.dll
2013-11-10 05:23 . 2013-11-10 05:23 -------- d-----w- c:\programdata\Oracle
2013-11-10 05:22 . 2013-11-10 05:22 -------- d-----w- c:\program files\Common Files\Java
2013-11-10 05:22 . 2013-11-10 05:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-10 03:37 . 2013-11-10 04:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-10 03:37 . 2013-11-10 03:37 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-10 03:36 . 2013-11-10 03:36 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-10 00:14 . 2013-11-10 00:14 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-11-10 00:14 . 2013-11-10 00:14 -------- d-----w- c:\programdata\Malwarebytes
2013-11-10 00:14 . 2013-11-10 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-10 00:14 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-04 09:13 . 2013-11-04 09:13 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 12:26 . 2013-06-29 23:39 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-09-09 08:54 . 2013-06-29 23:39 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-09-09 08:54 . 2013-06-29 23:39 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-09-09 08:54 . 2013-06-29 23:39 479232 ----a-w- c:\windows\system32\msvcm80.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-31 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ConexantAudioPatch"="c:\program files\ConexantAudioPatch\Audioreset.exe" [2009-09-02 214328]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-01-06 2747744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2011-9-2 227712]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [x]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-08-21 545280]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2009-08-12 222720]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2009-07-22 148992]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-12-07 251728]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [2013-03-23 23552]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 9216]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1AAF48E2-DA8C-435C-8C9B-4071D7AB2CF6}: NameServer = 209.183.33.23 209.183.35.23
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKCU-Run-RGSC - e:\games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-ShipSimExtremes - c:\users\Owner\Desktop\ship sim\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2926865940-254004707-1567494601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2926865940-254004707-1567494601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2926865940-254004707-1567494601-1000\Software\SecuROM\License information*]
"datasecu"=hex:11,46,03,8f,d3,a6,bf,b1,33,72,94,2b,76,94,4b,b6,c1,a9,a6,43,2a,
ef,57,ba,ca,c4,9e,8f,52,3b,97,fb,81,8c,69,60,b3,70,5a,b3,b6,81,58,71,05,ca,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-10 15:42:31
ComboFix-quarantined-files.txt 2013-11-10 05:42
.
Pre-Run: 223,750,373,376 bytes free
Post-Run: 233,296,015,360 bytes free
.
- - End Of File - - 5E87786FA8B4A3B7E9144D14C921CD1A
5B5E648D12FCADC244C1EC30318E1EB9
 
Looks good.

redtarget.gif
Uninstall Registry Mechanic.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v3.011 - Report created 10/11/2013 at 16:15:10
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Yontoo Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\windows\system32\ARFC
Folder Deleted : C:\windows\system32\jmdp
Folder Deleted : C:\windows\system32\WNLT
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Owner\AppData\Roaming\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Users\Owner\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
File Deleted : C:\windows\system32\ImhxxpComm.dll

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slingplayer[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_slingplayer[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


*************************

AdwCleaner[R0].txt - [7714 octets] - [10/11/2013 16:13:50]
AdwCleaner[S0].txt - [7839 octets] - [10/11/2013 16:15:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7899 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Owner on Sun 11/10/2013 at 16:19:46.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2926865940-254004707-1567494601-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F4E35290-C124-40F9-BB1D-F45022F53F07}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0026E0AC-0AB7-459F-902C-E79C464B789F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{002DCB89-306F-438B-8B03-D96CD6B70D86}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{00CFA8A8-2668-4250-8AC2-17E7BFB271D4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{01AA151C-CE30-4E4E-A2D8-E265CDE943D3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{03D9F96D-DA35-448C-9CC1-87346B2A9B41}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{058223AB-FBA0-4DB7-9238-542DF9DB108D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{058432F9-8BC8-4EDC-A866-4A4CAF015D20}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{07EB7A34-BDB9-4967-8EFE-32EF2CF7E333}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{08B0852B-6B36-4783-99DA-1FD12E64201A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0B64B318-5119-4F12-9C63