Requesting help, Similar to DamianN7's Issue

Inactive-A
By RileyMcD
Jun 23, 2013
Topic Status:
Not open for further replies.
  1. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    1st LOG

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
    Ran by SYSTEM on 23-06-2013 14:22:49
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [161304 2010-08-10] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [386584 2010-08-10] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [8312352 2009-11-02] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
    HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1445888 2010-01-27] (Intel® Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1504608 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] "C:\windows\system32\thpsrv" /logon [x]
    HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x]
    HKU\UpdatusUser\...\Run: [Sidebar] "%ProgramFiles%\Windows Sidebar\Sidebar.exe" /autoRun [1475584 2010-11-20] (Microsoft Corporation)
    HKU\UpdatusUser\...\Run: [] [x]
    HKU\UpdatusUser\...\RunOnce: [mctadmin] "C:\Windows\System32\mctadmin.exe" [97280 2009-07-13] (Microsoft Corporation)
    HKU\UpdatusUser\...\RunOnce: [SysOff] C:\Windows\SysWOW64\SYSPREP\ClosespV.exe [x]
    AppInit_DLLs: C:\windows\system32\nvinitx.dll [111720 2010-07-12] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [100968 2010-07-12] (NVIDIA Corporation)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
    Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

    ==================== Services (Whitelisted) =================

    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
    S2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3997912 2011-10-19] (Webroot Software, Inc. (www.webroot.com))
    S4 WRConsumerService; C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [3386840 2012-01-08] (Webroot Software, Inc. )

    ==================== Drivers (Whitelisted) ====================

    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
    S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-30] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-30] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-22] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130621.001\IDSvia64.sys [513184 2013-06-21] (Symantec Corporation)
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130621.001\IDSvia64.sys [513184 2013-06-21] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130622.007\ENG64.SYS [126040 2013-06-22] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130622.007\ENG64.SYS [126040 2013-06-22] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130622.007\EX64.SYS [2098776 2013-06-22] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130622.007\EX64.SYS [2098776 2013-06-22] (Symantec Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
    S2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [56408 2011-05-23] (Webroot Software, Inc. (www.webroot.com))
    S0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2011-05-23] (Webroot Software, Inc. (www.webroot.com))
    S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
    S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
    S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-22] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
    S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
    S3 L1C; system32\DRIVERS\L1C62x64.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\FRST
    2013-06-23 12:18 - 2013-06-23 12:18 - 00000000 ____D C:\Users\Owner\Downloads\Keep
    2013-06-23 12:05 - 2013-06-23 12:05 - 00002512 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\ProgramData\VS Revo Group
    2013-06-22 21:58 - 2013-06-22 22:22 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2013-06-22 21:58 - 2013-06-22 22:22 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Symantec
    2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-06-22 21:56 - 2013-06-23 12:05 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
    2013-06-22 21:56 - 2013-06-22 21:56 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
    2013-06-22 21:37 - 2013-06-22 22:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
    2013-06-22 21:37 - 2013-06-22 22:09 - 00000000 ____D C:\Program Files\WinRAR
    2013-06-22 21:21 - 2013-06-23 12:03 - 00046282 ____A C:\Windows\PFRO.log
    2013-06-22 21:21 - 2013-06-23 12:03 - 00000112 ____A C:\Windows\setupact.log
    2013-06-22 21:21 - 2013-06-22 21:21 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-22 20:55 - 2013-06-22 20:55 - 04378864 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup402.exe
    2013-06-22 20:55 - 2013-06-22 20:55 - 00000000 ____D C:\Program Files\CCleaner
    2013-06-19 07:11 - 2013-06-19 07:11 - 01125288 ____A (AirInstaller Inc.) C:\Users\Owner\Downloads\Java.exe
    2013-06-19 07:10 - 2013-06-19 07:10 - 03245056 ____A C:\Users\Owner\Downloads\Ch 4 summer 2011.ppt
    2013-06-19 07:10 - 2013-06-19 07:10 - 02320896 ____A C:\Users\Owner\Downloads\Ch 3 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 04079104 ____A C:\Users\Owner\Downloads\ch 2 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03278336 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (1).ppt
    2013-06-18 21:26 - 2013-06-18 21:26 - 00609336 ____A C:\Users\Owner\Downloads\setup.exe
    2013-06-18 21:26 - 2013-06-18 21:26 - 00001091 ____A C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
    2013-06-17 22:46 - 2013-06-17 22:46 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13 (1).xlsx
    2013-06-17 18:05 - 2013-06-18 21:23 - 00017719 ____A C:\Users\Owner\Downloads\SandX.xlsx
    2013-06-16 22:35 - 2013-06-16 22:35 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13.xlsx
    2013-06-11 21:36 - 2013-05-16 22:14 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-06-11 21:36 - 2013-05-16 22:13 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-11 21:36 - 2013-05-16 22:10 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-11 21:36 - 2013-05-16 22:10 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-06-11 21:36 - 2013-05-16 22:09 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-11 21:36 - 2013-05-16 10:21 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-11 21:36 - 2013-05-16 10:18 - 06034432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-11 21:36 - 2013-05-16 10:18 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-06-11 21:36 - 2013-05-16 10:17 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-11 21:36 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-06-11 21:35 - 2013-05-16 22:13 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-06-11 21:35 - 2013-05-16 22:10 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-06-11 21:35 - 2013-05-16 22:09 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-11 21:35 - 2013-05-16 22:09 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-11 21:35 - 2013-05-16 22:09 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-06-11 21:35 - 2013-05-16 10:21 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-06-11 21:35 - 2013-05-16 10:21 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-06-11 21:35 - 2013-05-16 10:18 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-06-11 21:35 - 2013-05-16 10:17 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-11 21:35 - 2013-05-16 10:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-11 21:35 - 2013-05-16 10:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-06-11 21:35 - 2013-05-16 09:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-11 21:35 - 2013-05-16 08:44 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-06-11 21:35 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-06-11 21:35 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-06-11 21:35 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-06-11 21:35 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
    2013-06-11 21:35 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-06-11 21:35 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-06-11 21:35 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-06-11 21:35 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
    2013-06-11 21:35 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
    2013-06-11 21:35 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
    2013-06-11 21:35 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
    2013-06-11 21:35 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2013-06-11 21:35 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-06-11 21:35 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-05-31 13:48 - 2013-06-22 21:12 - 00000000 ____D C:\Windows\Minidump

