Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-04-2013 02
Ran by User (administrator) on 28-04-2013 15:51:56
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(COMPANYVERS_NAME) C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NovaStor) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
(TOSHIBA Corporation) C:\Windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NovaStor) C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Farbar) C:\Users\User\Desktop\FRST64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2114376 2008-03-03] (CANON INC.)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-15] (Google Inc.)
HKCU\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [143360 2009-02-16] (CyberLink Corp.)
HKLM-x32\...\Run: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe [263560 2009-03-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe [30096 2011-07-31] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-18] (Apple Inc.)
HKLM-x32\...\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe [607592 2011-07-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe [605032 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe [140136 2011-06-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: (No Name) - {37153479-1976-43c3-a1ee-557513977b64} - No File
URLSearchHook: (No Name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No File
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
http://search.mywebsearch.com/myweb...&n=77de8a5d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
http://search.mywebsearch.com/myweb...&n=77de8a5d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Coupons.com Toolbar - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
BHO-x32: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll (MindSpark)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
BHO-x32: ShopAtHome.com Toolbar - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Coupons.com Toolbar - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File
Toolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
PDF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/sites/production/ieawsdc32.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
==================== Services (Whitelisted) =================
S3 BFE; C:\Windows\SysWow64\. [0 2013-04-25] ()
R2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 CouponAlert_2pService; C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [42504 2011-07-31] (COMPANYVERS_NAME)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [251184 2009-05-15] (BUFFALO INC.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-04-15] (NovaStor)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
==================== Drivers (Whitelisted) ====================
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\FRST
2013-04-28 15:50 - 2013-04-28 15:50 - 01710472 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-04-28 15:05 - 2013-04-28 15:05 - 00000000 ____D C:\ComboFix
2013-04-28 15:01 - 2013-04-28 15:01 - 00004818 ____A C:\Users\User\Desktop\Rkill3.txt
2013-04-28 08:49 - 2013-04-28 15:05 - 00000000 ___SD C:\32788R22FWJFW
2013-04-28 08:44 - 2013-04-28 08:44 - 05056640 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2013-04-28 08:43 - 2013-04-28 08:43 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill2.exe
2013-04-28 08:35 - 2013-04-28 08:35 - 00274776 ____A C:\Windows\Minidump\042813-24273-01.dmp
2013-04-25 16:22 - 2013-04-25 16:23 - 00000000 ___SD C:\Larry2471L
2013-04-25 16:15 - 2013-04-25 16:15 - 00000000 ____D C:\Larry3782L
2013-04-25 16:13 - 2013-04-25 16:13 - 00000000 ____D C:\Larry
2013-04-25 16:10 - 2013-04-28 15:01 - 00004818 ____A C:\Users\User\Desktop\Rkill.txt
2013-04-25 16:10 - 2013-04-25 16:10 - 00000000 ____D C:\Users\User\Desktop\rkill
2013-04-25 16:07 - 2013-04-25 16:07 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2013-04-25 15:58 - 2013-04-25 15:58 - 00274776 ____A C:\Windows\Minidump\042513-75442-01.dmp
2013-04-25 15:54 - 2013-04-25 15:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-25 15:46 - 2013-04-25 15:46 - 00274776 ____A C:\Windows\Minidump\042513-32089-01.dmp
2013-04-25 15:42 - 2013-04-25 15:42 - 00274776 ____A C:\Windows\Minidump\042513-23244-01.dmp
2013-04-25 15:39 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-04-25 15:39 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-04-25 15:39 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-04-25 15:39 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-04-25 15:39 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-04-25 15:39 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-04-25 15:39 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-04-25 15:39 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-04-25 15:38 - 2013-04-28 15:05 - 00000000 ____D C:\Windows\erdnt
2013-04-25 15:38 - 2013-04-25 15:39 - 00000000 ____D C:\Qoobox
2013-04-24 20:53 - 2013-04-24 20:53 - 00000000 ____D C:\Users\User\Documents\mbar-1.05.0.1001
2013-04-24 20:46 - 2013-04-24 20:46 - 00002384 ____A C:\Users\User\Desktop\RKreport[2]_D_04242013_02d2046.txt
2013-04-24 20:43 - 2013-04-24 20:43 - 00002730 ____A C:\Users\User\Desktop\RKreport[1]_S_04242013_02d2043.txt
2013-04-24 20:40 - 2013-04-24 20:44 - 00000000 ____D C:\Users\User\Desktop\RK_Quarantine