-FDD5DEB3560F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0D739DB8-33D1-481C-8ED6-B109E354CDC2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{115D70F8-E05F-44B5-803E-739DDAEF7BFE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{120C71BC-D0F0-42DF-A59A-A0D5DC4C6C07}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{127DA339-BA28-4E65-871D-CC777FBFD85A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{14BAEC33-11A6-4231-A50B-F11B529F54BC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{15502158-6BD4-4F26-B810-4347314CFC2B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{15655731-544E-462D-B891-20950D938A1E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{175D5310-40FA-49A6-A3F2-3403BAD31AE3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{191A7996-2913-44FD-9E28-0022A98E923E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{19837D14-1D55-46CE-BAB1-B47F55073409}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{19B6A99F-3455-47DB-870D-DB8D34EDA417}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{19D5FA0F-68D4-4ACD-9539-CC5CF2EDD44F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1AA980FB-2560-40DA-9FA7-6E36103AECC6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1AD30A99-687D-464E-92BF-CF9979AB35A4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1B9BEC1E-EFF2-4A91-B362-EF820635BE75}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1E3FD183-87FF-4ED6-8DE2-D75EF976B6B3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2023D6FB-926D-423B-9C04-FC57E48F06AF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{208FBB91-079D-4725-A060-02FC0D2786BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{20F5909F-5E63-462A-A68B-98D18DFD6E78}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{21041A41-0A1B-49A4-A0B3-54762DC16B76}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{21266492-ACC9-4B2B-9227-38F4C53E4BB4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{23CB6597-A2B5-44D5-83F8-9B31EB2C2633}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{24D9BA42-DAF2-4F82-BD77-EF7995DF7803}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{25042461-30BB-4D00-8DE9-4A2C1E60E372}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{25672FC5-302A-43B4-B1E9-387818637F86}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{25FF61AC-7263-4CD6-9189-5A4E77E090BF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{28A56227-CCA4-4FB1-AFC4-A78ED4258463}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{28D2FE60-10BC-4779-BA7B-12DC43E8DD83}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{29150795-1565-4ED1-84BC-4226A92F40FA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2B717D00-38E3-49CA-81B7-B1240EA8E423}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2CE96F92-66CD-4C60-99A8-A8A37D39CDE6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2DF6C120-0F86-4ED8-8B45-E588E644C89A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2E50C586-1710-4073-93E8-96083A5141B7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2E8CE5F1-A405-4E30-BF23-B42771CC3372}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2F3C9701-55E0-49BF-BF9C-94AC502E6EF3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2F4CAB08-A17C-4834-852E-5AB9D6CCA993}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{303194C7-3C03-4525-B872-FEB40BD096EE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3053A1F2-625C-408B-9B5E-134C1CDC1B6E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{30C29623-E656-4D37-8A82-0DE831E3BB75}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{30CA846C-64D9-4D90-818F-ACDC780949CB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{31499057-933A-4FA4-AC2D-CD4FFAC60B47}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{31C79891-407D-4DAE-946D-6EF098D95B30}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{31EC7C95-E967-4A2B-9E0E-136FF0B03D1B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{31F07F3D-F42B-4E44-83B0-335B35850518}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{33114F6F-15BA-4E90-BF8B-CD0D44022E51}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{335E52E9-95AF-42E5-A014-2FF478C46CD5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{339F2D61-F07D-4BEC-8F5A-2F96AB205D05}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{340CE430-B1D9-4596-BB6D-99D04CC434F8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{37C76849-617B-41C5-8DF5-0A9FB9D0EA76}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{382BE594-A48E-493B-94DE-152B927E0F59}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3870BA82-2A3A-4D8A-A5B4-7E77C314FB1F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3AED25DC-49C3-434E-902C-D1F7BED408A9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3BEBE5D3-E2F1-4489-A467-C2786B4BB080}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3C57D625-F3A7-4EDF-B4F8-B24BB1C4FCE5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3E308C52-34CD-45BB-9CE6-5FE8D0A4A5EE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3EDE923B-8994-4E71-9CF0-EDFD44959F85}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3FA19DC9-A2CA-407A-B597-B021D2853EB4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{40DCF074-30