    ==================== One Month Modified Files and Folders =======

    2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\FRST
    2013-06-23 12:21 - 2010-12-20 02:30 - 00000000 ____D C:\ProgramData\Norton
    2013-06-23 12:21 - 2010-12-20 02:18 - 00000050 ____A C:\Windows\System32\SupplicantTest.log
    2013-06-23 12:21 - 2010-12-20 02:04 - 01082031 ____A C:\Windows\WindowsUpdate.log
    2013-06-23 12:18 - 2013-06-23 12:18 - 00000000 ____D C:\Users\Owner\Downloads\Keep
    2013-06-23 12:12 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-23 12:12 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-23 12:08 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-23 12:05 - 2013-06-23 12:05 - 00002512 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
    2013-06-23 12:05 - 2013-06-22 21:56 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
    2013-06-23 12:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-23 12:03 - 2013-06-22 21:21 - 00046282 ____A C:\Windows\PFRO.log
    2013-06-23 12:03 - 2013-06-22 21:21 - 00000112 ____A C:\Windows\setupact.log
    2013-06-22 22:22 - 2013-06-22 21:58 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2013-06-22 22:22 - 2013-06-22 21:58 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2013-06-22 22:09 - 2013-06-22 21:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
    2013-06-22 22:09 - 2013-06-22 21:37 - 00000000 ____D C:\Program Files\WinRAR
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\Users\Owner\AppData\Local\VS Revo Group
    2013-06-22 22:02 - 2013-06-22 22:02 - 00000000 ____D C:\ProgramData\VS Revo Group
    2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Symantec
    2013-06-22 21:58 - 2013-06-22 21:58 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2013-06-22 21:56 - 2013-06-22 21:56 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
    2013-06-22 21:21 - 2013-06-22 21:21 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-22 21:21 - 2011-10-24 13:30 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    2013-06-22 21:21 - 2011-10-24 13:30 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    2013-06-22 21:21 - 2011-09-30 21:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    2013-06-22 21:21 - 2011-09-30 21:20 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ____D C:\Program Files\TOSHIBA
    2013-06-22 21:21 - 2010-08-08 18:51 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
    2013-06-22 21:12 - 2013-05-31 13:48 - 00000000 ____D C:\Windows\Minidump
    2013-06-22 21:12 - 2011-10-02 20:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2013-06-22 21:12 - 2010-08-08 19:00 - 00000000 ____D C:\Windows\Panther
    2013-06-22 20:55 - 2013-06-22 20:55 - 04378864 ____A (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup402.exe
    2013-06-22 20:55 - 2013-06-22 20:55 - 00000000 ____D C:\Program Files\CCleaner
    2013-06-22 20:43 - 2011-10-02 20:47 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-06-22 20:43 - 2011-10-02 20:47 - 00000000 ____D C:\ProgramData\Skype
    2013-06-22 20:32 - 2010-08-08 18:59 - 00000000 ____D C:\ProgramData\Toshiba
    2013-06-19 07:11 - 2013-06-19 07:11 - 01125288 ____A (AirInstaller Inc.) C:\Users\Owner\Downloads\Java.exe
    2013-06-19 07:10 - 2013-06-19 07:10 - 03245056 ____A C:\Users\Owner\Downloads\Ch 4 summer 2011.ppt
    2013-06-19 07:10 - 2013-06-19 07:10 - 02320896 ____A C:\Users\Owner\Downloads\Ch 3 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 04079104 ____A C:\Users\Owner\Downloads\ch 2 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03280896 ____A C:\Users\Owner\Downloads\ch 1 summer 2011.ppt
    2013-06-19 07:09 - 2013-06-19 07:09 - 03278336 ____A C:\Users\Owner\Downloads\ch 1 summer 2011 (1).ppt
    2013-06-18 21:26 - 2013-06-18 21:26 - 00609336 ____A C:\Users\Owner\Downloads\setup.exe
    2013-06-18 21:26 - 2013-06-18 21:26 - 00001091 ____A C:\Users\Owner\Desktop\Continue Vid-Saver Installation.lnk
    2013-06-18 21:23 - 2013-06-17 18:05 - 00017719 ____A C:\Users\Owner\Downloads\SandX.xlsx
    2013-06-17 22:46 - 2013-06-17 22:46 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13 (1).xlsx
    2013-06-16 22:35 - 2013-06-16 22:35 - 00166146 ____A C:\Users\Owner\Downloads\Study Guide 6-17-13.xlsx
    2013-06-16 22:31 - 2011-06-20 16:06 - 00000000 ____D C:\ProgramData\Webroot
    2013-06-10 22:24 - 2013-05-08 11:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Conduit
    2013-06-09 22:47 - 2012-10-18 09:34 - 00000000 ____D C:\Users\Owner\Documents\Resume stuff
    2013-06-02 16:11 - 2011-06-20 15:49 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-05-29 12:06:34
    Restore point made on: 2013-06-04 22:12:57
    Restore point made on: 2013-06-09 22:05:39
    Restore point made on: 2013-06-12 17:41:54
    Restore point made on: 2013-06-18 21:36:33
    Restore point made on: 2013-06-19 07:09:00
    Restore point made on: 2013-06-22 19:57:25
    Restore point made on: 2013-06-22 20:23:30
    Restore point made on: 2013-06-22 20:24:41
    Restore point made on: 2013-06-22 20:26:04
    Restore point made on: 2013-06-22 20:27:02
    Restore point made on: 2013-06-22 20:28:25
    Restore point made on: 2013-06-22 20:29:37
    Restore point made on: 2013-06-22 20:30:19
    Restore point made on: 2013-06-22 20:33:23
    Restore point made on: 2013-06-22 20:42:49
    Restore point made on: 2013-06-22 20:51:09
    Restore point made on: 2013-06-22 21:04:48
    Restore point made on: 2013-06-22 21:17:27
    Restore point made on: 2013-06-22 21:28:14
    Restore point made on: 2013-06-22 22:04:07

