SpywareHammer.com

SpywareHammer Malware Removal Forums => Completed Malware and Rootkit Removal Topics => Topic started by: Clikens86 on October 17, 2013, 09:59:56 AM

Title: [RESOLVED] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 17, 2013, 09:59:56 AM
I am working with Kevin to fix my desktop, but we have a laptop that has the fbi virus. At one time MBAM stopped the virus but it kept re executing.  I cannot access the main account as my brother in law had a spyhunter program that stopped the virus from executing but you have to pay to have it remove infections. DDS only came up with the DDS log. It did not come with an attach log.  Thank you guys for your help. 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Likens at 10:52:29 on 2013-10-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.1958 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\Dwm.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\windows\system32\igfxext.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\svchost.exe -k swprv
C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}
uProxyOverride = <local>;*.local
uWinlogon: Shell = cmd.exe
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [Best Buy pc app] C:\Users\Likens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [Temp] rundll32 "C:\Users\Likens\AppData\Local\Deployment\Temp\iacphg.dll",DllRegisterServer
uRun: [VirtualStore] rundll32 "C:\Users\Likens\AppData\Local\adawarebp\VirtualStore\bjcgbgno.dll",DllRegisterServer
uRun: [GameServer33] "C:\Users\Likens\AppData\Roaming\Identities\WIN7533.exe"
uRun: [dY5bCfYA.exe] "C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe"
uRun: [8U8AZ03m.exe] "C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe"
uRun: [9abwQAY8Jl.exe] "C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [bncsaui.exe] C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF}\2375942554832373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF}\2656C6B696E6E253661693 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4B2FED6D-D2D7-4B70-8A77-63DD8B4956CF}\26677657563747 : DHCPNameServer = 10.19.2.1 10.6.2.7
SSODL: WebCheck - <orphaned>
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN67864597126278267&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-7-23 14456]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-3-7 3079960]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-6-27 1025408]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-5-3 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-3 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 EsgScanner;EsgScanner;C:\windows\System32\drivers\EsgScanner.sys [2013-8-24 22704]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2013-5-10 32000]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-3 232992]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-10-30 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-5-4 1255736]
.
=============== Created Last 30 ================
.
2013-10-17 15:41:57   --------   d-----w-   C:\Program Files\McAfee Security Scan
.
==================== Find3M  ====================
.
2013-10-17 15:43:47   71048   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-17 15:43:47   692616   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37   2241024   ----a-w-   C:\windows\System32\wininet.dll
2013-07-26 05:12:08   3958784   ----a-w-   C:\windows\System32\jscript9.dll
2013-07-26 05:12:04   136704   ----a-w-   C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03   67072   ----a-w-   C:\windows\System32\iesetup.dll
2013-07-26 03:35:08   2706432   ----a-w-   C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24   1767936   ----a-w-   C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04   2877440   ----a-w-   C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00   61440   ----a-w-   C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00   109056   ----a-w-   C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14   2706432   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38   89600   ----a-w-   C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38   71680   ----a-w-   C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54   1888768   ----a-w-   C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27   1620992   ----a-w-   C:\windows\SysWow64\WMVDECOD.DLL
2013-07-24 02:55:48   1224   ---ha-w-   C:\aaw7boot.cmd
2013-07-24 02:52:55   47496   ----a-w-   C:\windows\System32\sbbd.exe
2013-07-24 02:52:55   14456   ----a-w-   C:\windows\System32\drivers\gfibto.sys
.
============= FINISH: 10:52:46.15 ===============
Title: Re: Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 17, 2013, 11:40:28 AM
Hi Clikens86 and Welcome to SpywareHammer!

I am currently looking though your logs and will advice you on what to do in my next reply.
Title: Re: Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 17, 2013, 02:45:49 PM
Hello Clikens86

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

As you seem to be having trouble with this tool, let's use another one.

Step 1

For x64 bit systems download Farbar Recovery Scan Tool x64 (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save it to your Desktop.

(http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png)

Title: Re: Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 17, 2013, 03:03:09 PM
I've tried 3 times to run FRST and I keeps getting the error in the attached picture.  "error in expression"

EDIT: Ran as administrator and it worked.....

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Likens (administrator) on CANTSTOPMYSHINE on 17-10-2013 16:14:56
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe
(Xysvlp) C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Best Buy pc app] - C:\Users\Likens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKCU\...\Run: [Temp] - rundll32 "C:\Users\Likens\AppData\Local\Deployment\Temp\iacphg.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [VirtualStore] - rundll32 "C:\Users\Likens\AppData\Local\adawarebp\VirtualStore\bjcgbgno.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [GameServer33] - C:\Users\Likens\AppData\Roaming\Identities\WIN7533.exe [131072 2013-08-18] ()
HKCU\...\Run: [dY5bCfYA.exe] - C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [8U8AZ03m.exe] - C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [9abwQAY8Jl.exe] - C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Command Processor: "C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe" <======= ATTENTION
MountPoints2: {1227e2d0-1fdf-11e2-98d6-00266c7d20e5} - E:\laucher.exe
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [bncsaui.exe] - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2625304 2011-03-07] (Bradford Networks)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-13] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND (http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND (http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5} (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5})
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5} (http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5})
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} (http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms})
SearchScopes: HKCU - {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN38650307112493118&UM=2 (http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN38650307112493118&UM=2)
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} (http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms})
SearchScopes: HKCU - {5FF6945D-87CE-43EF-847F-618D30FE8BC2} URL =
SearchScopes: HKCU - {E89AFAF9-9983-48C2-9914-B96516E28886} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5} (http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5})
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}&crg=3.5000006.10045
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\mixidj-v37-customized-web-search.xml
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: pxyhzzjbka - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\pxyhzzjbka@pxyhzzjbka.org.xpi
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com

Chrome:
=======
CHR Extension: (Updater By SweetPacks) - C:\Users\Likens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.609_0
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3079960 2011-03-07] (Bradford Networks)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32000 2013-05-10] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 15:55 - 2013-10-17 15:59 - 00000324 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:47 - 2013-10-17 10:52 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 16:14 - 2009-07-14 00:13 - 00730924 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-17 16:13 - 2011-05-03 02:02 - 01628980 _____ C:\windows\WindowsUpdate.log
2013-10-17 15:59 - 2013-10-17 15:55 - 00000324 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 15:49 - 2012-06-11 08:25 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:52 - 2013-10-17 10:47 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:47 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 10:47 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 10:43 - 2012-06-11 08:25 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-17 10:43 - 2012-06-11 08:25 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-17 10:43 - 2011-10-30 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-17 10:42 - 2011-10-30 10:58 - 00001942 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 10:41 - 2013-07-23 21:56 - 00001879 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-17 10:41 - 2011-10-30 10:58 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-10-17 10:39 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-17 10:39 - 2009-07-13 23:51 - 00055054 _____ C:\windows\setupact.log

Alureon:
C:\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll

Files to move or delete:
====================
C:\ProgramData\eqba0.pad
C:\ProgramData\lh4f.bat
C:\ProgramData\lh4f.pad
C:\ProgramData\lh4f.reg


Some content of TEMP:
====================
C:\Users\Likens\AppData\Local\Temp\5564.exe
C:\Users\Likens\AppData\Local\Temp\contentDATs.exe
C:\Users\Likens\AppData\Local\Temp\ead3260d-39f7-4f7e-89ff-3d8f22f4352a.exe
C:\Users\Likens\AppData\Local\Temp\f903d000-cb66-4e85-a57c-a7616b39a343.exe
C:\Users\Likens\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Likens\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Likens\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.dll
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.exe
C:\Users\Likens\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Likens\AppData\Local\Temp\nsj2DCC.exe
C:\Users\Likens\AppData\Local\Temp\nspA77E.exe
C:\Users\Likens\AppData\Local\Temp\nsz14DA.exe
C:\Users\Likens\AppData\Local\Temp\nsz9964.exe
C:\Users\Likens\AppData\Local\Temp\pyl87C6.tmp.exe
C:\Users\Likens\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Likens\AppData\Local\Temp\SHSetup.exe
C:\Users\Likens\AppData\Local\Temp\SPStub.exe
C:\Users\Likens\AppData\Local\Temp\tbMix0.dll
C:\Users\Likens\AppData\Local\Temp\uninstaller.exe
C:\Users\Likens\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 19:07

==================== End Of Log ============================
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 17, 2013, 03:19:05 PM
Heres Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Likens at 2013-10-17 16:16:08
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Ad-Aware Antivirus (x32 Version: 10.5.3.4405)
Ad-Aware Security Add-on (x32 Version: 3.1.0.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader 9.3 (x32 Version: 9.3.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27)
Atheros Driver Installation Program (x32 Version: 5.2)
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 3.0.0.10)
Bradford Persistent Agent (x32 Version: 2.2.2.14)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.119.0.61)
Elcomsoft Wireless Security Auditor (x32 Version: 4.0.211.448)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Update Helper (x32 Version: 1.3.21.79)
HitmanPro 3.7 (Version: 3.7.3.194)
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2086)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.4.4)
Java(TM) 6 Update 17 (x32 Version: 6.0.170)
Junk Mail filter update (x32 Version: 14.0.8117.416)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.8)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 140.0.215.000)
Oracle VM VirtualBox 4.0.6 (Version: 4.0.6)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PS_AIO_06_B209a-m_SW_Min (x32 Version: 140.0.690.000)
QuickTime (x32 Version: 7.74.80.86)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111)
Scan (x32 Version: 140.0.80.000)
SpyHunter (Version: 4.14.5.4268)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toolbox (x32 Version: 140.0.428.000)
TopArcadeHits (HKCU)
TOSHIBA Application Installer (x32 Version: 9.0.1.1)
TOSHIBA Assist (x32 Version: 3.00.11)
Toshiba Book Place (x32 Version: 2.0.3977.0)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Hardware Setup (x32 Version: 2.00.06)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.4.9)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA ReelTime (x32 Version: 1.6.06.64)
TOSHIBA Service Station (x32 Version: 2.1.40)
TOSHIBA Supervisor Password (x32 Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Value Added Package (x32 Version: 1.3.3.64)
ToshibaRegistration (x32 Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Updater By SweetPacks 2.0.0.609 (Version: 2.0.0.609)
Windows Live Call (x32 Version: 14.0.8117.0416)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Messenger (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live Photo Gallery (x32 Version: 14.0.8117.416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8117.0416)

==================== Restore Points  =========================

08-07-2013 21:43:21 Installed QuickTime
11-07-2013 02:34:41 Windows Update
12-07-2013 14:19:06 Windows Update
14-07-2013 15:21:52 Windows Update
21-07-2013 03:36:19 Windows Update
24-07-2013 02:49:17 Windows Update
16-08-2013 11:50:49 Windows Update
25-08-2013 04:01:35 Installed SpyHunter

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2A382225-0D7C-4AAA-B7EC-17107A6AB4C2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17] (Adobe Systems Incorporated)
Task: {7353A222-6E9D-428A-B26B-A9AC59FA6A32} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3727344842-4028780472-3075785767-1001
Task: {9ADF5F58-9FD1-4494-82E5-C01BF8C366EE} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BCE46997-545A-4F04-9B42-3A64B7EBD523} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {C10107C8-C0C4-4A99-A4D0-F72EEC6CD9E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-03-03 16:15 - 2010-03-03 16:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-07-19 16:32 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-23 21:59 - 2013-07-05 14:25 - 00190752 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-07-23 21:59 - 2013-07-05 14:25 - 00178464 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2013-02-11 05:47 - 2013-02-11 05:47 - 00087464 _____ () C:\Program Files (x86)\adawaretb\adawareDx.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2013 01:17:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x4c0
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 01:16:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0xee4
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 01:08:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x55c
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:45:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x650
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:44:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0xac4
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:43:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0xafc
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/25/2013 00:40:07 AM) (Source: Application Hang) (User: )
Description: The program Spyhunter4.exe version 4.14.5.4268 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e18

Start Time: 01cea1551f076335

Termination Time: 0

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Report Id:

Error: (08/25/2013 00:36:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Faulting module name: bndaemon.exe, version: 2.2.2.14, time stamp: 0x4d759e52
Exception code: 0xc0000005
Fault offset: 0x0002c202
Faulting process id: 0x580
Faulting application start time: 0xbndaemon.exe0
Faulting application path: bndaemon.exe1
Faulting module path: bndaemon.exe2
Report Id: bndaemon.exe3

Error: (08/21/2013 10:31:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42526

Error: (08/21/2013 10:31:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42526


System errors:
=============
Error: (10/17/2013 03:58:23 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:57:16 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:55:35 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:54:28 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:53:16 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:50:28 PM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 03:49:26 PM) (Source: DCOM) (User: )
Description: {DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2013 10:41:41 AM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 10:42:49 AM) (Source: DCOM) (User: CANTSTOPMYSHINE)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}CANTSTOPMYSHINEGuestS-1-5-21-3727344842-4028780472-3075785767-501LocalHost (Using LRPC)

Error: (10/17/2013 10:39:37 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:38:06 AM on ‎10/‎17/‎2013 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3963.98 MB
Available physical RAM: 2356.17 MB
Total Pagefile: 7926.14 MB
Available Pagefile: 6348.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105952W0C) (Fixed) (Total:222.34 GB) (Free:169.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 65698AF9)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 18, 2013, 01:25:12 AM
Hello Clikens86

Warning Rootkit Detected


One or more of the identified infections is a Zero Access.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I suggest a reformat of the system, but the decision is entirely up to you. If you would like to continue, please follow the steps below.