F0-43BA-B5A3-6F8B15ACEEC6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{40EB0FF5-6AC2-4B9C-B3D1-3C35DECD739D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{42734D44-2638-4F45-B8C9-E32520FC815C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{43069DB4-837A-43D3-95D8-87B3919CBCFD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{43FB0FF4-58D6-41DF-AA51-B70E5BC05831}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{47BCD779-CE1C-4D82-8586-D92EE1478BCE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4884832A-6F39-44F8-A028-22ACA15139FC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{498E7971-580A-4E11-80D4-AF7C31E83CD8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4B1F1826-AE44-4DAC-907F-7039B46937BD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4B389BD2-5DF1-4BBE-97C1-0E854C2025A9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4BB855A3-6166-4FB2-A4B4-D120AF4D5FB7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4BC5D4E9-B03B-4026-84E7-72E5A4B48F81}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4C61361B-80F4-4BE4-8D30-BBBD54400840}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4CBE1DF3-885F-4A01-B6BD-FF439D3ECC06}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4D08C217-C6D5-4EA8-A065-9BDCAAD99B6A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4D408644-15D1-496F-B7EC-56C90FD2C559}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4E3C608D-935C-47F3-AFB3-B5C8E90E496E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{500F7ED1-6C73-4FD3-8764-1F7F924B64A8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{525D3B14-955A-4F15-A81D-A83DA640AC44}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{53AF56A4-F5B3-4E95-B2BD-FC974645EACB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{562E365C-F8CF-4245-87C3-5FE84F029CA7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{59D81169-7E48-41C8-BFEA-661F7C0711BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5A0039B8-44C6-4796-AECC-C448BA4DDF0F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5A5C19D8-5DE0-45C7-A2BD-BA8BB14D28C1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5ABB62E4-ECB7-4E82-A14B-6CA0F1D3B096}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5B0393BB-59E2-4A34-944F-BF06E87BDBC3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5B5A0C5D-CAF1-4394-85CB-4B395C357124}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5C9CA06B-4EC7-4112-98FE-6E78BF9085A0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5D25F3F3-D999-45B0-A80B-4BED3541D961}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5DD45C43-E441-470C-84C9-FCCB5AE121C9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5DEEA182-957F-4058-AA39-974C1FC0B120}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5FFD032C-9505-40BB-8ABE-C89082D2F66A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{60314C9F-2E25-4EE1-81E7-7E00EA2D956D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6155625C-7687-480A-B10A-A7AEF8C196EB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{61B26938-80D5-4514-A109-BE51FA3703BF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{61D25AB3-98AE-42A9-AABC-BEB4282D7440}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{62974243-3AE4-47BA-8989-CC9E64900366}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{63C83529-0B6D-4013-B976-08E65CD4E822}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{63DB2CBC-55F0-4F71-9A92-EF228716CECA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{649EAA1E-26DF-4B05-BDD2-C20A82062A4D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{64B05790-A423-4CF9-A8F2-15F65F967C34}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{64C2853F-3158-496B-89C0-7025C9845DBA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6713D053-1E41-46E1-A9D5-DAB9E3B1D28E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{69302F3A-E578-4BA7-8FE8-2A61AB81CEA5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6A961FB5-19D2-49CD-8D6A-D8D8783489AE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6C8C2366-83D2-443F-84D5-FE5842B075DE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6ED53F44-59B3-4A64-AABA-265499A9FB97}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6EFEFB6B-932B-4DF1-A0C3-0124495834D8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{701DDF0D-5C74-4976-B2D8-DE6C1AC62D04}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{71A50476-6917-421A-98D8-01F6D27D7682}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{71E075B0-6877-47CB-9F81-A828E9F27C51}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{724D3C09-6C0B-4775-96B3-4BB1A91A836D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{72DEBF1C-4470-40A2-924B-C71EF6762F4C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{744EFC29-BB3D-4101-B982-21483C659A4C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{75A33702-D7F6-4F67-A423-993F61EFCDFB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{79877402-4B1F-41A9-BC2A-5CDFBE279170}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7A927FBB-C9AC-4DE2-B2F3-82E82A5E41A8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7B278ADC-2180-42CD-8EA3-EC77AB3D5FF0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7B58D1AD-B4B0-