    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 3894.69 MB
    Available physical RAM: 3319.12 MB
    Total Pagefile: 3892.84 MB
    Available Pagefile: 3298.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (TI105965W0D) (Fixed) (Total:454.96 GB) (Free:403.31 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
    Drive f: () (Removable) (Total:1.96 GB) (Free:0.07 GB) FAT (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C8EEC860)
    Partition 1: (Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

    ========================================================
    Disk: 1 (Size: 2 GB) (Disk ID: 009505B8)
    Partition 1: (Active) - (Size=2 GB) - (Type=06)


    LastRegBack: 2013-03-16 07:40

    ==================== End Of Log ===========================
  2. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    2nd Log:

    Farbar Recovery Scan Tool (x64) Version: 22-06-2013
    Ran by SYSTEM at 2013-06-23 14:38:06
    Running from F:\
    Boot Mode: Recovery

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  3. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    I don't actually see anything malicious there but let's see if we can make your computer bootable again.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    See if you can boot normally.

    Attached Files:

  4. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    Thanks, and that's good news currently rebooting on the PC in question- all appears to be okay - online for approximately 5 minutes or so. Is there anything else I can do to make sure it wasn't malicious?

    FIX LOG Below

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013
    Ran by SYSTEM at 2013-06-23 14:52:47 Run:1
    Running from F:\
    Boot Mode: Recovery
    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
  5. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Good job :)

    Yeah, it's probably a good idea to run some checks.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
  6. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    I currently have the PC in question installed with a trial version of Norton Internet Security 2013 yet I am unable to open the interface, complete a scan, or uninstall it without an error - to fix this should I simply install a free antivirus instead?
  7. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Try Norton Removal Tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html
    If successful...

    Install ONE of these:

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    Update, run full scan, report on any findings.