Step 1


Step 2

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 3
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 08:31:12 AM
09:20:46.0539 4124  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:20:50.0236 4124  ============================================================
09:20:50.0236 4124  Current date / time: 2013/10/18 09:20:50.0236
09:20:50.0236 4124  SystemInfo:
09:20:50.0236 4124 
09:20:50.0236 4124  OS Version: 6.1.7601 ServicePack: 1.0
09:20:50.0236 4124  Product type: Workstation
09:20:50.0236 4124  ComputerName: CANTSTOPMYSHINE
09:20:50.0236 4124  UserName: Likens
09:20:50.0236 4124  Windows directory: C:\windows
09:20:50.0236 4124  System windows directory: C:\windows
09:20:50.0236 4124  Running under WOW64
09:20:50.0236 4124  Processor architecture: Intel x64
09:20:50.0236 4124  Number of processors: 1
09:20:50.0236 4124  Page size: 0x1000
09:20:50.0236 4124  Boot type: Normal boot
09:20:50.0236 4124  ============================================================
09:20:50.0798 4124  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:20:50.0798 4124  ============================================================
09:20:50.0798 4124  \Device\Harddisk0\DR0:
09:20:50.0798 4124  MBR partitions:
09:20:50.0798 4124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCAE800
09:20:50.0798 4124  ============================================================
09:20:50.0829 4124  C: <-> \Device\Harddisk0\DR0\Partition1
09:20:50.0829 4124  ============================================================
09:20:50.0829 4124  Initialize success
09:20:50.0829 4124  ============================================================
09:21:00.0563 5084  ============================================================
09:21:00.0563 5084  Scan started
09:21:00.0563 5084  Mode: Manual; SigCheck; TDLFS;
09:21:00.0563 5084  ============================================================
09:21:01.0062 5084  ================ Scan system memory ========================
09:21:01.0062 5084  System memory - ok
09:21:01.0078 5084  ================ Scan services =============================
09:21:01.0250 5084  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
09:21:01.0406 5084  1394ohci - ok
09:21:01.0437 5084  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
09:21:01.0452 5084  ACPI - ok
09:21:01.0484 5084  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
09:21:01.0546 5084  AcpiPmi - ok
09:21:01.0796 5084  [ AE1671A3C798A3467DE5E7DD12179803 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
09:21:01.0827 5084  Ad-Aware Service - ok
09:21:01.0998 5084  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:21:02.0014 5084  AdobeFlashPlayerUpdateSvc - ok
09:21:02.0092 5084  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
09:21:02.0108 5084  adp94xx - ok
09:21:02.0154 5084  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
09:21:02.0170 5084  adpahci - ok
09:21:02.0186 5084  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
09:21:02.0201 5084  adpu320 - ok
09:21:02.0248 5084  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
09:21:02.0326 5084  AeLookupSvc - ok
09:21:02.0420 5084  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
09:21:02.0435 5084  AFD - ok
09:21:02.0498 5084  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
09:21:02.0513 5084  agp440 - ok
09:21:02.0560 5084  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
09:21:02.0576 5084  ALG - ok
09:21:02.0622 5084  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
09:21:02.0638 5084  aliide - ok
09:21:02.0669 5084  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
09:21:02.0685 5084  amdide - ok
09:21:02.0732 5084  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
09:21:02.0763 5084  AmdK8 - ok
09:21:02.0778 5084  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
09:21:02.0825 5084  AmdPPM - ok
09:21:02.0903 5084  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\windows\system32\drivers\amdsata.sys
09:21:02.0903 5084  amdsata - ok
09:21:02.0934 5084  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
09:21:02.0966 5084  amdsbs - ok
09:21:02.0997 5084  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\windows\system32\drivers\amdxata.sys
09:21:03.0012 5084  amdxata - ok
09:21:03.0090 5084  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
09:21:03.0153 5084  AppID - ok
09:21:03.0215 5084  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
09:21:03.0262 5084  AppIDSvc - ok
09:21:03.0324 5084  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
09:21:03.0371 5084  Appinfo - ok
09:21:03.0543 5084  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:21:03.0558 5084  Apple Mobile Device - ok
09:21:03.0652 5084  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
09:21:03.0668 5084  arc - ok
09:21:03.0668 5084  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
09:21:03.0683 5084  arcsas - ok
09:21:03.0714 5084  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
09:21:03.0808 5084  AsyncMac - ok
09:21:03.0902 5084  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
09:21:03.0902 5084  atapi - ok
09:21:03.0964 5084  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\windows\system32\DRIVERS\athrx.sys
09:21:04.0026 5084  athr - ok
09:21:04.0120 5084  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:21:04.0198 5084  AudioEndpointBuilder - ok
09:21:04.0229 5084  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
09:21:04.0292 5084  AudioSrv - ok
09:21:04.0354 5084  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
09:21:04.0401 5084  AxInstSV - ok
09:21:04.0432 5084  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
09:21:04.0463 5084  b06bdrv - ok
09:21:04.0526 5084  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
09:21:04.0572 5084  b57nd60a - ok
09:21:04.0619 5084  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
09:21:04.0650 5084  BDESVC - ok
09:21:04.0666 5084  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
09:21:04.0744 5084  Beep - ok
09:21:04.0822 5084  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
09:21:04.0884 5084  BFE - ok
09:21:04.0916 5084  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
09:21:04.0994 5084  BITS - ok
09:21:05.0056 5084  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
09:21:05.0087 5084  blbdrive - ok
09:21:05.0243 5084  [ 2DF7274105329AC0A27718DE705BCDAE ] BNPagent        C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
09:21:05.0306 5084  BNPagent - ok
09:21:05.0430 5084  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:21:05.0524 5084  Bonjour Service - ok
09:21:05.0555 5084  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
09:21:05.0586 5084  bowser - ok
09:21:05.0633 5084  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
09:21:05.0680 5084  BrFiltLo - ok
09:21:05.0711 5084  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
09:21:05.0758 5084  BrFiltUp - ok
09:21:05.0805 5084  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
09:21:05.0820 5084  Browser - ok
09:21:05.0836 5084  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
09:21:05.0852 5084  Brserid - ok
09:21:05.0867 5084  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
09:21:05.0883 5084  BrSerWdm - ok
09:21:05.0898 5084  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
09:21:05.0914 5084  BrUsbMdm - ok
09:21:05.0930 5084  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
09:21:05.0945 5084  BrUsbSer - ok
09:21:05.0961 5084  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
09:21:05.0976 5084  BTHMODEM - ok
09:21:06.0023 5084  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
09:21:06.0117 5084  bthserv - ok
09:21:06.0148 5084  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
09:21:06.0210 5084  cdfs - ok
09:21:06.0273 5084  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
09:21:06.0304 5084  cdrom - ok
09:21:06.0382 5084  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
09:21:06.0444 5084  CertPropSvc - ok
09:21:06.0476 5084  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
09:21:06.0507 5084  circlass - ok
09:21:06.0538 5084  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
09:21:06.0554 5084  CLFS - ok
09:21:06.0632 5084  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:21:06.0632 5084  clr_optimization_v2.0.50727_32 - ok
09:21:06.0678 5084  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:21:06.0678 5084  clr_optimization_v2.0.50727_64 - ok
09:21:06.0756 5084  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
09:21:06.0834 5084  CmBatt - ok
09:21:06.0897 5084  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
09:21:06.0912 5084  cmdide - ok
09:21:06.0959 5084  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
09:21:06.0975 5084  CNG - ok
09:21:07.0068 5084  [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
09:21:07.0131 5084  CnxtHdAudService - ok
09:21:07.0209 5084  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
09:21:07.0224 5084  Compbatt - ok
09:21:07.0271 5084  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
09:21:07.0334 5084  CompositeBus - ok
09:21:07.0349 5084  COMSysApp - ok
09:21:07.0380 5084  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
09:21:07.0396 5084  crcdisk - ok
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 08:32:25 AM
09:21:07.0458 5084  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\windows\system32\cryptsvc.dll
09:21:07.0505 5084  CryptSvc - ok
09:21:07.0552 5084  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
09:21:07.0614 5084  DcomLaunch - ok
09:21:07.0661 5084  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
09:21:07.0770 5084  defragsvc - ok
09:21:07.0802 5084  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
09:21:07.0848 5084  DfsC - ok
09:21:07.0911 5084  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
09:21:07.0989 5084  Dhcp - ok
09:21:08.0020 5084  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
09:21:08.0129 5084  discache - ok
09:21:08.0160 5084  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
09:21:08.0176 5084  Disk - ok
09:21:08.0207 5084  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
09:21:08.0270 5084  Dnscache - ok
09:21:08.0301 5084  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
09:21:08.0363 5084  dot3svc - ok
09:21:08.0426 5084  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
09:21:08.0472 5084  Dot4 - ok
09:21:08.0535 5084  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\windows\system32\drivers\Dot4Prt.sys
09:21:08.0566 5084  Dot4Print - ok
09:21:08.0597 5084  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
09:21:08.0644 5084  dot4usb - ok
09:21:08.0675 5084  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
09:21:08.0738 5084  DPS - ok
09:21:08.0784 5084  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
09:21:08.0847 5084  drmkaud - ok
09:21:08.0894 5084  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
09:21:08.0925 5084  DXGKrnl - ok
09:21:09.0003 5084  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
09:21:09.0065 5084  EapHost - ok
09:21:09.0174 5084  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
09:21:09.0268 5084  ebdrv - ok
09:21:09.0299 5084  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
09:21:09.0330 5084  EFS - ok
09:21:09.0424 5084  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
09:21:09.0486 5084  ehRecvr - ok
09:21:09.0549 5084  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
09:21:09.0596 5084  ehSched - ok
09:21:09.0689 5084  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
09:21:09.0705 5084  elxstor - ok
09:21:09.0720 5084  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
09:21:09.0767 5084  ErrDev - ok
09:21:09.0923 5084  [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard       C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
09:21:09.0954 5084  esgiguard - ok
09:21:10.0017 5084  [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner      C:\windows\system32\DRIVERS\EsgScanner.sys
09:21:10.0048 5084  EsgScanner - ok
09:21:10.0095 5084  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
09:21:10.0157 5084  EventSystem - ok
09:21:10.0173 5084  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
09:21:10.0282 5084  exfat - ok
09:21:10.0313 5084  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
09:21:10.0391 5084  fastfat - ok
09:21:10.0454 5084  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
09:21:10.0500 5084  Fax - ok
09:21:10.0516 5084  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
09:21:10.0532 5084  fdc - ok
09:21:10.0610 5084  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
09:21:10.0672 5084  fdPHost - ok
09:21:10.0688 5084  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
09:21:10.0750 5084  FDResPub - ok
09:21:10.0781 5084  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
09:21:10.0797 5084  FileInfo - ok
09:21:10.0797 5084  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
09:21:10.0875 5084  Filetrace - ok
09:21:10.0890 5084  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
09:21:10.0937 5084  flpydisk - ok
09:21:11.0000 5084  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
09:21:11.0015 5084  FltMgr - ok
09:21:11.0109 5084  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
09:21:11.0156 5084  FontCache - ok
09:21:11.0218 5084  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:21:11.0234 5084  FontCache3.0.0.0 - ok
09:21:11.0249 5084  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
09:21:11.0265 5084  FsDepends - ok
09:21:11.0312 5084  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
09:21:11.0327 5084  Fs_Rec - ok
09:21:11.0374 5084  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
09:21:11.0390 5084  fvevol - ok
09:21:11.0468 5084  [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys
09:21:11.0514 5084  FwLnk - ok
09:21:11.0546 5084  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
09:21:11.0546 5084  gagp30kx - ok
09:21:11.0592 5084  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:21:11.0608 5084  GEARAspiWDM - ok
09:21:11.0686 5084  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\windows\system32\drivers\gfibto.sys
09:21:11.0702 5084  gfibto - ok
09:21:11.0811 5084  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
09:21:11.0889 5084  gpsvc - ok
09:21:11.0920 5084  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
09:21:11.0951 5084  hcw85cir - ok
09:21:12.0029 5084  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:21:12.0076 5084  HdAudAddService - ok
09:21:12.0107 5084  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
09:21:12.0154 5084  HDAudBus - ok
09:21:12.0154 5084  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
09:21:12.0216 5084  HidBatt - ok
09:21:12.0248 5084  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
09:21:12.0279 5084  HidBth - ok
09:21:12.0294 5084  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
09:21:12.0341 5084  HidIr - ok
09:21:12.0372 5084  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
09:21:12.0435 5084  hidserv - ok
09:21:12.0513 5084  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
09:21:12.0544 5084  HidUsb - ok
09:21:12.0606 5084  [ 6B415E7AE774B9118360F559F627468E ] hitmanpro37     C:\windows\system32\drivers\hitmanpro37.sys
09:21:12.0653 5084  hitmanpro37 - ok
09:21:12.0700 5084  hjcwenli - ok
09:21:12.0747 5084  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
09:21:12.0809 5084  hkmsvc - ok
09:21:12.0856 5084  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:21:12.0887 5084  HomeGroupListener - ok
09:21:12.0934 5084  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:21:12.0950 5084  HomeGroupProvider - ok
09:21:12.0996 5084  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
09:21:13.0012 5084  HpSAMD - ok
09:21:13.0184 5084  [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:21:13.0199 5084  HPSLPSVC - ok
09:21:13.0246 5084  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
09:21:13.0340 5084  HTTP - ok
09:21:13.0371 5084  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
09:21:13.0371 5084  hwpolicy - ok
09:21:13.0449 5084  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
09:21:13.0496 5084  i8042prt - ok
09:21:13.0558 5084  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
09:21:13.0605 5084  iaStor - ok
09:21:13.0652 5084  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
09:21:13.0667 5084  iaStorV - ok
09:21:13.0745 5084  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:21:13.0761 5084  idsvc - ok
09:21:14.0010 5084  [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
09:21:14.0244 5084  igfx - ok
09:21:14.0432 5084  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
09:21:14.0447 5084  iirsp - ok
09:21:14.0494 5084  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
09:21:14.0572 5084  IKEEXT - ok
09:21:14.0588 5084  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
09:21:14.0603 5084  intelide - ok
09:21:14.0650 5084  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
09:21:14.0697 5084  intelppm - ok
09:21:14.0728 5084  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
09:21:14.0790 5084  IPBusEnum - ok
09:21:14.0822 5084  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
09:21:14.0884 5084  IpFilterDriver - ok
09:21:14.0931 5084  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
09:21:14.0978 5084  iphlpsvc - ok
09:21:15.0009 5084  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
09:21:15.0024 5084  IPMIDRV - ok
09:21:15.0071 5084  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
09:21:15.0118 5084  IPNAT - ok
09:21:15.0227 5084  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:21:15.0274 5084  iPod Service - ok
09:21:15.0321 5084  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
09:21:15.0336 5084  IRENUM - ok
09:21:15.0399 5084  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
09:21:15.0492 5084  isapnp - ok
09:21:15.0539 5084  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
09:21:15.0555 5084  iScsiPrt - ok
09:21:15.0602 5084  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
09:21:15.0617 5084  kbdclass - ok
09:21:15.0695 5084  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
09:21:15.0726 5084  kbdhid - ok
09:21:15.0742 5084  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
09:21:15.0789 5084  KeyIso - ok
09:21:15.0820 5084  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
09:21:15.0836 5084  KSecDD - ok
09:21:15.0882 5084  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
09:21:15.0898 5084  KSecPkg - ok
09:21:15.0945 5084  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
09:21:16.0023 5084  ksthunk - ok
09:21:16.0054 5084  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
09:21:16.0163 5084  KtmRm - ok
09:21:16.0210 5084  [ 48686C29856F46443952A831424F8D6F ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
09:21:16.0272 5084  L1C - ok
09:21:16.0335 5084  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
09:21:16.0413 5084  LanmanServer - ok
09:21:16.0460 5084  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:21:16.0569 5084  LanmanWorkstation - ok
09:21:16.0631 5084  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
09:21:16.0709 5084  lltdio - ok
09:21:16.0756 5084  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
09:21:16.0803 5084  lltdsvc - ok
09:21:16.0818 5084  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
09:21:16.0881 5084  lmhosts - ok
09:21:16.0928 5084  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
09:21:16.0943 5084  LSI_FC - ok
09:21:16.0959 5084  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
09:21:16.0974 5084  LSI_SAS - ok
09:21:16.0990 5084  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
09:21:16.0990 5084  LSI_SAS2 - ok
09:21:17.0006 5084  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
09:21:17.0021 5084  LSI_SCSI - ok
09:21:17.0052 5084  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
09:21:17.0130 5084  luafv - ok
09:21:17.0333 5084  [ 968BFF74AEB683C962960ECE0CAE4135 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
09:21:17.0364 5084  McComponentHostService - ok
09:21:17.0411 5084  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
09:21:17.0474 5084  Mcx2Svc - ok
09:21:17.0520 5084  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
09:21:17.0520 5084  megasas - ok
09:21:17.0552 5084  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
09:21:17.0567 5084  MegaSR - ok
09:21:17.0614 5084  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
09:21:17.0708 5084  MMCSS - ok
09:21:17.0708 5084  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
09:21:17.0786 5084  Modem - ok
09:21:17.0801 5084  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
09:21:17.0848 5084  monitor - ok
09:21:17.0910 5084  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\drivers\mouclass.sys
09:21:17.0926 5084  mouclass - ok
09:21:17.0988 5084  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
09:21:18.0020 5084  mouhid - ok
09:21:18.0051 5084  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
09:21:18.0066 5084  mountmgr - ok
09:21:18.0160 5084  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:21:18.0176 5084  MozillaMaintenance - ok
09:21:18.0191 5084  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
09:21:18.0207 5084  mpio - ok
09:21:18.0238 5084  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
09:21:18.0347 5084  mpsdrv - ok
09:21:18.0394 5084  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
09:21:18.0456 5084  MpsSvc - ok
09:21:18.0488 5084  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
09:21:18.0519 5084  MRxDAV - ok
09:21:18.0566 5084  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
09:21:18.0628 5084  mrxsmb - ok
09:21:18.0659 5084  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
09:21:18.0690 5084  mrxsmb10 - ok
09:21:18.0722 5084  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
09:21:18.0753 5084  mrxsmb20 - ok
09:21:18.0768 5084  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
09:21:18.0800 5084  msahci - ok
09:21:18.0846 5084  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
09:21:18.0862 5084  msdsm - ok
09:21:18.0893 5084  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
09:21:18.0924 5084  MSDTC - ok
09:21:18.0956 5084  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
09:21:19.0096 5084  Msfs - ok
09:21:19.0143 5084  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
09:21:19.0236 5084  mshidkmdf - ok
09:21:19.0252 5084  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
09:21:19.0268 5084  msisadrv - ok
09:21:19.0299 5084  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
09:21:19.0439 5084  MSiSCSI - ok
09:21:19.0439 5084  msiserver - ok
09:21:19.0517 5084  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
09:21:19.0580 5084  MSKSSRV - ok
09:21:19.0595 5084  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
09:21:19.0673 5084  MSPCLOCK - ok
09:21:19.0689 5084  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
09:21:19.0798 5084  MSPQM - ok
09:21:19.0845 5084  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
09:21:19.0860 5084  MsRPC - ok
09:21:19.0892 5084  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
09:21:19.0907 5084  mssmbios - ok
09:21:19.0923 5084  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
09:21:20.0001 5084  MSTEE - ok
09:21:20.0016 5084  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
09:21:20.0048 5084  MTConfig - ok
09:21:20.0079 5084  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
09:21:20.0079 5084  Mup - ok
09:21:20.0126 5084  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
09:21:20.0188 5084  napagent - ok
09:21:20.0235 5084  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
09:21:20.0297 5084  NativeWifiP - ok
09:21:20.0391 5084  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\windows\system32\drivers\ndis.sys
09:21:20.0406 5084  NDIS - ok
09:21:20.0453 5084  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
09:21:20.0516 5084  NdisCap - ok
09:21:20.0562 5084  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
09:21:20.0672 5084  NdisTapi - ok
09:21:20.0687 5084  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
09:21:20.0765 5084  Ndisuio - ok
09:21:20.0812 5084  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
09:21:20.0874 5084  NdisWan - ok
09:21:20.0906 5084  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
09:21:20.0999 5084  NDProxy - ok
09:21:21.0093 5084  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:21:21.0140 5084  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:21:21.0140 5084  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:21:21.0202 5084  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
09:21:21.0264 5084  NetBIOS - ok
09:21:21.0296 5084  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
09:21:21.0358 5084  NetBT - ok
09:21:21.0374 5084  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
09:21:21.0420 5084  Netlogon - ok
09:21:21.0483 5084  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
09:21:21.0561 5084  Netman - ok
09:21:21.0576 5084  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
09:21:21.0670 5084  netprofm - ok
09:21:21.0701 5084  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:21:21.0701 5084  NetTcpPortSharing - ok
09:21:21.0732 5084  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
09:21:21.0748 5084  nfrd960 - ok
09:21:21.0795 5084  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\windows\System32\nlasvc.dll
09:21:21.0873 5084  NlaSvc - ok
09:21:21.0888 5084  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
09:21:21.0966 5084  Npfs - ok
09:21:21.0982 5084  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
09:21:22.0044 5084  nsi - ok
09:21:22.0060 5084  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
09:21:22.0138 5084  nsiproxy - ok
09:21:22.0216 5084  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
09:21:22.0263 5084  Ntfs - ok
09:21:22.0310 5084  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
09:21:22.0372 5084  Null - ok
09:21:22.0403 5084  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\windows\system32\drivers\nvraid.sys