2013-04-24 20:40 - 2013-04-24 20:40 - 00816128 ____A C:\Users\User\Desktop\RogueKiller.exe
2013-04-24 06:02 - 2013-04-24 06:02 - 00021693 ____A C:\Users\User\Desktop\dds.txt
2013-04-24 06:02 - 2013-04-24 06:02 - 00011879 ____A C:\Users\User\Desktop\attach.txt
2013-04-24 05:47 - 2013-04-24 05:47 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2013-04-24 05:36 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-24 05:32 - 2013-04-24 05:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-04-24 05:31 - 2013-04-24 05:31 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-24 05:31 - 2013-04-24 05:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 05:31 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-24 05:29 - 2013-04-24 05:29 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.75.0.1300.exe
2013-04-23 10:07 - 2013-04-23 10:07 - 00002059 ____A C:\Users\User\Desktop\System Care Antivirus.lnk
2013-04-11 09:34 - 2013-02-22 02:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 09:34 - 2013-02-22 02:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 09:34 - 2013-02-22 02:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 09:34 - 2013-02-22 02:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 09:34 - 2013-02-22 02:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 09:34 - 2013-02-22 02:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 09:34 - 2013-02-22 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 09:34 - 2013-02-22 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 09:34 - 2013-02-22 02:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 09:34 - 2013-02-22 02:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 09:34 - 2013-02-22 02:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 09:34 - 2013-02-22 02:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 09:34 - 2013-02-22 02:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 09:34 - 2013-02-22 02:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 09:34 - 2013-02-22 02:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 09:34 - 2013-02-22 02:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 09:34 - 2013-02-22 00:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 09:34 - 2013-02-21 23:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 09:34 - 2013-02-21 23:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 09:34 - 2013-02-21 23:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 09:34 - 2013-02-21 23:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 09:34 - 2013-02-21 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-11 09:34 - 2013-02-21 23:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-11 09:34 - 2013-02-21 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 09:34 - 2013-02-21 23:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 09:34 - 2013-02-21 23:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-11 09:34 - 2013-02-21 23:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-11 09:34 - 2013-02-21 23:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 09:34 - 2013-02-21 23:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 09:34 - 2013-02-21 23:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 09:34 - 2013-02-21 23:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-11 09:34 - 2013-02-21 23:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 12:12 - 2013-02-28 23:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 12:12 - 2013-01-24 02:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-10 12:11 - 2013-03-19 02:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 12:11 - 2013-03-19 01:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 12:11 - 2013-03-19 01:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 12:11 - 2013-03-19 01:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 12:11 - 2013-03-19 00:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 12:11 - 2013-03-18 23:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-03 15:29 - 2013-04-03 15:29 - 00002065 ____A C:\Users\Public\Desktop\Canon MP240 series User Registration.LNK
2013-04-03 15:28 - 2013-04-03 15:28 - 00001775 ____A C:\Users\Public\Desktop\My Printer.lnk
2013-04-03 15:28 - 2013-04-03 15:28 - 00000000 ____D C:\Program Files\Canon
2013-04-03 15:25 - 2013-04-03 15:25 - 00002104 ____A C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
2013-04-03 15:24 - 2013-04-03 15:24 - 00002106 ____A C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
2013-04-03 15:23 - 2013-04-03 15:23 - 00002341 ____A C:\Users\Public\Desktop\MP240 series On-screen Manual.lnk
2013-04-03 15:22 - 2013-04-03 15:22 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-04-03 15:21 - 2013-04-03 15:21 - 00000000 ___HD C:\Program Files\CanonBJ
==================== One Month Modified Files and Folders =======
2013-04-28 15:51 - 2013-04-28 15:51 - 00000000 ____D C:\FRST
2013-04-28 15:50 - 2013-04-28 15:50 - 01710472 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-04-28 15:13 - 2011-02-15 21:38 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-28 15:13 - 2011-02-15 21:38 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-28 15:10 - 2009-07-14 01:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-28 15:09 - 2011-02-15 21:57 - 01744753 ____A C:\Windows\WindowsUpdate.log