    If not successful let me know first.
  8. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    Removal was successful, Downloaded Comodo and updated it, currently performing a full scan; no threats have been found yet - I will repost after the scan is complete though as well as the Malwarebytes and DDS logs
  9. Broni

    Broni Malware Annihilator Posts: 46,373   +252

  10. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    After full scan, Comodo found one threat:
    "Application.Win32.AirAdInstaller.A@298433201"
    Located at "C:\Users\Owner\Downloads\Java.exe
     
  11. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    MBAM Log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.23.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Owner :: OWNER-PC [administrator]

    6/23/2013 4:50:16 PM
    mbam-log-2013-06-23 (16-50-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238706
    Time elapsed: 7 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  12. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    DDS LOG

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514
    Run by Owner at 17:01:19 on 2013-06-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2101 [GMT -7:00]
    .
    AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
    AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
    SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\windows\system32\igfxext.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\windows\system32\taskhost.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\notepad.exe
    C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN33612886651136735&UM=2&ctid=CT3287375
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uProxyOverride = <local>;*.local
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    mRun: [TUSBSleepChargeSrv] "C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe"
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: NameServer = 66.253.214.16 50.30.208.77
    TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B} : DHCPNameServer = 66.253.214.16 50.30.208.77
    TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\0796E65697 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\3416274696E616C637 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\35572677169775966496 : DHCPNameServer = 64.68.252.10 64.68.248.10
    TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\4557271757F6963756A4565607 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\4596765627 : DHCPNameServer = 68.105.28.12 68.105.28.11 192.168.1.104
    TCP: Interfaces\{E2A3B892-4943-4578-A26B-252F97030C8B}\D497F6E65616E646F6E6C697 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [IgfxTray] "C:\windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"
    x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [ThpSrv] "C:\windows\System32\thpsrv" /logon
    x64-Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
    x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    x64-Run: [TosVolRegulator] "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2010-7-12 24680]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-12-20 482384]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\drivers\cmderd.sys [2013-6-18 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdguard.sys [2013-6-18 708632]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]
    R2 ssfmonm;ssfmonm;C:\windows\System32\drivers\ssfmonm.sys [2011-6-20 56408]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2009-12-22 71168]
    R3 bpmp;bpmp;C:\windows\System32\drivers\bpmp.sys [2009-12-22 174592]
    R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2009-12-22 81920]
    R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-12-20 9216]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-12-20 56344]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-6-21 287232]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-12-20 35008]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-20 232992]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\Winword.exe="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
    .
    =============== Created Last 30 ================
    .
    2013-06-23 23:48:35--------d-s---w-C:\ComboFix
    2013-06-23 23:33:40--------d-----w-C:\Users\Owner\AppData\Roaming\Malwarebytes
    2013-06-23 23:33:19--------d-----w-C:\ProgramData\Malwarebytes
    2013-06-23 23:33:1625928----a-w-C:\windows\System32\drivers\mbam.sys
    2013-06-23 23:33:16--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-23 22:22:37--------d-----w-C:\FRST
    2013-06-23 22:20:50--------d-s---w-C:\ProgramData\Shared Space
    2013-06-23 22:20:44--------d-----w-C:\Program Files\COMODO
    2013-06-23 22:20:41--------d-----w-C:\ProgramData\Comodo
    2013-06-23 22:20:37--------d-----w-C:\ProgramData\Comodo Downloader
    2013-06-23 22:00:449552976----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01F483A8-5721-42D4-87D6-FB76B9CC619E}\mpengine.dll
    2013-06-23 06:17:49433752----a-w-C:\windows\System32\drivers\NISx64\1404000.028\symnets.sys
    2013-06-23 06:17:48796760----a-w-C:\windows\System32\drivers\NISx64\1404000.028\srtsp64.sys
    2013-06-23 06:17:48493656----a-w-C:\windows\System32\drivers\NISx64\1404000.028\symds64.sys
    2013-06-23 06:17:4836952----a-w-C:\windows\System32\drivers\NISx64\1404000.028\srtspx64.sys
    2013-06-23 06:17:4823448----a-r-C:\windows\System32\drivers\NISx64\1404000.028\symelam.sys