4A19-9EED-CF3C38D63CDA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7C09154E-52C4-437D-B2DD-80E552D27C1B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7C839B59-0F22-44B6-B6FA-700A1544880D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7CB53221-E671-4E9D-8250-2CCC1B555E80}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7EA6C99D-17AD-46B7-A067-89E0B53D6C6C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7EAC3906-6C6E-4764-B9BD-497E1932EE90}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7F317F64-4CF4-4616-8351-2CC8F8721801}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7FA19CB8-C056-4463-8761-DB03C81800B7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{84937B72-DC24-49C6-80AC-BB8AFD308C54}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8521F1FF-8C91-45CE-B3F3-9E1ABF4C5DF1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{85753CE7-D43F-4955-B077-8767AEBB554C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{85A9CE02-194B-47F3-8DEB-ECF9059563A0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{87F6B6FB-1320-4E71-800D-3ACBDE8D543D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{88F727B0-AE71-4CE0-A848-F8ECAA74D3E5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8986560F-CED1-4993-B7BA-5D488E335618}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{89AE68FC-D067-489A-B5EF-21B04E1547C5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8B086574-7BD4-4752-AA62-D7D42B9329B2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8B2094B7-187D-4B9A-8CA0-682FB53C9D43}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8B2C5A95-0A6D-42A3-BD57-C3B2E782768E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8B3B843D-5F41-4F37-B441-2D4CFE343E9F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8B4679A2-6491-4DEC-B0E4-599D4D975B53}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8B62E692-0A6B-4F28-A3B2-8774BDD9BA29}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8C8E3BF2-67D3-4E5B-9418-FB6E187E4EE9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8D3F54E7-6643-4B50-890E-B70342A4B7C2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8E88D722-83F9-466D-8241-0CB4DB614AAB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{902E469B-2BA6-42D0-B930-0FAE354F7256}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{911958B8-5FB9-43C4-B21C-81BCC00048DE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9150BE58-6AD8-4FA6-B9E6-732D796B6747}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9206D76B-2B96-4AC1-A3A4-FC64150DCE20}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{924107A3-DA5B-40A3-B2A5-51D66A858F74}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{92544109-409E-4FE2-998D-2CF37357FE48}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9290B112-9DD3-4665-B674-7DA4528341DD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{951BAF0A-5401-4118-9EB3-8A8E97690B2C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{953733C1-D0FB-481E-88EE-336F600068AC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{97395E24-D6C8-49F5-BB00-B1B4C8FDE2A5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9779EB02-8DD2-42D0-BAA9-D961BCAE67CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{97BE9623-18E9-4164-BC20-DEC9AAE2824A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9870ABF4-B9BB-4AC6-9AEE-819B99CBF100}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{98C69C54-987F-4E97-8389-5C7FFF74E17C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{99A57339-8F1A-42F4-80B7-274163923394}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9A4028AC-F6E6-48FE-80F8-7879EE27DB6E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9BD86650-22CE-40C3-A23D-034CF7D81060}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9C493282-34FF-4447-9E8C-1DBC392F68D8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9CBF4981-F89A-4693-ACF8-49FFD03748A4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9D86B54C-092D-401E-91D0-7D4D0E71A1C8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9DB33512-5335-490E-AA58-E42F0466C1D1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9F21C40D-4E1F-4DF5-AF2B-BFAA1D295DA9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9FE7D365-BFFA-4FF0-9E15-DF0AA86E66A7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A0E757AE-6BAB-4909-A399-7230DC3250C7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A1A64E09-D824-44D5-B5C2-DDC9063605AA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A1A86519-7A1E-4F24-8FDC-EB9FCD46E6A5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A2A5339B-A4DA-4F0A-AD44-70165A2088B2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A2CBACD0-5CF8-4C27-B350-3A2A111BD9F2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A2E474AA-57F9-49EC-B7B2-BB1C2649FAC6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A320631E-9429-4C15-B2DC-AB90C16846F8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A34A99E2-798A-41D8-A78E-A4CE719F5177}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A36BFD03-61E9-4BEF-95FC-10868D14ADBD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A4B6902B-8056-47A6-865E-FED64D82E400}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A60D35AE-CB88-4295-AC68-4C4D91AC1AA0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A68B2E10-CF4A-4799-9D37-BE3C403B5E0E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A7A3FAA0-8866-4829-AEF8-03D28DA22D4D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A7F989D3-EB50-4B65-A48E-FF54D16AB35F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A88AE9FE-798D-42AC-BC8E-D811E114D6CD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A88EC54E-6D35-4248-978F-C95FFB751C16}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A8CAD6FD-AACF-478B-AE19-5C0DCC811C75}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A9ACE418-E5FA-46C5-933E-459A5A0F84B3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AA9E78B0-4EF0-4320-85E2-522BFA4FC38E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ABF13AEB-8138-48CD-91CB-477051C631D1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AC17419F-E422-43C3-BDF6-659E8DF735C9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AD521F21-4166-4467-BD2B-436747A29614}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ADF6A1FF-3977-4A35-BFC7-BBFAE88F0921}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AE2C4BCF-0FE2-4AAC-B220-0D007F68E53C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AE892897-BCD2-4DCD-8646-7513E1464C65}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B0393BF7-3CFC-46AB-B21A-224408B7B0A0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B24DA0F8-9F6A-435E-915A-89C8C9FDD288}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B516EA7B-3AB5-4C95-B20A-1BBE378B3E56}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B6850744-C3B3-45B7-AADE-E1E0B2CAC777}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B6C1909D-BDC5-4D70-8CD4-0CF17702ACB3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B71B08C3-1813-40A9-8B09-079188185061}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B739F22E-5B7C-4A49-A9DB-E68CE8EE803F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B9AA2007-85D9-41CB-9017-817B8C0A838B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B9FB5ED1-9F95-4D3B-AFBD-EB2DEE80732F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BA1B61D9-68E5-4B1B-BA88-683DEEFE909F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BAC0E45C-1C49-42FD-9AE2-C11E02C8B68E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BB2E6E42-D162-45BC-9494-2244B5B1A9A9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BB5FDC9C-1027-45F1-BAD6-FD04A2C53CE5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BBFC2E65-BB4F-4E37-BF91-2AF26720DA92}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BCB0BFBE-3E0F-4DB0-BA88-9CF9E69D3D49}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BD5599B4-2BC3-41E7-B070-3EE61D196769}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BDAC9AC5-EFF3-43C0-BE6A-9F1A6A27CC9B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BDE87BB2-4B8B-46B4-BCD9-E3EA2D27AAAA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BF803249-16E1-4F46-AA02-228F5EB47393}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C0BD53C8-3061-425B-9B2D-7AB9E3DB1EE6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C13C310B-54C9-43EA-903B-93DFDB920FD3}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C3B14115-6977-48BB-94F6-B3D27E848160}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C5E8FDD6-F487-4EF2-838C-D58F955AA0DD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C5F47330-8355-49BB-A043-8EB9C2E1470F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C6284A63-5F87-4D70-8CD8-406BB2B651F7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C721E938-9E35-494A-854B-4B0A18B29E8E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C7601078-22CE-454D-9D9E-DD8F0C6A47A1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C7A216F3-148D-44BD-AA12-F155780D846E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C814A99A-3CAA-497C-BBE2-227E0A5D676E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C921503D-0882-4B0B-B7B5-90D5E221E33C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C9B47C36-81AA-4D77-B4A8-DA26A20F3C50}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C9D38ECF-E134-4ECB-AF03-062B587DC25E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D016CB65-C27C-4CD5-957B-544FBBDA2347}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D0A941CE-9860-417E-8694-6503BE38C7D5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D1B6DD4A-36F9-4894-9F09-1BA964F03AD9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D29CE383-9645-46BE-90E0-8BE308ADF977}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D34C16E0-6E9E-47EF-9272-FD0E98008BAF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D47423ED-9B2D-421B-A910-FB31925E9E7B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D649C60B-8BEC-4838-BF15-DCC077254D0B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D6ACCD8E-2701-4439-82D5-255CC3A1F577}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D72ADE0A-AF7A-40C6-8CB6-0C533BB524E6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D738E75A-5A96-4CC7-A9A6-C46C6595FAC4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D767723C-387C-4C4D-8A4C-595659471745}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D839FCE4-4C9C-41CF-8B62-520E0EC0E6FE