09:21:22.0419 5084  nvraid - ok
09:21:22.0466 5084  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\windows\system32\drivers\nvstor.sys
09:21:22.0481 5084  nvstor - ok
09:21:22.0528 5084  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
09:21:22.0528 5084  nv_agp - ok
09:21:22.0668 5084  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:21:22.0684 5084  odserv - ok
09:21:22.0700 5084  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
09:21:22.0731 5084  ohci1394 - ok
09:21:22.0809 5084  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:21:22.0824 5084  ose - ok
09:21:22.0871 5084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
09:21:22.0918 5084  p2pimsvc - ok
09:21:22.0949 5084  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
09:21:23.0027 5084  p2psvc - ok
09:21:23.0074 5084  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
09:21:23.0090 5084  Parport - ok
09:21:23.0121 5084  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
09:21:23.0136 5084  partmgr - ok
09:21:23.0183 5084  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
09:21:23.0230 5084  PcaSvc - ok
09:21:23.0261 5084  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
09:21:23.0277 5084  pci - ok
09:21:23.0308 5084  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
09:21:23.0324 5084  pciide - ok
09:21:23.0355 5084  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
09:21:23.0370 5084  pcmcia - ok
09:21:23.0386 5084  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
09:21:23.0402 5084  pcw - ok
09:21:23.0417 5084  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
09:21:23.0480 5084  PEAUTH - ok
09:21:23.0558 5084  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
09:21:23.0589 5084  PerfHost - ok
09:21:23.0682 5084  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
09:21:23.0760 5084  pla - ok
09:21:23.0823 5084  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
09:21:23.0870 5084  PlugPlay - ok
09:21:23.0963 5084  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:21:24.0026 5084  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:21:24.0026 5084  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:21:24.0057 5084  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
09:21:24.0135 5084  PNRPAutoReg - ok
09:21:24.0166 5084  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
09:21:24.0213 5084  PNRPsvc - ok
09:21:24.0260 5084  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
09:21:24.0322 5084  PolicyAgent - ok
09:21:24.0353 5084  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
09:21:24.0462 5084  Power - ok
09:21:24.0525 5084  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
09:21:24.0603 5084  PptpMiniport - ok
09:21:24.0634 5084  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
09:21:24.0665 5084  Processor - ok
09:21:24.0728 5084  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\windows\system32\profsvc.dll
09:21:24.0806 5084  ProfSvc - ok
09:21:24.0837 5084  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
09:21:24.0868 5084  ProtectedStorage - ok
09:21:24.0946 5084  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
09:21:25.0008 5084  Psched - ok
09:21:25.0055 5084  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
09:21:25.0086 5084  ql2300 - ok
09:21:25.0118 5084  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
09:21:25.0133 5084  ql40xx - ok
09:21:25.0149 5084  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
09:21:25.0211 5084  QWAVE - ok
09:21:25.0227 5084  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
09:21:25.0305 5084  QWAVEdrv - ok
09:21:25.0305 5084  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
09:21:25.0352 5084  RasAcd - ok
09:21:25.0414 5084  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
09:21:25.0508 5084  RasAgileVpn - ok
09:21:25.0539 5084  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
09:21:25.0586 5084  RasAuto - ok
09:21:25.0617 5084  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
09:21:25.0742 5084  Rasl2tp - ok
09:21:25.0757 5084  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
09:21:25.0820 5084  RasMan - ok
09:21:25.0851 5084  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
09:21:25.0913 5084  RasPppoe - ok
09:21:25.0929 5084  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
09:21:25.0991 5084  RasSstp - ok
09:21:26.0038 5084  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
09:21:26.0100 5084  rdbss - ok
09:21:26.0116 5084  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
09:21:26.0163 5084  rdpbus - ok
09:21:26.0194 5084  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
09:21:26.0256 5084  RDPCDD - ok
09:21:26.0303 5084  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
09:21:26.0350 5084  RDPENCDD - ok
09:21:26.0366 5084  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
09:21:26.0444 5084  RDPREFMP - ok
09:21:26.0490 5084  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
09:21:26.0506 5084  RDPWD - ok
09:21:26.0568 5084  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
09:21:26.0584 5084  rdyboost - ok
09:21:26.0615 5084  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
09:21:26.0662 5084  RemoteAccess - ok
09:21:26.0693 5084  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
09:21:26.0802 5084  RemoteRegistry - ok
09:21:26.0834 5084  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
09:21:26.0896 5084  RpcEptMapper - ok
09:21:26.0927 5084  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
09:21:26.0958 5084  RpcLocator - ok
09:21:27.0005 5084  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
09:21:27.0114 5084  RpcSs - ok
09:21:27.0177 5084  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
09:21:27.0224 5084  rspndr - ok
09:21:27.0302 5084  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
09:21:27.0333 5084  RSUSBSTOR - ok
09:21:27.0348 5084  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
09:21:27.0395 5084  SamSs - ok
09:21:27.0598 5084  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
09:21:27.0832 5084  SBAMSvc - ok
09:21:27.0894 5084  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
09:21:27.0910 5084  sbp2port - ok
09:21:27.0957 5084  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
09:21:28.0035 5084  SCardSvr - ok
09:21:28.0050 5084  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
09:21:28.0113 5084  scfilter - ok
09:21:28.0160 5084  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
09:21:28.0222 5084  Schedule - ok
09:21:28.0253 5084  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
09:21:28.0300 5084  SCPolicySvc - ok
09:21:28.0331 5084  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
09:21:28.0378 5084  SDRSVC - ok
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 08:41:12 AM
09:21:28.0440 5084  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
09:21:28.0518 5084  secdrv - ok
09:21:28.0534 5084  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
09:21:28.0612 5084  seclogon - ok
09:21:28.0643 5084  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
09:21:28.0752 5084  SENS - ok
09:21:28.0784 5084  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
09:21:28.0815 5084  SensrSvc - ok
09:21:28.0846 5084  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
09:21:28.0877 5084  Serenum - ok
09:21:28.0924 5084  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
09:21:28.0940 5084  Serial - ok
09:21:29.0002 5084  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
09:21:29.0049 5084  sermouse - ok
09:21:29.0096 5084  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
09:21:29.0158 5084  SessionEnv - ok
09:21:29.0205 5084  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
09:21:29.0220 5084  sffdisk - ok
09:21:29.0252 5084  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
09:21:29.0283 5084  sffp_mmc - ok
09:21:29.0314 5084  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
09:21:29.0345 5084  sffp_sd - ok
09:21:29.0392 5084  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
09:21:29.0423 5084  sfloppy - ok
09:21:29.0501 5084  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
09:21:29.0564 5084  SharedAccess - ok
09:21:29.0595 5084  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:21:29.0657 5084  ShellHWDetection - ok
09:21:29.0657 5084  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
09:21:29.0673 5084  SiSRaid2 - ok
09:21:29.0688 5084  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
09:21:29.0704 5084  SiSRaid4 - ok
09:21:29.0735 5084  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
09:21:29.0782 5084  Smb - ok
09:21:29.0844 5084  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
09:21:29.0907 5084  SNMPTRAP - ok
09:21:29.0922 5084  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
09:21:29.0938 5084  spldr - ok
09:21:29.0969 5084  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\windows\System32\spoolsv.exe
09:21:30.0032 5084  Spooler - ok
09:21:30.0141 5084  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
09:21:30.0281 5084  sppsvc - ok
09:21:30.0297 5084  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
09:21:30.0359 5084  sppuinotify - ok
09:21:30.0484 5084  [ 83999925618FC1F09C70799A511A99E2 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
09:21:30.0500 5084  SpyHunter 4 Service - ok
09:21:30.0546 5084  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
09:21:30.0578 5084  srv - ok
09:21:30.0624 5084  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
09:21:30.0656 5084  srv2 - ok
09:21:30.0671 5084  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
09:21:30.0718 5084  srvnet - ok
09:21:30.0796 5084  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
09:21:30.0843 5084  SSDPSRV - ok
09:21:30.0858 5084  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
09:21:30.0936 5084  SstpSvc - ok
09:21:30.0968 5084  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
09:21:30.0983 5084  stexstor - ok
09:21:31.0030 5084  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
09:21:31.0061 5084  StillCam - ok
09:21:31.0139 5084  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
09:21:31.0170 5084  stisvc - ok
09:21:31.0202 5084  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
09:21:31.0217 5084  swenum - ok
09:21:31.0264 5084  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
09:21:31.0342 5084  swprv - ok
09:21:31.0420 5084  [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
09:21:31.0451 5084  SynTP - ok
09:21:31.0514 5084  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
09:21:31.0638 5084  SysMain - ok
09:21:31.0670 5084  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
09:21:31.0701 5084  TabletInputService - ok
09:21:31.0748 5084  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
09:21:31.0810 5084  TapiSrv - ok
09:21:31.0841 5084  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
09:21:31.0888 5084  TBS - ok
09:21:31.0982 5084  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
09:21:32.0013 5084  Tcpip - ok
09:21:32.0091 5084  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
09:21:32.0138 5084  TCPIP6 - ok
09:21:32.0184 5084  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
09:21:32.0247 5084  tcpipreg - ok
09:21:32.0309 5084  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
09:21:32.0403 5084  tdcmdpst - ok
09:21:32.0418 5084  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
09:21:32.0465 5084  TDPIPE - ok
09:21:32.0481 5084  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
09:21:32.0528 5084  TDTCP - ok
09:21:32.0590 5084  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
09:21:32.0684 5084  tdx - ok
09:21:32.0715 5084  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
09:21:32.0730 5084  TermDD - ok
09:21:32.0762 5084  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
09:21:32.0824 5084  TermService - ok
09:21:32.0840 5084  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
09:21:32.0886 5084  Themes - ok
09:21:32.0902 5084  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
09:21:32.0980 5084  THREADORDER - ok
09:21:33.0074 5084  [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:21:33.0089 5084  TMachInfo - ok
09:21:33.0136 5084  [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
09:21:33.0136 5084  TODDSrv - ok
09:21:33.0261 5084  [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:21:33.0276 5084  TosCoSrv - ok
09:21:33.0339 5084  [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
09:21:33.0354 5084  TOSHIBA HDD SSD Alert Service - ok
09:21:33.0417 5084  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
09:21:33.0495 5084  TrkWks - ok
09:21:33.0557 5084  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:21:33.0620 5084  TrustedInstaller - ok
09:21:33.0651 5084  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
09:21:33.0682 5084  tssecsrv - ok
09:21:33.0760 5084  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
09:21:33.0822 5084  TsUsbFlt - ok
09:21:33.0900 5084  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
09:21:33.0963 5084  tunnel - ok
09:21:34.0025 5084  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
09:21:34.0072 5084  TVALZ - ok
09:21:34.0103 5084  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
09:21:34.0119 5084  uagp35 - ok
09:21:34.0150 5084  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
09:21:34.0275 5084  udfs - ok
09:21:34.0306 5084  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
09:21:34.0337 5084  UI0Detect - ok
09:21:34.0400 5084  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
09:21:34.0415 5084  uliagpkx - ok
09:21:34.0478 5084  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
09:21:34.0509 5084  umbus - ok
09:21:34.0556 5084  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
09:21:34.0602 5084  UmPass - ok
09:21:34.0649 5084  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
09:21:34.0758 5084  upnphost - ok
09:21:34.0836 5084  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
09:21:34.0868 5084  usbaudio - ok
09:21:34.0899 5084  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\windows\system32\drivers\usbccgp.sys
09:21:34.0930 5084  usbccgp - ok
09:21:34.0977 5084  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
09:21:34.0992 5084  usbcir - ok
09:21:35.0024 5084  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\windows\system32\drivers\usbehci.sys
09:21:35.0070 5084  usbehci - ok
09:21:35.0133 5084  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\windows\system32\drivers\usbhub.sys
09:21:35.0180 5084  usbhub - ok
09:21:35.0211 5084  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\windows\system32\drivers\usbohci.sys
09:21:35.0242 5084  usbohci - ok
09:21:35.0289 5084  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
09:21:35.0336 5084  usbprint - ok
09:21:35.0367 5084  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
09:21:35.0414 5084  usbscan - ok
09:21:35.0460 5084  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
09:21:35.0492 5084  USBSTOR - ok
09:21:35.0523 5084  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
09:21:35.0554 5084  usbuhci - ok
09:21:35.0616 5084  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
09:21:35.0663 5084  usbvideo - ok
09:21:35.0694 5084  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
09:21:35.0804 5084  UxSms - ok
09:21:35.0819 5084  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
09:21:35.0866 5084  VaultSvc - ok
09:21:35.0944 5084  [ E5AF6997B59429BC44DE616B5A963788 ] VBoxDrv         C:\windows\system32\DRIVERS\VBoxDrv.sys
09:21:36.0100 5084  VBoxDrv - ok
09:21:36.0178 5084  [ B4FFC1739B9BD3B0177B16B46CAF8420 ] VBoxNetAdp      C:\windows\system32\DRIVERS\VBoxNetAdp.sys
09:21:36.0194 5084  VBoxNetAdp - ok
09:21:36.0209 5084  [ 5EB23066803668B29D403BC76C63CC70 ] VBoxNetFlt      C:\windows\system32\DRIVERS\VBoxNetFlt.sys
09:21:36.0272 5084  VBoxNetFlt - ok
09:21:36.0318 5084  [ E6A42E54D4F7D7756E988F9135796572 ] VBoxUSBMon      C:\windows\system32\DRIVERS\VBoxUSBMon.sys
09:21:36.0381 5084  VBoxUSBMon - ok
09:21:36.0443 5084  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
09:21:36.0459 5084  vdrvroot - ok
09:21:36.0506 5084  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
09:21:36.0537 5084  vds - ok
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 08:42:04 AM
09:21:36.0568 5084  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
09:21:36.0584 5084  vga - ok
09:21:36.0615 5084  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
09:21:36.0646 5084  VgaSave - ok
09:21:36.0677 5084  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
09:21:36.0693 5084  vhdmp - ok
09:21:36.0740 5084  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
09:21:36.0755 5084  viaide - ok
09:21:36.0771 5084  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
09:21:36.0786 5084  volmgr - ok
09:21:36.0818 5084  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
09:21:36.0833 5084  volmgrx - ok
09:21:36.0864 5084  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
09:21:36.0880 5084  volsnap - ok
09:21:36.0911 5084  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
09:21:36.0927 5084  vsmraid - ok
09:21:36.0989 5084  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
09:21:37.0083 5084  VSS - ok
09:21:37.0098 5084  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
09:21:37.0145 5084  vwifibus - ok
09:21:37.0192 5084  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
09:21:37.0223 5084  vwififlt - ok
09:21:37.0239 5084  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
09:21:37.0286 5084  vwifimp - ok
09:21:37.0332 5084  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
09:21:37.0410 5084  W32Time - ok
09:21:37.0457 5084  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
09:21:37.0488 5084  WacomPen - ok
09:21:37.0582 5084  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
09:21:37.0660 5084  WANARP - ok
09:21:37.0676 5084  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
09:21:37.0738 5084  Wanarpv6 - ok
09:21:37.0847 5084  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
09:21:37.0878 5084  WatAdminSvc - ok
09:21:37.0941 5084  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
09:21:38.0003 5084  wbengine - ok
09:21:38.0066 5084  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
09:21:38.0112 5084  WbioSrvc - ok
09:21:38.0159 5084  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
09:21:38.0190 5084  wcncsvc - ok
09:21:38.0206 5084  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:21:38.0268 5084  WcsPlugInService - ok
09:21:38.0300 5084  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
09:21:38.0315 5084  Wd - ok
09:21:38.0346 5084  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
09:21:38.0378 5084  Wdf01000 - ok
09:21:38.0409 5084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
09:21:38.0502 5084  WdiServiceHost - ok
09:21:38.0549 5084  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
09:21:38.0612 5084  WdiSystemHost - ok
09:21:38.0658 5084  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
09:21:38.0690 5084  WebClient - ok
09:21:38.0705 5084  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
09:21:38.0846 5084  Wecsvc - ok
09:21:38.0877 5084  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
09:21:38.0939 5084  wercplsupport - ok
09:21:38.0970 5084  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
09:21:39.0033 5084  WerSvc - ok
09:21:39.0064 5084  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
09:21:39.0173 5084  WfpLwf - ok
09:21:39.0189 5084  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
09:21:39.0204 5084  WIMMount - ok
09:21:39.0236 5084  WinDefend - ok
09:21:39.0251 5084  WinHttpAutoProxySvc - ok
09:21:39.0329 5084  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
09:21:39.0392 5084  Winmgmt - ok
09:21:39.0470 5084  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
09:21:39.0594 5084  WinRM - ok
09:21:39.0672 5084  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
09:21:39.0719 5084  Wlansvc - ok
09:21:39.0750 5084  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
09:21:39.0813 5084  WmiAcpi - ok
09:21:39.0860 5084  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
09:21:39.0906 5084  wmiApSrv - ok
09:21:39.0969 5084  WMPNetworkSvc - ok
09:21:40.0000 5084  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
09:21:40.0031 5084  WPCSvc - ok
09:21:40.0062 5084  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
09:21:40.0094 5084  WPDBusEnum - ok
09:21:40.0125 5084  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
09:21:40.0187 5084  ws2ifsl - ok
09:21:40.0218 5084  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
09:21:40.0281 5084  wscsvc - ok
09:21:40.0296 5084  WSearch - ok
09:21:40.0390 5084  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
09:21:40.0437 5084  wuauserv - ok
09:21:40.0468 5084  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
09:21:40.0608 5084  WudfPf - ok
09:21:40.0624 5084  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
09:21:40.0702 5084  WUDFRd - ok
09:21:40.0749 5084  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
09:21:40.0811 5084  wudfsvc - ok
09:21:40.0889 5084  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
09:21:40.0920 5084  WwanSvc - ok
09:21:40.0983 5084  ================ Scan global ===============================
09:21:41.0045 5084  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:21:41.0076 5084  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:21:41.0092 5084  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
09:21:41.0139 5084  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:21:41.0170 5084  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:21:41.0186 5084  [Global] - ok
09:21:41.0186 5084  ================ Scan MBR ==================================
09:21:41.0201 5084  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
09:21:41.0607 5084  \Device\Harddisk0\DR0 - ok
09:21:41.0622 5084  ================ Scan VBR ==================================
09:21:41.0654 5084  [ 67E894CFD0B80033D9092EC703FAD3BF ] \Device\Harddisk0\DR0\Partition1
09:21:41.0654 5084  \Device\Harddisk0\DR0\Partition1 - ok
09:21:41.0654 5084  ============================================================
09:21:41.0654 5084  Scan finished
09:21:41.0654 5084  ============================================================
09:21:41.0669 2692  Detected object count: 2
09:21:41.0669 2692  Actual detected object count: 2
09:21:49.0890 2692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:21:49.0890 2692  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:21:49.0890 2692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:21:49.0890 2692  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:28:05.0134 2480  Deinitialize success
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 08:43:00 AM
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Likens at 2013-10-18 09:10:16 Run:1
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe
HKLM\...\Run: [] -
HKCU\...\Run: [Best Buy pc app] - C:\Users\Likens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKCU\...\Run: [Temp] - rundll32 "C:\Users\Likens\AppData\Local\Deployment\Temp\iacphg.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [VirtualStore] - rundll32 "C:\Users\Likens\AppData\Local\adawarebp\VirtualStore\bjcgbgno.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [GameServer33] - C:\Users\Likens\AppData\Roaming\Identities\WIN7533.exe [131072 2013-08-18] ()
HKCU\...\Run: [dY5bCfYA.exe] - C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [8U8AZ03m.exe] - C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Run: [9abwQAY8Jl.exe] - C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe [119296 2013-08-24] (Xysvlp)
HKCU\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Command Processor: "C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe" <======= ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5} (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5})
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5} (http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5})
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} (http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms})
SearchScopes: HKCU - {327ED223-25DF-4EDF-AE3F-80EEE614F2E3} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN38650307112493118&UM=2 (http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN38650307112493118&UM=2)
SearchScopes: HKCU - {5FF6945D-87CE-43EF-847F-618D30FE8BC2} URL =
SearchScopes: HKCU - {E89AFAF9-9983-48C2-9914-B96516E28886} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5} (http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5})
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll No File
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR Extension: (Updater By SweetPacks) - C:\Users\Likens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.609_0
C:\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll
C:\ProgramData\eqba0.pad
C:\ProgramData\lh4f.bat
C:\ProgramData\lh4f.pad
C:\ProgramData\lh4f.reg
C:\Users\Likens\AppData\Local\Temp\5564.exe
C:\Users\Likens\AppData\Local\Temp\contentDATs.exe
C:\Users\Likens\AppData\Local\Temp\ead3260d-39f7-4f7e-89ff-3d8f22f4352a.exe
C:\Users\Likens\AppData\Local\Temp\f903d000-cb66-4e85-a57c-a7616b39a343.exe
C:\Users\Likens\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Likens\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Likens\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.dll
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.exe
C:\Users\Likens\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Likens\AppData\Local\Temp\nsj2DCC.exe
C:\Users\Likens\AppData\Local\Temp\nspA77E.exe
C:\Users\Likens\AppData\Local\Temp\nsz14DA.exe
C:\Users\Likens\AppData\Local\Temp\nsz9964.exe
C:\Users\Likens\AppData\Local\Temp\pyl87C6.tmp.exe
C:\Users\Likens\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Likens\AppData\Local\Temp\SHSetup.exe
C:\Users\Likens\AppData\Local\Temp\SPStub.exe
C:\Users\Likens\AppData\Local\Temp\tbMix0.dll
C:\Users\Likens\AppData\Local\Temp\uninstaller.exe
C:\Users\Likens\AppData\Local\Temp\WSSetup.exe
*****************