2013-04-28 15:06 - 2011-02-15 18:18 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-28 15:06 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-28 15:06 - 2009-07-14 00:51 - 00705454 ____A C:\Windows\setupact.log
2013-04-28 15:05 - 2013-04-28 15:05 - 00000000 ____D C:\ComboFix
2013-04-28 15:05 - 2013-04-28 08:49 - 00000000 ___SD C:\32788R22FWJFW
2013-04-28 15:05 - 2013-04-25 15:38 - 00000000 ____D C:\Windows\erdnt
2013-04-28 15:01 - 2013-04-28 15:01 - 00004818 ____A C:\Users\User\Desktop\Rkill3.txt
2013-04-28 15:01 - 2013-04-25 16:10 - 00004818 ____A C:\Users\User\Desktop\Rkill.txt
2013-04-28 14:57 - 2011-03-05 10:03 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-28 08:54 - 2013-02-23 12:48 - 00000000 ____D C:\Backup
2013-04-28 08:44 - 2013-04-28 08:44 - 05056640 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2013-04-28 08:43 - 2013-04-28 08:43 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill2.exe
2013-04-28 08:35 - 2013-04-28 08:35 - 00274776 ____A C:\Windows\Minidump\042813-24273-01.dmp
2013-04-28 08:35 - 2013-02-15 10:21 - 00000000 ____D C:\Windows\Minidump
2013-04-28 08:35 - 2013-02-15 10:20 - 427969370 ____A C:\Windows\MEMORY.DMP
2013-04-25 16:23 - 2013-04-25 16:22 - 00000000 ___SD C:\Larry2471L
2013-04-25 16:15 - 2013-04-25 16:15 - 00000000 ____D C:\Larry3782L
2013-04-25 16:13 - 2013-04-25 16:13 - 00000000 ____D C:\Larry
2013-04-25 16:10 - 2013-04-25 16:10 - 00000000 ____D C:\Users\User\Desktop\rkill
2013-04-25 16:07 - 2013-04-25 16:07 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\User\Desktop\rkill.exe
2013-04-25 15:58 - 2013-04-25 15:58 - 00274776 ____A C:\Windows\Minidump\042513-75442-01.dmp
2013-04-25 15:54 - 2013-04-25 15:54 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-25 15:54 - 2012-05-15 16:16 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-04-25 15:54 - 2012-05-15 16:16 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-04-25 15:54 - 2012-05-15 16:16 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-04-25 15:54 - 2009-05-03 02:34 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-25 15:54 - 2009-05-03 02:34 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-25 15:54 - 2009-05-03 02:34 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-25 15:46 - 2013-04-25 15:46 - 00274776 ____A C:\Windows\Minidump\042513-32089-01.dmp
2013-04-25 15:42 - 2013-04-25 15:42 - 00274776 ____A C:\Windows\Minidump\042513-23244-01.dmp
2013-04-25 15:41 - 2011-02-15 21:50 - 00289674 ____A C:\Windows\PFRO.log
2013-04-25 15:39 - 2013-04-25 15:38 - 00000000 ____D C:\Qoobox
2013-04-24 20:53 - 2013-04-24 20:53 - 00000000 ____D C:\Users\User\Documents\mbar-1.05.0.1001
2013-04-24 20:46 - 2013-04-24 20:46 - 00002384 ____A C:\Users\User\Desktop\RKreport[2]_D_04242013_02d2046.txt
2013-04-24 20:44 - 2013-04-24 20:40 - 00000000 ____D C:\Users\User\Desktop\RK_Quarantine
2013-04-24 20:43 - 2013-04-24 20:43 - 00002730 ____A C:\Users\User\Desktop\RKreport[1]_S_04242013_02d2043.txt
2013-04-24 20:40 - 2013-04-24 20:40 - 00816128 ____A C:\Users\User\Desktop\RogueKiller.exe
2013-04-24 06:02 - 2013-04-24 06:02 - 00021693 ____A C:\Users\User\Desktop\dds.txt
2013-04-24 06:02 - 2013-04-24 06:02 - 00011879 ____A C:\Users\User\Desktop\attach.txt
2013-04-24 05:47 - 2013-04-24 05:47 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2013-04-24 05:32 - 2013-04-24 05:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-04-24 05:31 - 2013-04-24 05:31 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-24 05:31 - 2013-04-24 05:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 05:29 - 2013-04-24 05:29 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.75.0.1300.exe
2013-04-24 05:21 - 2011-10-17 20:30 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-04-23 10:07 - 2013-04-23 10:07 - 00002059 ____A C:\Users\User\Desktop\System Care Antivirus.lnk
2013-04-17 08:00 - 2012-08-26 10:10 - 00000000 ____D C:\Users\User\Documents\5th Grade
2013-04-12 10:45 - 2013-04-24 05:36 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 09:58 - 2009-07-14 00:45 - 00456400 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 09:37 - 2011-02-16 17:06 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-04 14:50 - 2013-04-24 05:31 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-03 15:30 - 2011-05-15 09:39 - 00000000 ____D C:\Program Files (x86)\Canon
2013-04-03 15:29 - 2013-04-03 15:29 - 00002065 ____A C:\Users\Public\Desktop\Canon MP240 series User Registration.LNK
2013-04-03 15:28 - 2013-04-03 15:28 - 00001775 ____A C:\Users\Public\Desktop\My Printer.lnk
2013-04-03 15:28 - 2013-04-03 15:28 - 00000000 ____D C:\Program Files\Canon
2013-04-03 15:25 - 2013-04-03 15:25 - 00002104 ____A C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
2013-04-03 15:24 - 2013-04-03 15:24 - 00002106 ____A C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
2013-04-03 15:23 - 2013-04-03 15:23 - 00002341 ____A C:\Users\Public\Desktop\MP240 series On-screen Manual.lnk
2013-04-03 15:22 - 2013-04-03 15:22 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-04-03 15:21 - 2013-04-03 15:21 - 00000000 ___HD C:\Program Files\CanonBJ
2013-04-02 06:34 - 2011-02-15 22:17 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-04-14 17:53
==================== End Of Log ============================