    2013-06-23 06:17:48224416----a-w-C:\windows\System32\drivers\NISx64\1404000.028\ironx64.sys
    2013-06-23 06:17:48169048----a-w-C:\windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys
    2013-06-23 06:17:481139800----a-w-C:\windows\System32\drivers\NISx64\1404000.028\symefa64.sys
    2013-06-23 06:17:09--------d-----w-C:\windows\System32\drivers\NISx64\1404000.028
    2013-06-23 06:02:23--------d-----w-C:\Users\Owner\AppData\Local\VS Revo Group
    2013-06-23 06:02:09--------d-----w-C:\ProgramData\VS Revo Group
    2013-06-23 06:01:51--------d-----w-C:\Users\Owner\AppData\Local\Programs
    2013-06-23 05:58:51--------d-----w-C:\Program Files\Common Files\Symantec Shared
    2013-06-23 05:56:55--------d-----w-C:\windows\System32\drivers\NISx64
    2013-06-23 05:56:12--------d-----w-C:\Program Files (x86)\NortonInstaller
    2013-06-23 04:55:33--------d-----w-C:\Program Files\CCleaner
    2013-06-18 23:16:10708632----a-w-C:\windows\System32\drivers\cmdguard.sys
    2013-06-18 23:16:1048360----a-w-C:\windows\System32\drivers\cmdhlp.sys
    2013-06-18 23:16:0823168----a-w-C:\windows\System32\drivers\cmderd.sys
    2013-06-18 23:15:5043216----a-w-C:\windows\System32\cmdcsr.dll
    2013-06-18 23:15:48437688----a-w-C:\windows\System32\guard64.dll
    2013-06-18 23:15:48348584----a-w-C:\windows\SysWow64\guard32.dll
    2013-06-18 23:15:4045784----a-w-C:\windows\System32\cmdkbd64.dll
    2013-06-18 23:15:40344792----a-w-C:\windows\System32\cmdvrt64.dll
    2013-06-18 23:15:3640664----a-w-C:\windows\SysWow64\cmdkbd32.dll
    2013-06-18 23:15:36278232----a-w-C:\windows\SysWow64\cmdvrt32.dll
    2013-06-12 05:35:59760320----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    .
    ==================== Find3M ====================
    .
    2013-05-17 06:14:051188864----a-w-C:\windows\System32\wininet.dll
    2013-05-16 18:21:48981504----a-w-C:\windows\SysWow64\wininet.dll
    2013-05-16 17:10:291638912----a-w-C:\windows\System32\mshtml.tlb
    2013-05-16 16:44:211638912----a-w-C:\windows\SysWow64\mshtml.tlb
    2013-05-13 05:51:01184320----a-w-C:\windows\System32\cryptsvc.dll
    2013-05-13 05:51:001464320----a-w-C:\windows\System32\crypt32.dll
    2013-05-13 05:51:00139776----a-w-C:\windows\System32\cryptnet.dll
    2013-05-13 05:50:4052224----a-w-C:\windows\System32\certenc.dll
    2013-05-13 04:45:55140288----a-w-C:\windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:551160192----a-w-C:\windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55103936----a-w-C:\windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:551192448----a-w-C:\windows\System32\certutil.exe
    2013-05-13 03:08:10903168----a-w-C:\windows\SysWow64\certutil.exe
    2013-05-13 03:08:0643008----a-w-C:\windows\SysWow64\certenc.dll
    2013-05-10 05:49:2730720----a-w-C:\windows\System32\cryptdlg.dll
    2013-05-10 03:20:5424576----a-w-C:\windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:011910632----a-w-C:\windows\System32\drivers\tcpip.sys
    2013-05-02 09:06:08278800------w-C:\windows\System32\MpSigStub.exe
    2013-04-26 05:51:36751104----a-w-C:\windows\System32\win32spl.dll
    2013-04-26 04:55:21492544----a-w-C:\windows\SysWow64\win32spl.dll
    2013-04-13 05:49:23135168----a-w-C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19350208----a-w-C:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19308736----a-w-C:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19111104----a-w-C:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16474624----a-w-C:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:152176512----a-w-C:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45:081656680----a-w-C:\windows\System32\drivers\ntfs.sys
    2013-04-11 14:22:56770384----a-w-C:\windows\SysWow64\msvcr100.dll
    2013-04-11 14:22:56421200----a-w-C:\windows\SysWow64\msvcp100.dll
    2013-04-10 06:01:54265064----a-w-C:\windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53983400----a-w-C:\windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:503153920----a-w-C:\windows\System32\win32k.sys
    .
    ============= FINISH: 17:02:56.77 ===============
  13. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    Attached Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/19/2011 4:19:59 PM
    System Uptime: 6/23/2013 3:26:57 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU | 1190/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 402.198 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Ethernet Controller
    Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_FF1E1179&REV_C1\4&12031433&0&00E0
    Manufacturer:
    Name: Ethernet Controller
    PNP Device ID: PCI\VEN_1969&DEV_2062&SUBSYS_FF1E1179&REV_C1\4&12031433&0&00E0
    Service:
    .
    Class GUID: {5175d334-c371-4806-b3ba-71fd53c9258d}
    Description: Light Sensor
    Device ID: ACPI\ACPI0008\4&13DECF40&0
    Manufacturer: Microsoft
    Name: Light Sensor
    PNP Device ID: ACPI\ACPI0008\4&13DECF40&0
    Service: WUDFRd
    .
    Class GUID:
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer:
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP176: 5/29/2013 1:06:11 PM - Windows Update
    RP177: 6/4/2013 11:12:38 PM - Windows Update
    RP178: 6/9/2013 11:05:24 PM - Windows Update
    RP179: 6/12/2013 6:41:33 PM - Windows Update
    RP180: 6/18/2013 10:36:08 PM - Windows Update
    RP181: 6/19/2013 8:08:43 AM - Windows Update
    RP182: 6/22/2013 8:57:08 PM - Windows Update
    RP183: 6/22/2013 9:23:20 PM - Removed TOSHIBA Service Station