C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM\...\Run: [] - => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Temp => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\VirtualStore => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GameServer33 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dY5bCfYA.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\8U8AZ03m.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\9abwQAY8Jl.exe => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => Moved successfully.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{327ED223-25DF-4EDF-AE3F-80EEE614F2E3} => Key deleted successfully.
HKCR\CLSID\{327ED223-25DF-4EDF-AE3F-80EEE614F2E3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5FF6945D-87CE-43EF-847F-618D30FE8BC2} => Key deleted successfully.
HKCR\CLSID\{5FF6945D-87CE-43EF-847F-618D30FE8BC2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E89AFAF9-9983-48C2-9914-B96516E28886} => Key deleted successfully.
HKCR\CLSID\{E89AFAF9-9983-48C2-9914-B96516E28886} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key deleted successfully.
HKCR\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value deleted successfully.
C:\Users\Likens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\sosmbrd\sfunxtx\wow.dll => Moved successfully.
C:\ProgramData\eqba0.pad => Moved successfully.
C:\ProgramData\lh4f.bat => Moved successfully.
C:\ProgramData\lh4f.pad => Moved successfully.
C:\ProgramData\lh4f.reg => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\5564.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\ead3260d-39f7-4f7e-89ff-3d8f22f4352a.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\f903d000-cb66-4e85-a57c-a7616b39a343.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\GenericUninstall.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\hsbing_717_active.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.dll => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\jilcnmpg.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\mconduitinstaller.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nsj2DCC.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nspA77E.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nsz14DA.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\nsz9964.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\pyl87C6.tmp.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\tbMix0.dll => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\uninstaller.exe => Moved successfully.
C:\Users\Likens\AppData\Local\Temp\WSSetup.exe => Moved successfully.