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D8D18F72-6479-4FA7-B1F8-BA1AF1BA85C9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D96A92A9-6577-452B-90F7-AC5B33FF08FD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D9CEB887-94F7-4EEA-BB46-A7FC92884E2A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DB2CF4D4-D197-47E4-AF22-FF8A03A3B6D7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DC9245AA-32F6-4F9A-B306-97DE27DEBC89}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DC9B3153-8E62-401A-B109-BF13271841C0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DD3761D0-AB2D-4682-A693-F13FEAAD4A83}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DEC0705A-BEC6-4E39-932A-090E8DF6E2E9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DF011110-6313-4DB1-BC5B-CA8B30F93591}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E037EFFF-0C26-4CA7-8249-A767A97E16F1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E25AED4C-C427-4F73-A2C0-7DF225051F75}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E3FF686F-8711-4425-867D-E11CD3EAE58E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E42E3D0F-CC00-4D6F-8F6F-4DA46D1A7AA9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E570D78C-64B4-4ECB-BA41-B3CAEFF625EA}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E584C730-55AA-404A-A3DE-B3F288AFFB26}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E5CC0AC9-3108-4944-90FC-D4EEB2116FF2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E5F3F6C5-9F53-44B3-A80E-0D54C10BEBE2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E6BCD78D-2A23-4614-9E07-2AA24C1B8180}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E90E7365-B7AA-475A-BD6A-88AA72C528D9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E9D81BD8-5C17-4D63-9052-066D385BB4B0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EC7C5ECC-A266-43DF-B7B6-260FA2784247}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{ECFFEFBD-A0C5-419E-94DF-659F14C05D37}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EDF26D79-64F0-4D13-ACA0-04BB6EBB9742}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EE423137-424D-4F03-A324-E620FA8E4C3A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EE891364-F398-4D95-A5E6-6E21770AEDDD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EF0181E5-AB39-4E29-874B-3587735A48CC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EF3BE34A-58F5-4A45-AA07-6F214CEDADC2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EF7DBCC4-45BD-4F32-BFB7-C706126CB155}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F01BEBF1-D86E-4F8A-9E78-A9BE9C71FA7E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F13D208E-EF21-4181-A07B-80F8AB3B7DEC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F34428C8-B04D-4E5E-974F-7541798569CD}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F34BE3F3-5248-419C-83D0-6822D53D54B8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F4AF5604-2393-4A5B-8152-2B427A9DE38C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F57D6E6E-E181-42F6-9490-FC3B33DBCC8A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F5E69EDF-9DD9-47E0-9AE8-75A9B5FF64D4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F642D1F7-6614-4370-8280-ECB80658CB8F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F710648A-DE2E-45A4-9887-9CDDDE3BA943}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F7123955-7310-4F09-9427-2C703E677A9E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F759DCCC-A968-489F-86FB-C3ACC0F992DC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F85FD394-51A1-4BFF-A05B-1A266F6047C5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F8A1A660-0FE6-4D51-A7BD-F0517493D32D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F8F9D367-BC08-4758-9CB7-54E98FF24A5F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F9776AFA-41F0-4BEE-9A96-D4FCA096F66B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F9F3CD53-14D9-452A-AF8E-4606122E606F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FA837DD1-1263-4B8A-B316-43CE761790F5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FAAA32E3-B9EE-451A-B54E-68F837B59FF4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FB18C594-35EF-4ADD-A738-35D5F85A9E4B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FB5F3F5F-0818-4738-AB14-5B6165AC5575}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FC92505F-9C71-473F-9383-731AD12EC5BF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FD7BDF1A-A70A-4E42-B4C6-3D5815E59EDE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FDA937B9-2452-413D-8147-3137DD1F16A5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FE6FB987-1FF6-4180-A936-58374BFC18AE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FEA2348B-C38E-4388-BDA4-E279D7765EF6}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/10/2013 at 16:24:23.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
You must log in or register to reply here.

Similar threads

M
Huge ransomware attack hits hundreds of US businesses
Replies
10
Views
1K
arrowflash
A
SNGX1275
  • Locked
Inactive Dept of Justice ransomware
Replies
1
Views
1K
Broni
Broni
P
My windows pc is not booting,cannot reinstall windows - is this because of mobo or HDD
Replies
2
Views
1K
Hotlynx16
H

Latest posts

Back