    RP184: 6/22/2013 9:24:29 PM - Configured TOSHIBA ReelTime
    RP185: 6/22/2013 9:25:55 PM - Removed Toshiba Book Place
    RP186: 6/22/2013 9:26:51 PM - Configured TOSHIBA Bulletin Board
    RP187: 6/22/2013 9:28:13 PM - Removed TOSHIBA Disc Creator
    RP188: 6/22/2013 9:29:28 PM - Removed TOSHIBA Application Installer
    RP189: 6/22/2013 9:30:10 PM - Configured TOSHIBA Face Recognition
    RP190: 6/22/2013 9:33:14 PM - Removed TOSHIBA Quality Application
    RP191: 6/22/2013 9:42:40 PM - Removed Skype Click to Call
    RP192: 6/22/2013 9:50:57 PM - Removed TOSHIBA Web Camera Application
    RP193: 6/22/2013 10:04:35 PM - Removed Best Buy pc app
    RP194: 6/22/2013 10:17:16 PM - Windows Update
    RP195: 6/22/2013 10:28:00 PM - Windows Backup
    RP197: 6/22/2013 11:03:52 PM - Revo Uninstaller Pro's restore point - Webroot Software
    RP154: 6/23/2013 2:59:32 PM - Windows Update
    RP155: 6/23/2013 3:21:10 PM - Device Driver Package Install: COMODO Network Service
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Best Buy pc app
    Bonjour
    COMODO Internet Security Premium
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Facebook Video Calling 1.2.0.287
    Google Chrome
    HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
    HP Photosmart D110 All-In-One Driver 14.0 Rel. 7
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel® PROSet/Wireless WiMAX Software
    Intel® Wireless Display
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 33
    Junk Mail filter update
    Logitech Unifying Software 2.00
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network64
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Updatus
    PlayReady PC Runtime amd64
    PS_AIO_06_C4700_SW_Min
    PS_AIO_07_D110_SW_Min
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.10
    swMSM
    Synaptics Pointing Device Driver
    Toolbox
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD Protection
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Webroot Software
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/23/2013 3:26:41 PM, Error: ssidrv [31] - Invalid input parameter found.
    6/23/2013 3:26:41 PM, Error: ssidrv [26] - Failed to set monitor event rule.
    6/23/2013 3:06:21 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E2A3B892-4943-4578-A26B-252F97030C8B} because another computer on the network has the same name. The server could not start.
    6/23/2013 3:06:21 PM, Error: NetBT [4321] - The name "OWNER-PC :20" could not be registered on the interface with IP address 68.228.106.55. The computer with the IP address 68.228.105.109 did not allow the name to be claimed by this computer.
    6/23/2013 1:44:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/23/2013 1:44:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/23/2013 1:22:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/23/2013 1:22:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/23/2013 1:22:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/23/2013 1:22:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/23/2013 1:22:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/23/2013 1:22:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/23/2013 1:22:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/23/2013 1:20:55 PM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/23/2013 1:15:41 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 68.228.106.55. The computer with the IP address 68.228.104.185 did not allow the name to be claimed by this computer.
    6/22/2013 9:55:35 PM, Error: NetBT [4321] - The name "OWNER-PC :0" could not be registered on the interface with IP address 68.228.106.55. The computer with the IP address 68.228.105.109 did not allow the name to be claimed by this computer.
    6/22/2013 9:48:15 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    6/22/2013 11:13:28 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Norton Internet Security service, but this action failed with the following error: An instance of the service is already running.
    6/22/2013 10:22:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    6/22/2013 10:22:16 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    6/22/2013 10:22:12 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    6/18/2013 11:17:21 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 68.228.104.146. The computer with the IP address 68.228.104.144 did not allow the name to be claimed by this computer.
    6/16/2013 11:13:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SOCALKID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E2A3B892-4943-4578-A26B-252F97030C8B}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
  14. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    [​IMG] You installed Comodo but you also have Webroot antivirus installed.
    You must uninstall one of them.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  15. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    I've attempted to uninstall Webroot before and yet it still will say that it's installed - I've gone to uninstall it yet again and an error message came up stating that is was already uninstalled - I've also recently downloaded Revo Uninstaller to try and mediate this with no luck - is there a removal tool for Webroot? I've been looking and haven't found one yet
  16. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    Found one that has worked successfully, also below is the Rogue Killer report

    RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 06/23/2013 17:32:42
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] {3849D3A9-1252-44D1-8AEF-035F2E28F756} : "c:\users\owner\appdata\local\google\chrome\application\chrome.exe" - hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1618 [x][x] -> DELETED

    ¤¤¤ Startup Entries : 3 ¤¤¤
    [Default][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> DELETED
    [Default User][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> [0x2] The system cannot find the file specified.
    [UpdatusUser][SUSP PATH] Best Buy pc app.lnk : C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> DELETED

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK5065GSXN +++++
    --- User ---
    [MBR] c2d8d1a7581bcd0777c813e0fed4c52c
    [BSP] b1141d5ed65f7a892ad9fe993ee9f7d2 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465879 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 957194240 | Size: 9560 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_06232013_173242.txt >>
    RKreport[0]_S_06232013_173231.txt
  17. Broni

    Broni Malware Annihilator Posts: 46,373   +252

  18. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    MBAR Reported 0 Malware

    Log below

    Malwarebytes Anti-Rootkit BETA 1.06.0.1004
    www.malwarebytes.org

    Database version: v2013.06.23.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Owner :: OWNER-PC [administrator]

    6/23/2013 5:42:21 PM
    mbar-log-2013-06-23 (17-42-21).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: PUP
    Objects scanned: 262700
    Time elapsed: 20 minute(s), 36 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
  19. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    Java version: 1.6.0_33

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.533000 GHz
    Memory total: 4083879936, free: 2061889536

    Downloaded database version: v2013.06.23.06
    Initializing...
    ------------ Kernel report ------------
    06/23/2013 17:42:17
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\ssidrv.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\system32\DRIVERS\Thpevm.SYS
    \SystemRoot\system32\DRIVERS\thpdrv.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETw5s64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Impcd.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\WDKMD.sys
    \SystemRoot\system32\DRIVERS\bpenum.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\bpusb.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\bpmp.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\ssfmonm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \??\C:\windows\system32\Drivers\PROCEXP113.SYS
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80052aa060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004feb050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80052aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80052aab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80052aa060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80052a9060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\
    DevicePointer: 0xfffffa8004fcc7a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004feb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C8EEC860

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 954120192

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 957194240 Numsec = 19578880
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_957194240_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
  20. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    Now should I recreate a system restore point and then take a look at running like a Combofix?
  21. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  22. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    Below is the ComboFix log, I noticed that even after uninstalling Webroot, with a removal tool as well, that it was still logged and noted as installed from ComboFix - will this cause an issue? How else can this be resolved?