==== End of Fixlog ====
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 18, 2013, 01:15:13 PM
Hello Clikens86

Step 1

Please re-run FRST and click on Scan.

Please copy the contents of this in your next reply.
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 02:00:27 PM
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Likens (administrator) on CANTSTOPMYSHINE on 18-10-2013 14:56:29
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
MountPoints2: {1227e2d0-1fdf-11e2-98d6-00266c7d20e5} - E:\laucher.exe
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [bncsaui.exe] - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2625304 2011-03-07] (Bradford Networks)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [943016 2013-06-13] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND (http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND (http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND)
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} (http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms})
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}&crg=3.5000006.10045
FF Homepage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\mixidj-v37-customized-web-search.xml
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Ad-Aware Security Add-on - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: pxyhzzjbka - C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\Extensions\pxyhzzjbka@pxyhzzjbka.org.xpi
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3079960 2011-03-07] (Bradford Networks)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-06-27] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-23] (GFI Software)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32000 2013-05-10] ()
S1 hjcwenli; \??\C:\windows\system32\drivers\hjcwenli.sys

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 09:25 - 2013-10-18 09:26 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Mozilla
2013-10-18 09:25 - 2013-10-18 09:25 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Mozilla
2013-10-18 09:14 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-18 09:14 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-18 09:14 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-18 09:14 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-18 09:14 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-18 09:14 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-18 09:14 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-18 09:14 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-18 09:14 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-18 09:14 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-18 09:14 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-18 09:14 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-18 09:13 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-18 09:12 - 2013-10-18 09:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\tdsskiller.exe
2013-10-18 09:00 - 2013-10-18 09:01 - 00005601 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\fixlist.txt
2013-10-18 08:53 - 2013-10-18 08:53 - 00000000 ____D C:\c1e364d46130d117946c
2013-10-18 08:50 - 2013-10-18 08:50 - 00000000 ____D C:\Users\fuckdadiazbroz
2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 15:55 - 2013-10-17 16:16 - 00021135 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 10:55 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-17 10:55 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-17 10:55 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-17 10:55 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-10-17 10:55 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-17 10:55 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-10-17 10:55 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-10-17 10:55 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-10-17 10:55 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-10-17 10:55 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-17 10:55 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-17 10:55 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-17 10:55 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-10-17 10:55 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2013-10-17 10:55 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-10-17 10:55 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2013-10-17 10:55 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-17 10:55 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-17 10:55 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-17 10:55 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-17 10:55 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-17 10:55 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-17 10:55 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-10-17 10:55 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-10-17 10:55 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-10-17 10:55 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-10-17 10:55 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 10:55 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-17 10:55 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-17 10:55 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-17 10:55 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-17 10:55 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-17 10:55 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-17 10:55 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-17 10:55 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-17 10:55 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-17 10:55 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-17 10:55 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-17 10:55 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-17 10:55 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-17 10:55 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-17 10:55 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-17 10:55 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-17 10:55 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-17 10:55 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-17 10:55 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-17 10:55 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-17 10:55 - 2012-11-28 17:56 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2013-10-17 10:55 - 2012-11-28 17:56 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2013-10-17 10:55 - 2012-11-28 17:56 - 00000003 _____ C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:47 - 2013-10-17 10:52 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified Files and Folders =======

2013-10-18 14:56 - 2012-06-11 08:25 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-18 09:43 - 2011-05-03 02:02 - 01788151 _____ C:\windows\WindowsUpdate.log
2013-10-18 09:43 - 2009-07-14 00:13 - 00730924 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-18 09:39 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 09:39 - 2009-07-13 23:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-18 09:36 - 2013-08-24 17:17 - 00000000 ___RD C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-18 09:36 - 2013-08-24 12:56 - 00000000 ___RD C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:36 - 2013-07-23 21:56 - 00001879 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-18 09:35 - 2013-03-20 20:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-18 09:35 - 2013-03-20 20:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-18 09:35 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-18 09:35 - 2009-07-13 23:51 - 00055166 _____ C:\windows\setupact.log
2013-10-18 09:35 - 2009-07-13 23:45 - 00413312 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-18 09:26 - 2013-10-18 09:25 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Mozilla
2013-10-18 09:25 - 2013-10-18 09:25 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Mozilla
2013-10-18 09:17 - 2011-05-03 05:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-18 09:12 - 2013-10-18 09:12 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\tdsskiller.exe
2013-10-18 09:10 - 2013-08-24 17:01 - 00000000 ____D C:\Users\Likens\AppData\Local\w5w6DvEYlX
2013-10-18 09:10 - 2013-08-24 11:49 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2013-08-24 11:43 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2011-05-03 02:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2011-05-03 02:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 09:10 - 2011-05-03 02:16 - 00000000 ____D C:\ProgramData\Best Buy pc app
2013-10-18 09:01 - 2013-10-18 09:00 - 00005601 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\fixlist.txt
2013-10-18 08:53 - 2013-10-18 08:53 - 00000000 ____D C:\c1e364d46130d117946c
2013-10-18 08:53 - 2013-08-16 06:53 - 00000000 ____D C:\windows\system32\MRT
2013-10-18 08:52 - 2013-08-24 17:17 - 00000000 ____D C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Deployment
2013-10-18 08:50 - 2013-10-18 08:50 - 00000000 ____D C:\Users\fuckdadiazbroz
2013-10-17 16:16 - 2013-10-17 15:55 - 00021135 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\Addition.txt
2013-10-17 16:14 - 2013-10-17 16:14 - 00000000 ____D C:\FRST
2013-10-17 15:54 - 2013-10-17 15:54 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 15:53 - 2013-10-17 15:53 - 00000326 _____ C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\Addition.txt
2013-10-17 15:49 - 2013-10-17 15:49 - 01954124 _____ (Farbar) C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 10:52 - 2013-10-17 10:52 - 00688992 ____R (Swearware) C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com
2013-10-17 10:52 - 2013-10-17 10:47 - 00013804 _____ C:\Users\Likens\Desktop\dds.txt
2013-10-17 10:43 - 2012-06-11 08:25 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-17 10:43 - 2012-06-11 08:25 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-17 10:43 - 2011-10-30 10:52 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-17 10:42 - 2011-10-30 10:58 - 00001942 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 10:41 - 2013-10-17 10:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-09-26 01:46 - 2012-02-23 14:13 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-22 18:28 - 2013-10-18 09:14 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-22 18:28 - 2013-10-18 09:14 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-22 18:27 - 2013-10-18 09:14 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-22 18:27 - 2013-10-18 09:13 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-22 17:55 - 2013-10-18 09:14 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-22 17:55 - 2013-10-18 09:14 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-22 17:55 - 2013-10-18 09:14 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-22 17:54 - 2013-10-18 09:14 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-22 17:54 - 2013-10-18 09:14 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-20 22:38 - 2013-10-18 09:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-20 22:30 - 2013-10-18 09:14 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-09-20 21:48 - 2013-10-18 09:14 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-20 21:39 - 2013-10-18 09:14 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 19:07

==================== End Of Log ============================
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 18, 2013, 03:50:52 PM

Hello Clikens86

Step 1

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/ (http://www.malwarebytes.org/products/mbar/)
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/Image1.png)

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/mbarwm.png)

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/Image2.png)

7. The following image opens, select Update

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/Image3.png)

8. When the Update completes, select Next

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/Image4.png)

9. In the following window ensure "Targets" are ticked. Then select "Scan"

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/Image5.png)

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/MBAntiRKclean.png)

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/MBAntiRKclean1.png)

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/Image6.png)

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown

(http://i121.photobucket.com/albums/o239/kevinf80/MB%20Anti%20Rootkit/Image10.png)


Post those two logs in your reply.
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 06:06:00 PM
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
http://www.malwarebytes.org (http://www.malwarebytes.org)

Database version: v2013.10.18.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Likens :: CANTSTOPMYSHINE [administrator]

10/18/2013 5:33:51 PM
mbar-log-2013-10-18 (17-33-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 320581
Time elapsed: 1 hour(s), 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.dll (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\DYkf6MUi\8U8AZ03m.exe (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.dll (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\RqrbLenF5I\dY5bCfYA.exe (Trojan.Agent.ED) -> No action taken.
C:\Users\Likens\AppData\Local\w5w6DvEYlX\9abwQAY8Jl.dll (Trojan.Agent.ED) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 06:08:01 PM
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Guest at 2013-10-18 17:29:42 Run:2
Running from C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] -
MountPoints2: {1227e2d0-1fdf-11e2-98d6-00266c7d20e5} - E:\laucher.exe
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={C9A8FC7D-B97A-11E2-9A16-00266C7D20E5}&crg=3.5000006.10045
FF SearchPlugin: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\sweetim.xml
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
S1 hjcwenli; \??\C:\windows\system32\drivers\hjcwenli.sys
C:\windows\system32\drivers\hjcwenli.sys
C:\Users\Likens\AppData\Local\w5w6DvEYlX
C:\ProgramData\Best Buy pc app
Folder:
C:\Users\fuckdadiazbroz
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HKLM\...\Run: [] - => Value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1227e2d0-1fdf-11e2-98d6-00266c7d20e5} => Key not found.
HKCR\CLSID\{1227e2d0-1fdf-11e2-98d6-00266c7d20e5} => Key not found.
Firefox newtab deleted successfully.
Could not move "C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\searchplugins\sweetim.xml" => Scheduled to move on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
hjcwenli => Service not found.
"C:\windows\system32\drivers\hjcwenli.sys" => File/Directory not found.

"C:\Users\Likens\AppData\Local\w5w6DvEYlX" directory move:

Could not move "C:\Users\Likens\AppData\Local\w5w6DvEYlX" directory. => Scheduled to move on reboot.


"C:\ProgramData\Best Buy pc app" directory move:

Could not move "C:\ProgramData\Best Buy pc app\Best Buy pc app.3.0.0.0.application" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\Best Buy pc app.lnk" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\ClickOnce.htm" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\ClickOnceUninstaller.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\AppIcon.ico.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\AppMeasurement_DotNET.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Best Buy pc app.exe.manifest" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\BestBuySoftwareInstaller.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Common.dll.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Common.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\CustomControls.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\FluidKit.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Interop.IWshRuntimeLibrary.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Ionic.Zip.Reduced.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Localization.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.Presentation.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Composite.UnityExtensions.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.ObjectBuilder2.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.ServiceLocation.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.Practices.Unity.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.WindowsAPICodePack.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Microsoft.WindowsAPICodePack.Shell.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\pc app Installer.exe.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\pc app Installer.exe.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Default.dll.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Default.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Home.dll.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Home.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.dll.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Omniture.Tests.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Update.dll.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImage.Modules.Update.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImageInfrastructure.dll.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\PCImageInfrastructure.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Restarter.exe.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\SharpBITS.Base.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\ViewModels.dll.config.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\ViewModels.dll.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\tempCategories.xml.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\TranslationSchema.xsd.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\Translations.xml.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\RTFs\About.rtf.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app\3.0.0.0\Resources\Localization\en-US\RTFs\WelcomeScreen.rtf.deploy" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Best Buy pc app" directory. => Scheduled to move on reboot.


========================= Folder: ========================

Directory Not Found

====== End of Folder: ======


"C:\Users\fuckdadiazbroz" directory move:

Could not move "C:\Users\fuckdadiazbroz" directory. => Scheduled to move on reboot.


==== End of Fixlog ====
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 18, 2013, 06:11:29 PM
I am unable to attach the System log.  I get an error saying that the website firewall will not allow me to post this due to me having a virus.  Is it safe to attach? How would you like me to proceed?
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 19, 2013, 01:49:27 PM
Hello Clikens86

Step 1

Please can you put the log into a folder, Zip the folder and attach this to your next post.