    ComboFix 13-06-22.01 - Owner 06/23/2013 18:40:25.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2351 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-24 to 2013-06-24 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-24 01:49 . 2013-06-24 01:49--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2013-06-24 01:49 . 2013-06-24 01:49--------d-----w-c:\users\Default\AppData\Local\temp
    2013-06-24 00:42 . 2013-06-24 01:02--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-23 23:33 . 2013-06-23 23:33--------d-----w-c:\users\Owner\AppData\Roaming\Malwarebytes
    2013-06-23 23:33 . 2013-06-23 23:33--------d-----w-c:\programdata\Malwarebytes
    2013-06-23 23:33 . 2013-06-23 23:33--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-06-23 23:33 . 2013-04-04 21:5025928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-06-23 22:22 . 2013-06-23 22:22--------d-----w-C:\FRST
    2013-06-23 22:20 . 2013-06-23 22:22--------d-s---w-c:\programdata\Shared Space
    2013-06-23 22:20 . 2013-06-23 22:20--------d-----w-c:\program files\COMODO
    2013-06-23 22:20 . 2013-06-23 22:22--------d-----w-c:\programdata\Comodo
    2013-06-23 22:20 . 2013-06-23 22:20--------d-----w-c:\programdata\Comodo Downloader
    2013-06-23 22:00 . 2013-06-12 03:089552976----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{01F483A8-5721-42D4-87D6-FB76B9CC619E}\mpengine.dll
    2013-06-23 06:02 . 2013-06-23 06:02--------d-----w-c:\users\Owner\AppData\Local\VS Revo Group
    2013-06-23 06:02 . 2013-06-23 06:02--------d-----w-c:\programdata\VS Revo Group
    2013-06-23 06:01 . 2013-06-23 06:01--------d-----w-c:\users\Owner\AppData\Local\Programs
    2013-06-23 05:58 . 2013-06-23 22:25--------d-----w-c:\program files\Common Files\Symantec Shared
    2013-06-23 05:56 . 2013-06-23 20:05--------d-----w-c:\windows\system32\drivers\NISx64
    2013-06-23 05:56 . 2013-06-23 22:25--------d-----w-c:\program files (x86)\NortonInstaller
    2013-06-23 05:37 . 2013-06-23 06:09--------d-----w-c:\program files\WinRAR
    2013-06-23 04:55 . 2013-06-23 04:55--------d-----w-c:\program files\CCleaner
    2013-06-18 23:16 . 2013-06-18 23:1696800----a-w-c:\windows\system32\drivers\inspect.sys
    2013-06-18 23:16 . 2013-06-18 23:16708632----a-w-c:\windows\system32\drivers\cmdguard.sys
    2013-06-18 23:16 . 2013-06-18 23:1648360----a-w-c:\windows\system32\drivers\cmdhlp.sys
    2013-06-18 23:16 . 2013-06-18 23:1623168----a-w-c:\windows\system32\drivers\cmderd.sys
    2013-06-18 23:15 . 2013-06-18 23:1543216----a-w-c:\windows\system32\cmdcsr.dll
    2013-06-18 23:15 . 2013-06-18 23:15437688----a-w-c:\windows\system32\guard64.dll
    2013-06-18 23:15 . 2013-06-18 23:15348584----a-w-c:\windows\SysWow64\guard32.dll
    2013-06-18 23:15 . 2013-06-18 23:1545784----a-w-c:\windows\system32\cmdkbd64.dll
    2013-06-18 23:15 . 2013-06-18 23:15344792----a-w-c:\windows\system32\cmdvrt64.dll
    2013-06-18 23:15 . 2013-06-18 23:1540664----a-w-c:\windows\SysWow64\cmdkbd32.dll
    2013-06-18 23:15 . 2013-06-18 23:15278232----a-w-c:\windows\SysWow64\cmdvrt32.dll
    2013-06-12 05:35 . 2013-05-17 06:092458112----a-w-c:\windows\system32\iertutil.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-03 00:11 . 2011-06-20 23:4975825640----a-w-c:\windows\system32\MRT.exe
    2013-05-02 09:06 . 2011-06-19 23:37278800------w-c:\windows\system32\MpSigStub.exe
    2013-04-13 05:49 . 2013-05-15 20:12135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-15 20:12308736----a-w-c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-15 20:12350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-15 20:12111104----a-w-c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-15 20:12474624----a-w-c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-15 20:122176512----a-w-c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-24 04:241656680----a-w-c:\windows\system32\drivers\ntfs.sys
    2013-04-11 14:22 . 2013-04-27 03:56770384----a-w-c:\windows\SysWow64\msvcr100.dll
    2013-04-11 14:22 . 2013-04-27 03:56421200----a-w-c:\windows\SysWow64\msvcp100.dll
    2013-04-10 06:01 . 2013-05-15 20:12265064----a-w-c:\windows\system32\drivers\dxgmms1.sys
    2013-04-10 06:01 . 2013-05-15 20:12983400----a-w-c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-10 03:30 . 2013-05-15 20:123153920----a-w-c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
    S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys;c:\windows\SYSNATIVE\DRIVERS\ssfmonm.sys [x]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
    S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [x]
    S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
    S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
    S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - CMDERD
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:43]
    .
    2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 20:43]
    .
    2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 05:20]
    .
    2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1233418114-2423251252-4259381913-1002UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 05:20]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-01-27 1445888]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-06-18 1497816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN33612886651136735&UM=2&ctid=CT3287375
    mDefault_Page_URL =
    mStart Page =
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 66.253.214.16 50.30.208.77
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    Wow6432Node-HKLM-Run-ToshibaServiceStation - c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    Wow6432Node-HKLM-Run-TWebCamera - c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
    AddRemove-InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6} - c:\program files (x86)\InstallShield Installation Information\{A0E99122-25C1-4CA4-9063-499A2A814EB6}\setup.exe
    AddRemove-InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380} - c:\program files (x86)\InstallShield Installation Information\{C14518AF-1A0F-4D39-8011-69BAA01CD380}\setup.exe
    AddRemove-InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} - c:\program files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe
    AddRemove-{1B87C40B-A60B-4EF3-9A68-706CF4B69978} - c:\program files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe
    AddRemove-{5E6F6CF3-BACC-4144-868C-E14622C658F3} - c:\program files (x86)\InstallShield Installation Information\{5E6F6CF3-BACC-4144-868C-E14622C658F3}\setup.exe
    AddRemove-{8B287B75-DF8D-40C8-9620-8E4492C38EF1} - c:\programdata\{346564C3-1CD0-440B-AE7A-F644B66D2026}\WRInstall.exe
    AddRemove-{AC6569FA-6919-442A-8552-073BE69E247A} - c:\program files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-06-23 18:54:04
    ComboFix-quarantined-files.txt 2013-06-24 01:54
    .
    Pre-Run: 432,332,193,792 bytes free
    Post-Run: 431,891,894,272 bytes free
    .
    - - End Of File - - 7D63125EC028F5E0ACD160CBA93E50C5
    D41D8CD98F00B204E9800998ECF8427E
  23. RileyMcD

    RileyMcD Newcomer, in training Topic Starter Posts: 25

    Below is the ComboFix log, I noticed that even after uninstalling Webroot, with a removal tool as well, that it was still logged and noted as installed from ComboFix - will this cause an issue? How else can this be resolved?
  24. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    We'll see if we can remove Webroot leftovers manually...
    We'll do it in our next step.

    Combofix log looks good.

    Any current issues?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.