Step 2

Rerun run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 19, 2013, 08:50:01 PM
Compressed folder attached with 3 logs inside..currently scanning to see if it scans clean with mbar. I'll attach that one when finished.
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 19, 2013, 09:26:24 PM
Latest clean logs attached in folder.
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 20, 2013, 08:38:58 AM

Hello Clikens86

Step 1

More information about Installing and run Combofix can be found HERE (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Please download ComboFix from one of the following locations:
**IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 20, 2013, 08:38:23 PM
ComboFix 13-10-19.02 - Likens 10/20/2013  21:19:59.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.2567 [GMT -5:00]
Running from: c:\users\Likens\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Likens\AppData\Roaming\SearchProtect
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\Likens\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\users\Likens\Documents\~WRL0702.tmp
c:\users\Likens\Documents\~WRL1492.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-21 to 2013-10-21  )))))))))))))))))))))))))))))))
.
.
2013-10-21 02:29 . 2013-10-21 02:29   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2013-10-21 02:29 . 2013-10-21 02:29   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE\AppData\Local\temp
2013-10-21 02:29 . 2013-10-21 02:29   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE.000\AppData\Local\temp
2013-10-21 02:29 . 2013-10-21 02:29   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-10-19 00:28 . 2013-10-19 00:28   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Macromedia
2013-10-18 22:33 . 2013-10-20 03:21   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-18 22:33 . 2013-10-20 02:33   116440   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-18 22:31 . 2013-10-20 01:33   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2013-10-18 14:25 . 2013-10-18 14:25   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Mozilla
2013-10-18 13:53 . 2013-10-18 13:53   --------   d-----w-   C:\c1e364d46130d117946c
2013-10-18 13:50 . 2013-10-18 13:50   --------   d-----w-   c:\users\fuckdadiazbroz
2013-10-17 21:14 . 2013-10-17 21:14   --------   d-----w-   C:\FRST
2013-10-17 15:41 . 2013-10-17 15:41   --------   d-----w-   c:\program files\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-17 15:43 . 2012-06-11 13:25   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-17 15:43 . 2011-10-30 15:52   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 06:46 . 2012-02-23 19:13   80541720   ----a-w-   c:\windows\system32\MRT.exe
2013-08-25 04:02 . 2013-08-25 04:02   110080   ----a-r-   c:\users\Likens\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconF7A21AF7.exe
2013-08-25 04:02 . 2013-08-25 04:02   110080   ----a-r-   c:\users\Likens\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconD7F16134.exe
2013-08-25 04:02 . 2013-08-25 04:02   110080   ----a-r-   c:\users\Likens\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\Icon1226A4C5.exe
2013-08-02 01:48 . 2013-10-17 15:55   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-16 02:55   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-16 02:55   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-24 02:55 . 2013-07-24 02:54   1224   ---ha-w-   C:\aaw7boot.cmd
2013-07-24 02:52 . 2013-07-24 02:52   14456   ----a-w-   c:\windows\system32\drivers\gfibto.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47   87464   ----a-w-   c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"bncsaui.exe"="c:\program files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe" [2011-03-08 2625304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"Search Protection"="c:\programdata\Search Protection\SearchProtection.exe" [2013-06-13 943016]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R1 hjcwenli;hjcwenli;c:\windows\system32\drivers\hjcwenli.sys;c:\windows\SYSNATIVE\drivers\hjcwenli.sys
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys
S2 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 15:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN67864597126278267&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Likens\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-20  21:37:21
ComboFix-quarantined-files.txt  2013-10-21 02:37
.
Pre-Run: 181,129,887,744 bytes free
Post-Run: 181,328,576,512 bytes free
.
- - End Of File - - 34F74E6A75018509990829668DF24DBB
5B5E648D12FCADC244C1EC30318E1EB9
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 22, 2013, 01:22:59 AM

Hello Clikens86

Step 1

Click on start...  settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following if you have not paid for them:

HitmanPro 3.7
McAfee Security Scan Plus
SpyHunter


Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Step 3
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote
KillAll::

ClearJavaCache::

DirLook::
C:\c1e364d46130d117946c
c:\users\fuckdadiazbroz

Folder::
c:\programdata\Search Protection

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"=-

Driver::
hjcwenli

Collect::
c:\windows\SYSNATIVE\drivers\hjcwenli.sys
c:\windows\system32\drivers\hjcwenli.sys

DDS::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN67864597126278267&UM=2&SearchSource=3&q={searchTerms}


Save this as CFScript.txt, in the same location as ComboFix.exe


(http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif)


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 22, 2013, 05:11:02 AM
ComboFix 13-10-21.01 - Likens 10/22/2013   5:55.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3964.2398 [GMT -5:00]
Running from: c:\users\Likens\Desktop\ComboFix.exe
Command switches used :: c:\users\Likens\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Search Protection
c:\programdata\Search Protection\SearchProtection.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hjcwenli
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-22 to 2013-10-22  )))))))))))))))))))))))))))))))
.
.
2013-10-22 11:03 . 2013-10-22 11:03   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2013-10-22 11:03 . 2013-10-22 11:03   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE\AppData\Local\temp
2013-10-22 11:03 . 2013-10-22 11:03   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE.000\AppData\Local\temp
2013-10-19 00:28 . 2013-10-19 00:28   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Macromedia
2013-10-18 22:33 . 2013-10-20 02:33   116440   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-18 22:31 . 2013-10-20 01:33   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2013-10-18 14:25 . 2013-10-18 14:25   --------   d-----w-   c:\users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Mozilla
2013-10-18 13:53 . 2013-10-18 13:53   --------   d-----w-   C:\c1e364d46130d117946c
2013-10-18 13:50 . 2013-10-18 13:50   --------   d-----w-   c:\users\fuckdadiazbroz
2013-10-17 21:14 . 2013-10-17 21:14   --------   d-----w-   C:\FRST
2013-10-17 15:41 . 2013-10-22 10:47   --------   d-----w-   c:\program files\McAfee Security Scan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-17 15:43 . 2012-06-11 13:25   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-17 15:43 . 2011-10-30 15:52   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 06:46 . 2012-02-23 19:13   80541720   ----a-w-   c:\windows\system32\MRT.exe
2013-08-02 01:48 . 2013-10-17 15:55   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-16 02:55   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-16 02:55   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\c1e364d46130d117946c ----
.
2013-10-18 13:53 . 2013-10-18 13:53   788   ---ha-w-   c:\c1e364d46130d117946c\$shtdwn$.req
2013-09-26 06:46 . 2013-09-26 06:46   80541720   ----a-w-   c:\c1e364d46130d117946c\mrt.exe
2013-09-26 06:46 . 2013-09-26 06:46   81032   ----a-w-   c:\c1e364d46130d117946c\mrtstub.exe
.
---- Directory of c:\users\fuckdadiazbroz ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47   87464   ----a-w-   c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"bncsaui.exe"="c:\program files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe" [2011-03-08 2625304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys
S2 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 15:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN67864597126278267&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_1&ent=hp&u=54907E3045F69F886FEC9A51EF41D728
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2013-10-22  06:09:08 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-22 11:09
ComboFix2.txt  2013-10-21 02:37
.
Pre-Run: 183,809,376,256 bytes free
Post-Run: 183,182,168,064 bytes free
.
- - End Of File - - B05A4A3ED4887E26D67BFA306D558F00
5B5E648D12FCADC244C1EC30318E1EB9
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 22, 2013, 01:54:12 PM
Hi Clikens86

Step 1

Download (http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png) zoek.exe from here: http://hijackthis.nl/smeenk/ (http://hijackthis.nl/smeenk/) and save it to your Desktop.


You can find instructions how to disable your security applications >>Here<< (http://www.bleepingcomputer.com/forums/topic114351.html) or >>Here<< (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Code: [Select]
Conduit;ff
c:\users\fuckdadiazbroz;f
standardsearch;
installedprogs;
Step 2

Download Security Check from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 22, 2013, 09:20:17 PM

Zoek.exe Version 4.0.0.5 Updated 22-October-2013
Tool run by Likens on Tue 10/22/2013 at 22:06:57.93.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Likens\Desktop\zoek(1)\zoek.exe   [Script inserted]

==== System Restore Info ======================

10/22/2013 10:07:46 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) 
64 Bit HP CIO Components Installer 
Ad-Aware Security Add-on 
Adobe Flash Player 11 ActiveX 
Adobe Flash Player 11 Plugin 
Adobe Reader 9.3 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver 
Atheros Driver Installation Program 
Best Buy pc app 
Bonjour 
Bradford Persistent Agent 
Compatibility Pack for the 2007 Office system 
Conexant HD Audio 
Elcomsoft Wireless Security Auditor 
Google Toolbar for Internet Explorer 
Google Update Helper 
HitmanPro 3.7 
HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6 
Intel(R) Graphics Media Accelerator Driver 
Intelr Matrix Storage Manager 
iTunes 
Java(TM) 6 Update 17 
Junk Mail filter update 
Label@Once 1.0 
Malwarebytes Anti-Malware version 1.75.0.1300 
Microsoft Application Error Reporting 
Microsoft Choice Guard 
Microsoft Office 2007 Service Pack 3 (SP3) 
Microsoft Office 2010 
Microsoft Office Access MUI (English) 2007 
Microsoft Office Access Setup Metadata MUI (English) 2007 
Microsoft Office Excel MUI (English) 2007 
Microsoft Office File Validation Add-In 
Microsoft Office InfoPath MUI (English) 2007 
Microsoft Office Office 64-bit Components 2007 
Microsoft Office Outlook MUI (English) 2007 
Microsoft Office PowerPoint MUI (English) 2007 
Microsoft Office Professional Plus 2007 
Microsoft Office Proof (English) 2007 
Microsoft Office Proof (French) 2007 
Microsoft Office Proof (Spanish) 2007 
Microsoft Office Proofing (English) 2007 
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) 
Microsoft Office Publisher MUI (English) 2007 
Microsoft Office Shared 64-bit MUI (English) 2007 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 
Microsoft Office Shared MUI (English) 2007 
Microsoft Office Shared Setup Metadata MUI (English) 2007 
Microsoft Office Word MUI (English) 2007 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Mozilla Firefox 23.0.1 (x86 en-US) 
Mozilla Maintenance Service 
MSVCRT 
MSXML 4.0 SP2 (KB954430) 
MSXML 4.0 SP2 (KB973688) 
Network64 
Oracle VM VirtualBox 4.0.6 
PlayReady PC Runtime amd64 
PS_AIO_06_B209a-m_SW_Min 
QuickTime 
Realtek USB 2.0 Card Reader 
Scan 
Security Update for CAPICOM (KB931906) 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition 
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition   
Synaptics Pointing Device Driver 
Toolbox 
TOSHIBA Application Installer 
TOSHIBA Assist 
Toshiba Book Place 
TOSHIBA Bulletin Board 
TOSHIBA Disc Creator 
TOSHIBA Hardware Setup 
TOSHIBA HDD/SSD Alert 
TOSHIBA Media Controller 
TOSHIBA Media Controller Plug-in 
TOSHIBA Quality Application 
TOSHIBA Recovery Media Creator 
TOSHIBA ReelTime 
TOSHIBA Service Station 
TOSHIBA Supervisor Password 
TOSHIBA Value Added Package 
ToshibaRegistration 
Update for 2007 Microsoft Office System (KB967642) 
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition 
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition 
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition 
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition 
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition 
Updater By SweetPacks 2.0.0.609 
Windows Live Call 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Mail 
Windows Live Messenger 
Windows Live Movie Maker 
Windows Live Photo Gallery 
Windows Live Sign-in Assistant 
Windows Live Sync 
Windows Live Upload Tool 
Windows Live Writer 

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Users\Likens\Desktop\zoek(1)\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe

==== FireFox Fix ======================

ProfilePath: C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Mozilla\Firefox\Profiles\fyzw3js7.default

user.js not found
---- Lines Conduit removed from prefs.js ----


---- Lines Conduit modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_20131022_1008_.backup

ProfilePath: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default

user.js not found
---- Lines Conduit removed from prefs.js ----

user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN67864597126278267&UM=2&UP=SP89E7455E-04C0-4649-838A-CEFD3DC869D1 (http://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN67864597126278267&UM=2&UP=SP89E7455E-04C0-4649-838A-CEFD3DC869D1)");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN67864597126278267&UM=2&SearchSource=3&q={searchTerms} (http://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN67864597126278267&UM=2&SearchSource=3&q={searchTerms})");

---- Lines Conduit modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_20131022_1008_.backup

==== Deleting Files \ Folders ======================

"c:\users\fuckdadiazbroz" deleted
"c:\users\fuckdadiazbroz\AppData" deleted
"c:\users\fuckdadiazbroz\AppData\Local" deleted
"c:\users\fuckdadiazbroz\AppData\Roaming" deleted
"c:\users\fuckdadiazbroz\AppData\Local\temp" deleted
"c:\users\fuckdadiazbroz\AppData\Roaming\Microsoft" deleted
"c:\users\fuckdadiazbroz\AppData\Roaming\Microsoft\MSDN" deleted
"c:\users\fuckdadiazbroz\AppData\Roaming\Microsoft\MSDN\8.0" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3964 MB
CPU Info: Intel(R) Celeron(R) CPU          900  @ 2.20GHz
CPU Speed: 681.7 MHz
Sound Card: Speakers (Conexant CX20671 Smar |
Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) | Atheros AR9285 Wireless Network Adapter
CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ890AS
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  222.3GB
Hard Disks - Free: C:  170.6GB
Manufacturer *: INSYDE
BIOS Info: AT/AT COMPATIBLE | 11/30/10 | TOSINV - 1
Time Zone: Central Standard Time
Motherboard *: TOSHIBA Portable PC
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox   23.0.1
Internet Explorer Version: 10.0.9200.16721
Mozilla Firefox version: 23.0.1 (x86 en-US)
Adobe Reader version: 9.3.0.148
Sun Java version: 1.6.0_17 (32-bit)
Flash Player version: 11.9.900.117

==== Files Recently Created / Modified ======================

====== C:\windows ====
2013-10-21 02:17:17   F042EE4C8D66248D9B86DCF52ABAE416   256000   ----a-w-   C:\windows\PEV.exe
2013-10-21 02:17:17   9E05A9C264C8A908A8E79450FCBFF047   80412   ----a-w-   C:\windows\grep.exe
2013-10-21 02:17:17   5E832F4FAF5F481F2EAF3B3A48F603B8   68096   ----a-w-   C:\windows\zip.exe
2013-10-21 02:17:17   0297C72529807322B152F517FDB0A9FC   406528   ----a-w-   C:\windows\SWSC.exe
2013-10-21 02:17:17   0277C027A26428DB64EF4F64F52BB4FD   208896   ----a-w-   C:\windows\MBR.exe
====== C:\Users\Likens\AppData\Local\Temp ====
====== C:\windows\SysWOW64 =====
2013-10-18 14:14:20   5E775F0C365F01A8A7382BBEFC4A53A5   391168   ----a-w-   C:\windows\SysWOW64\ieui.dll
2013-10-18 14:14:20   351B1A5B8A02A59DD29D122B0D231FA6   2706432   ----a-w-   C:\windows\SysWOW64\mshtml.tlb
2013-10-18 14:14:18   BE8F3297A0BC3D3E3B66D9A45F64F0B9   61440   ----a-w-   C:\windows\SysWOW64\iesetup.dll
2013-10-18 14:14:18   6E9013E3D112E26A42EC057CAE990649   109056   ----a-w-   C:\windows\SysWOW64\iesysprep.dll
2013-10-18 14:14:18   58A43D9DFFF91C1457EC47BDCF969B59   71680   ----a-w-   C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-18 14:14:18   556F70EDECE99CCD64C7D8897F3264F4   33280   ----a-w-   C:\windows\SysWOW64\iernonce.dll
2013-10-18 14:14:18   122B216B091D06F672CC8D331128FB06   2048512   ----a-w-   C:\windows\SysWOW64\iertutil.dll
2013-10-18 14:14:16   E02C01EB0ED522327AFF3BE5CBCF6017   690688   ----a-w-   C:\windows\SysWOW64\jscript.dll
2013-10-18 14:14:16   883C0D3A22CE87A3203CD5518EBB5758   493056   ----a-w-   C:\windows\SysWOW64\msfeeds.dll
2013-10-18 14:14:13   5A847E98EAF032928E67EE52DE08952D   2876928   ----a-w-   C:\windows\SysWOW64\jscript9.dll
2013-10-18 14:14:12   61DC3F2BE3093FE22CD717260946D7AD   1141248   ----a-w-   C:\windows\SysWOW64\urlmon.dll
2013-10-18 14:14:10   E4FEB264B47360B7296AEA4E052F88D8   1767936   ----a-w-   C:\windows\SysWOW64\wininet.dll
2013-10-18 14:14:10   DC7DB5BC0E2D135103730E08FE1C540D   39424   ----a-w-   C:\windows\SysWOW64\jsproxy.dll
2013-10-18 14:14:08   8F5EAAF76A6811332A8C67DB0D4C395F   13761024   ----a-w-   C:\windows\SysWOW64\ieframe.dll
2013-10-18 14:13:56   A7221924181C8EB92B64C5A2D888BEA5   14335488   ----a-w-   C:\windows\SysWOW64\mshtml.dll
2013-10-17 15:55:36   75F5E1FE8D55CF8E577E0EC5F2290D3F   530432   ----a-w-   C:\windows\SysWOW64\comctl32.dll
2013-10-17 15:55:31   CC23295DA8F7B5C53F93804D2F5D30EB   25600   ----a-w-   C:\windows\SysWOW64\lpk.dll
2013-10-17 15:55:31   8CC4638FA7B5B921B9080CF962582C0B   70656   ----a-w-   C:\windows\SysWOW64\fontsub.dll
2013-10-17 15:55:31   7D27E63B54DB093BB0D9E95F81094D75   34304   ----a-w-   C:\windows\SysWOW64\atmlib.dll
2013-10-17 15:55:31   5C6B44F9CAAC475B7B9EBBC29CB7F065   295424   ----a-w-   C:\windows\SysWOW64\atmfd.dll
2013-10-17 15:55:31   2342EC9254F4C60CA98441BD65C89E12   10240   ----a-w-   C:\windows\SysWOW64\dciman32.dll
2013-10-17 15:55:29   1A9E4EE88B31750E5CA207424143F99C   3968960   ----a-w-   C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-17 15:55:28   5D0325AEF9DE48330908EC2E2DB0359F   3913664   ----a-w-   C:\windows\SysWOW64\ntoskrnl.exe
2013-10-17 15:55:28   0184CC60AB10C8124D69AFB332C6AF1C   1292192   ----a-w-   C:\windows\SysWOW64\ntdll.dll
2013-10-17 15:55:27   73EF27E157855E3CB18B021BC9622E4C   5120   ----a-w-   C:\windows\SysWOW64\wow32.dll
2013-10-17 15:55:27   57EC6102661E0E1D156C1EC251E7CAF8   14336   ----a-w-   C:\windows\SysWOW64\ntvdm64.dll
2013-10-17 15:55:27   365A5034093AD9E04F433046C4CDF6AB   1114112   ----a-w-   C:\windows\SysWOW64\kernel32.dll
2013-10-17 15:55:27   1B7343C3765638D4D17CB925F84F8ABE   274944   ----a-w-   C:\windows\SysWOW64\KernelBase.dll
2013-10-17 15:55:26   B83592F532FB320F0001F8099ECC192B   7680   ----a-w-   C:\windows\SysWOW64\instnm.exe
2013-10-17 15:55:26   8489D083E46BFD2096A6CECFF6C7C227   2048   ----a-w-   C:\windows\SysWOW64\user.exe
2013-10-17 15:55:26   812A161FC470FA832C3F0CC3D7ACA2F9   6656   ----a-w-   C:\windows\SysWOW64\apisetschema.dll
2013-10-17 15:55:26   3808FD7522646BEB1CCEA94C45D4228C   25600   ----a-w-   C:\windows\SysWOW64\setup16.exe
2013-10-17 15:55:19   E02781D4871844DCD30DF1D69A650F78   12872704   ----a-w-   C:\windows\SysWOW64\shell32.dll
2013-10-17 15:55:18   2C4A87CA8C00E98EFDCFA2E8EC9A3503   180224   ----a-w-   C:\windows\SysWOW64\shdocvw.dll
2013-10-17 15:55:10   2A01B40C8334A8124001CFAC256FCA83   102608   ----a-w-   C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2013-10-18 14:14:20   991A9D6B797B4D7E9EB29BE1FB4B1D28   526336   ----a-w-   C:\windows\Sysnative\ieui.dll
2013-10-18 14:14:20   990235D752A40F5F8243ED537FAB2035   2706432   ----a-w-   C:\windows\Sysnative\mshtml.tlb
2013-10-18 14:14:18   C4DDAC3F3062739C4C2BB759B36E005D   51712   ----a-w-   C:\windows\Sysnative\ie4uinit.exe
2013-10-18 14:14:18   A80B91A93EDFFDE3DD2646D6E4CDDC44   67072   ----a-w-   C:\windows\Sysnative\iesetup.dll
2013-10-18 14:14:18   742B2C69643527763E162C0BA923D086   136704   ----a-w-   C:\windows\Sysnative\iesysprep.dll
2013-10-18 14:14:18   4163195B6D07D3434BDEA78C293B7E0E   89600   ----a-w-   C:\windows\Sysnative\RegisterIEPKEYs.exe
2013-10-18 14:14:18   38CFAC1BAFEBC8B0AF8A22093803D38E   39936   ----a-w-   C:\windows\Sysnative\iernonce.dll
2013-10-18 14:14:17   199BD40B1890E1EEFF7438B59787534F   2647552   ----a-w-   C:\windows\Sysnative\iertutil.dll
2013-10-18 14:14:16   7B4E06047031B2AAA4AE10F00C59BFC7   855552   ----a-w-   C:\windows\Sysnative\jscript.dll
2013-10-18 14:14:16   214E39F0A8E382F1889B26B46DE0AF81   603136   ----a-w-   C:\windows\Sysnative\msfeeds.dll
2013-10-18 14:14:15   D383602755758FA81166B0FD8AFE6D40   3959296   ----a-w-   C:\windows\Sysnative\jscript9.dll
2013-10-18 14:14:12   882AC0DD997CFC90FBB468D698BD55C6   1365504   ----a-w-   C:\windows\Sysnative\urlmon.dll
2013-10-18 14:14:10   16A3E229F60FA4B05573A0937AB3C3CB   53248   ----a-w-   C:\windows\Sysnative\jsproxy.dll
2013-10-18 14:14:09   D28B35DE88D27EFB27DF4B1E8319E3C0   2241024   ----a-w-   C:\windows\Sysnative\wininet.dll
2013-10-18 14:14:07   CCDB8FDC289AA9AFA5F8827A2ADB21AD   15404544   ----a-w-   C:\windows\Sysnative\ieframe.dll
2013-10-18 14:14:02   F026C6F104758D0EB215B017016FAE27   19252224   ----a-w-   C:\windows\Sysnative\mshtml.dll
2013-10-17 15:55:36   9028D1621C43DF8DFBD1C76860412A11   633856   ----a-w-   C:\windows\Sysnative\comctl32.dll
2013-10-17 15:55:31   E1BB958681BE311E7CFF06CFEC5F1F2B   368128   ----a-w-   C:\windows\Sysnative\atmfd.dll
2013-10-17 15:55:31   D6BAE9B4B210D71CDDADC224CEFCDB5F   100864   ----a-w-   C:\windows\Sysnative\fontsub.dll
2013-10-17 15:55:31   A5ED9421B8D09ED4F57CDA386307713E   14336   ----a-w-   C:\windows\Sysnative\dciman32.dll
2013-10-17 15:55:31   796B47A4B82EF1C39F13435B88834C48   41472   ----a-w-   C:\windows\Sysnative\lpk.dll
2013-10-17 15:55:31   142671F462619CB64BA74F5B70136CB4   46080   ----a-w-   C:\windows\Sysnative\atmlib.dll
2013-10-17 15:55:30   51DFBD18A435BAEC1F71A692373ECE4F   9728   ----a-w-   C:\windows\Sysnative\Wdfres.dll
2013-10-17 15:55:28   B22C00ED0491FD7B8803D7DDE2849F4C   424448   ----a-w-   C:\windows\Sysnative\KernelBase.dll
2013-10-17 15:55:28   63B563F1FC047AB3E21530DBBE773260   5550528   ----a-w-   C:\windows\Sysnative\ntoskrnl.exe
2013-10-17 15:55:28   5B79D52A0388D8DEC5BF68411EA05A02   1732032   ----a-w-   C:\windows\Sysnative\ntdll.dll
2013-10-17 15:55:27   F0970A4BC8395659C22BF53D0FADF16F   112640   ----a-w-   C:\windows\Sysnative\smss.exe
2013-10-17 15:55:27   D8973E71F1B35CD3F3DEA7C12D49D0F0   1161216   ----a-w-   C:\windows\Sysnative\kernel32.dll
2013-10-17 15:55:27   BF95EA5809E3BBF55370F7CB309FEBD0   338432   ----a-w-   C:\windows\Sysnative\conhost.exe
2013-10-17 15:55:27   AA913C4E63B6F3F52E20BC9932205BCC   243712   ----a-w-   C:\windows\Sysnative\wow64.dll
2013-10-17 15:55:27   9209EA3F29DFC339A87EFD604E035FE4   362496   ----a-w-   C:\windows\Sysnative\wow64win.dll
2013-10-17 15:55:27   88EDD0B34EED542745931E581AD21A32   215040   ----a-w-   C:\windows\Sysnative\winsrv.dll
2013-10-17 15:55:27   659D71E315FB40FFE9AD46CB0588BEB1   13312   ----a-w-   C:\windows\Sysnative\wow64cpu.dll
2013-10-17 15:55:27   49CEA3942A2B99A906EAFC94B853EDBD   16384   ----a-w-   C:\windows\Sysnative\ntvdm64.dll
2013-10-17 15:55:27   216BABD555BC550952320EEA89C25DDF   43520   ----a-w-   C:\windows\Sysnative\csrsrv.dll
2013-10-17 15:55:26   70A1D465390C393AA118D9764E065B06   6656   ----a-w-   C:\windows\Sysnative\apisetschema.dll
2013-10-17 15:55:20   AD662B34B161198B9D66A564EDDA7D43   14172672   ----a-w-   C:\windows\Sysnative\shell32.dll
2013-10-17 15:55:18   23B001185B7C3CB1F4BDEB143E6B45B7   197120   ----a-w-   C:\windows\Sysnative\shdocvw.dll
2013-10-17 15:55:14   19320B121BFE7462EADD50A42C81AFD0   3155968   ----a-w-   C:\windows\Sysnative\win32k.sys
2013-10-17 15:55:10   764DF431D13537A575752009E7740F18   124112   ----a-w-   C:\windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
====== C:\windows\Sysnative\drivers =====
2013-10-18 22:33:45   34398CB1F8A152F5E9EE4394BC8ED75F   116440   ----a-w-   C:\windows\Sysnative\drivers\MBAMSwissArmy.sys
2013-10-18 22:31:49   C63BF488680F88B6A1D83302AA0ACD0E   91352   ----a-w-   C:\windows\Sysnative\drivers\mbamchameleon.sys
2013-10-18 14:14:47   88612F1CE3BF42256913BF6E61C70D52   983488   ----a-w-   C:\windows\Sysnative\drivers\dxgkrnl.sys
2013-10-17 15:55:30   E2C933EDBC389386EBE6D2BA953F43D8   785624   ----a-w-   C:\windows\Sysnative\drivers\Wdf01000.sys
2013-10-17 15:55:30   B0435098C81D04CAFFF80DDB746CD3A2   109824   ----a-w-   C:\windows\Sysnative\drivers\USBAUDIO.sys
2013-10-17 15:55:30   AEA0A67275CFBA0E463E00C6E9A1DDAE   54376   ----a-w-   C:\windows\Sysnative\drivers\WdfLdr.sys
2013-10-17 15:55:30   933222B19FF3E7EA5F65517EA1F7D57E   3   ----a-w-   C:\windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-17 15:55:30   80B0F7D5CCF86CEB5D402EAAF61FEC31   100864   ----a-w-   C:\windows\Sysnative\drivers\usbcir.sys
2013-10-17 15:55:30   1F775DA4CF1A3A1834207E975A72E9D7   185344   ----a-w-   C:\windows\Sysnative\drivers\usbvideo.sys
2013-10-17 15:55:24   9661DA76B4531B2DA272ECCE25A8AF24   42496   ----a-w-   C:\windows\Sysnative\drivers\usbscan.sys
2013-10-17 15:55:24   856E76B3641746ABBC2946BED1372098   32896   ----a-w-   C:\windows\Sysnative\drivers\hidparse.sys
2013-10-17 15:55:24   597C3699384E53CC59587ED50CCE5CA2   76800   ----a-w-   C:\windows\Sysnative\drivers\hidclass.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Likens\AppData\Roaming ======
2013-10-22 11:09:10   --------   d-----w-   C:\Users\Public\AppData\Local\temp
2013-10-22 11:09:10   --------   d-----w-   C:\Users\Guest\AppData\Local\temp
2013-10-22 11:09:10   --------   d-----w-   C:\Users\Guest.CANTSTOPMYSHINE\AppData\Local\temp
2013-10-22 11:09:10   --------   d-----w-   C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\temp
2013-10-22 11:09:10   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2013-10-22 11:09:10   --------   d-----w-   C:\Users\Default User\AppData\Local\temp
2013-10-18 14:25:53   --------   d-----w-   C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Roaming\Mozilla
2013-10-18 14:25:53   --------   d-----w-   C:\Users\Guest.CANTSTOPMYSHINE.000\AppData\Local\Mozilla
====== C:\Users\Likens ======
2013-10-21 02:37:24   --------   d-----w-   C:\Users\Public\AppData
2013-10-18 22:31:24   4503803B9BEF66A375A44029E8BC6725   12576792   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\mbar-1.07.0.1007.exe
2013-10-18 14:12:09   178A34E5554DCE485E1262DDF027960C   2237968   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\tdsskiller.exe
2013-10-17 20:54:20   D1526222FC4394CA4AD5A78327627D1B   1954124   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 20:49:54   D1526222FC4394CA4AD5A78327627D1B   1954124   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 15:52:07   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com

====== C: exe-files ==
2013-10-22 10:47:31   25D473D7805261C752DA738B13E35816   185271   ----a-w-   C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP\WiseCustomCalla31.exe
2013-10-21 02:17:17   F042EE4C8D66248D9B86DCF52ABAE416   256000   ----a-w-   C:\Windows\PEV.exe
2013-10-21 02:17:17   9E05A9C264C8A908A8E79450FCBFF047   80412   ----a-w-   C:\Windows\grep.exe
2013-10-21 02:17:17   5E832F4FAF5F481F2EAF3B3A48F603B8   68096   ----a-w-   C:\Windows\zip.exe
2013-10-21 02:17:17   0297C72529807322B152F517FDB0A9FC   406528   ----a-w-   C:\Windows\SWSC.exe
2013-10-21 02:17:17   0277C027A26428DB64EF4F64F52BB4FD   208896   ----a-w-   C:\Windows\MBR.exe
2013-10-18 22:31:45   D920AA3DBE478A87245A10A5EF7A1DFC   1170744   ----a-w-   C:\Users\Likens\Desktop\mbar\mbar.exe
2013-10-18 22:31:45   4E33C7CCDC718204291CE661A0F9B69B   757048   ----a-w-   C:\Users\Likens\Desktop\mbar\Plugins\fixdamage.exe
2013-10-18 22:31:24   4503803B9BEF66A375A44029E8BC6725   12576792   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\mbar-1.07.0.1007.exe
2013-10-18 14:14:18   C4DDAC3F3062739C4C2BB759B36E005D   51712   ----a-w-   C:\Windows\System32\ie4uinit.exe
2013-10-18 14:14:18   58A43D9DFFF91C1457EC47BDCF969B59   71680   ----a-w-   C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-18 14:14:18   4163195B6D07D3434BDEA78C293B7E0E   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-18 14:14:17   D6B7DDB68436F13C3CAE2B92524F1FEC   770648   ----a-w-   C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-10-18 14:14:16   F6A7D9C0BC326F695526069C1DA1E8B7   775256   ----a-w-   C:\Program Files\Internet Explorer\iexplore.exe
2013-10-18 14:12:09   178A34E5554DCE485E1262DDF027960C   2237968   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\tdsskiller.exe
2013-10-17 20:54:20   D1526222FC4394CA4AD5A78327627D1B   1954124   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\FRST64.exe
2013-10-17 20:49:54   D1526222FC4394CA4AD5A78327627D1B   1954124   ----a-w-   C:\Users\Guest.CANTSTOPMYSHINE.000\Downloads\FRST64.exe
2013-10-17 15:55:29   1A9E4EE88B31750E5CA207424143F99C   3968960   ----a-w-   C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-17 15:55:28   63B563F1FC047AB3E21530DBBE773260   5550528   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-10-17 15:55:28   5D0325AEF9DE48330908EC2E2DB0359F   3913664   ----a-w-   C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-17 15:55:27   F0970A4BC8395659C22BF53D0FADF16F   112640   ----a-w-   C:\Windows\System32\smss.exe
2013-10-17 15:55:27   BF95EA5809E3BBF55370F7CB309FEBD0   338432   ----a-w-   C:\Windows\System32\conhost.exe
2013-10-17 15:55:26   B83592F532FB320F0001F8099ECC192B   7680   ----a-w-   C:\Windows\SysWOW64\instnm.exe
2013-10-17 15:55:26   8489D083E46BFD2096A6CECFF6C7C227   2048   ----a-w-   C:\Windows\SysWOW64\user.exe
2013-10-17 15:55:26   3808FD7522646BEB1CCEA94C45D4228C   25600   ----a-w-   C:\Windows\SysWOW64\setup16.exe
=== C: other files ==
2013-10-21 02:14:50   73CA3457F6AFEEDD1BEA26A77507A2F7   280   ----a-w-   C:\Users\Likens\AppData\Local\adawarebp\data\temp.zip
2013-10-18 22:33:45   34398CB1F8A152F5E9EE4394BC8ED75F   116440   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-10-18 22:31:49   C63BF488680F88B6A1D83302AA0ACD0E   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-18 14:14:47   88612F1CE3BF42256913BF6E61C70D52   983488   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-17 15:55:30   E2C933EDBC389386EBE6D2BA953F43D8   785624   ----a-w-   C:\Windows\System32\drivers\Wdf01000.sys
2013-10-17 15:55:30   B0435098C81D04CAFFF80DDB746CD3A2   109824   ----a-w-   C:\Windows\System32\drivers\USBAUDIO.sys
2013-10-17 15:55:30   AEA0A67275CFBA0E463E00C6E9A1DDAE   54376   ----a-w-   C:\Windows\System32\drivers\WdfLdr.sys
2013-10-17 15:55:30   80B0F7D5CCF86CEB5D402EAAF61FEC31   100864   ----a-w-   C:\Windows\System32\drivers\usbcir.sys
2013-10-17 15:55:30   1F775DA4CF1A3A1834207E975A72E9D7   185344   ----a-w-   C:\Windows\System32\drivers\usbvideo.sys
2013-10-17 15:55:24   9661DA76B4531B2DA272ECCE25A8AF24   42496   ----a-w-   C:\Windows\System32\drivers\usbscan.sys
2013-10-17 15:55:24   856E76B3641746ABBC2946BED1372098   32896   ----a-w-   C:\Windows\System32\drivers\hidparse.sys
2013-10-17 15:55:24   597C3699384E53CC59587ED50CCE5CA2   76800   ----a-w-   C:\Windows\System32\drivers\hidclass.sys
2013-10-17 15:55:14   19320B121BFE7462EADD50A42C81AFD0   3155968   ----a-w-   C:\Windows\System32\win32k.sys
2013-10-17 15:52:07   8B968045D75783A09592C3105F2865DA   688992   ------r-   C:\Users\Guest.CANTSTOPMYSHINE.000\Desktop\dds.com

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"bncsaui.exe"="%ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ :C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Ad-Aware Update (Weekly)" [C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe]
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"lesstabs@lesstabs.com"="C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default
- Video Downloader - %ProfilePath%\extensions\pxyhzzjbka@pxyhzzjbka.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Likens\AppData\Roaming\Mozilla\Firefox\Profiles\pxn38l8p.default
4BF70B35B943BD73BD6E13EB7C1BA4B3   - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll -   Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files (x86)\adawaretb\chrome-newtab-search.crx[06/13/2013 09:33 AM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND (http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND)"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} SecureSearch  Url="http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} (http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms})"
{692EAB9F-96E3-4CD0-B8FE-293E8EAA4BA9} Google  Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND (http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND)"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\lesstabs@lesstabs.com deleted successfully

==== HijackThis Entries ======================

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== EOF on Tue 10/22/2013 at 22:13:31.18 ======================

 Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Ad-Aware
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java(TM) 6 Update 17 
 Java version out of Date!
 Adobe Flash Player 11.9.900.117 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 23.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]

Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on October 24, 2013, 01:28:36 PM
Hi Clikens86

Step 1

Download CKScanner from >here< (http://downloads.malwareremoval.com/CKScanner.exe)

Important : Save it to your desktop.

Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on October 24, 2013, 01:56:19 PM
Here is the log.  What are these files?

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\aircrack-ng-0.9.3-win\airmon-ng
c:\aircrack-ng-0.9.3-win\authors
c:\aircrack-ng-0.9.3-win\changelog
c:\aircrack-ng-0.9.3-win\evalrev
c:\aircrack-ng-0.9.3-win\installing
c:\aircrack-ng-0.9.3-win\license
c:\aircrack-ng-0.9.3-win\makefile
c:\aircrack-ng-0.9.3-win\makefile.airpcap
c:\aircrack-ng-0.9.3-win\makefile.cygwin
c:\aircrack-ng-0.9.3-win\makefile.netbsd
c:\aircrack-ng-0.9.3-win\makefile.openbsd
c:\aircrack-ng-0.9.3-win\makefile.osx
c:\aircrack-ng-0.9.3-win\makefile.other
c:\aircrack-ng-0.9.3-win\readme
c:\aircrack-ng-0.9.3-win\version
c:\aircrack-ng-0.9.3-win\src\aircrack-ng.c
c:\aircrack-ng-0.9.3-win\src\aircrack-ng.h
c:\aircrack-ng-0.9.3-win\src\aircrack-ptw-lib.c
c:\aircrack-ng-0.9.3-win\src\aircrack-ptw-lib.h
c:\aircrack-ng-0.9.3-win\src\airdecap-ng.c
c:\aircrack-ng-0.9.3-win\src\aireplay-ng.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng.c
c:\aircrack-ng-0.9.3-win\src\airtun-ng.c
c:\aircrack-ng-0.9.3-win\src\common.c
c:\aircrack-ng-0.9.3-win\src\crc.c
c:\aircrack-ng-0.9.3-win\src\crctable.h
c:\aircrack-ng-0.9.3-win\src\crypto.c
c:\aircrack-ng-0.9.3-win\src\crypto.h
c:\aircrack-ng-0.9.3-win\src\ivstools.c
c:\aircrack-ng-0.9.3-win\src\kstats.c
c:\aircrack-ng-0.9.3-win\src\packetforge-ng.c
c:\aircrack-ng-0.9.3-win\src\pcap.h
c:\aircrack-ng-0.9.3-win\src\sha1-mmx.s
c:\aircrack-ng-0.9.3-win\src\uniqueiv.c
c:\aircrack-ng-0.9.3-win\src\version.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\airodump-ng-airpcap.dsp
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\airodump-ng-airpcap.dsw
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\airodump-ng.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\airodump-ng.dsp
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\airodump-ng.ico
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\airodump-ng.rc
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\capture.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\capture_airpcap.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\console.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\console.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\installing.txt
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\pcap.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\resource.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\timeval.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\uniqueiv.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-airpcap\version.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\airodump-ng.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\airodump-ng.dsp
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\airodump-ng.dsw
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\airodump-ng.ico
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\airodump-ng.rc
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\capture.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\capture.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\console.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\console.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\pcap.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\resource.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\timeval.h
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\uniqueiv.c
c:\aircrack-ng-0.9.3-win\src\airodump-ng-peek\version.h
c:\aircrack-ng-0.9.3-win\src\bin\cygwin1.dll
c:\aircrack-ng-0.9.3-win\src\bin\debug.log
c:\aircrack-ng-0.9.3-win\src\bin\kstats.exe
c:\aircrack-ng-0.9.3-win\src\bin\makeivs.exe
c:\aircrack-ng-0.9.3-win\src\bin\msvcr70.dll
c:\aircrack-ng-0.9.3-win\src\bin\peek.dll
c:\aircrack-ng-0.9.3-win\src\bin\peek5.sys
c:\aircrack-ng-0.9.3-win\src\bin\wzcook.exe
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng.sln
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\aircrack-ng.csproj
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\aircrack-ng.csproj.user
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\form1.cs
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\form1.designer.cs
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\form1.resx
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\program.cs
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\properties\assemblyinfo.cs
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\properties\resources.designer.cs
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\properties\resources.resx
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\properties\settings.designer.cs
c:\aircrack-ng-0.9.3-win\src\gui\aircrack-ng\properties\settings.settings
c:\aircrack-ng-0.9.3-win\src\wzcook\console.c
c:\aircrack-ng-0.9.3-win\src\wzcook\console.h
c:\aircrack-ng-0.9.3-win\src\wzcook\resource.h
c:\aircrack-ng-0.9.3-win\src\wzcook\wzcook.c
c:\aircrack-ng-0.9.3-win\src\wzcook\wzcook.dsp
c:\aircrack-ng-0.9.3-win\src\wzcook\wzcook.dsw
c:\aircrack-ng-0.9.3-win\src\wzcook\wzcook.ico
c:\aircrack-ng-0.9.3-win\src\wzcook\wzcook.rc
c:\aircrack-ng-0.9.3-win\test\makeivs.c
c:\aircrack-ng-0.9.3-win\test\password.lst
c:\aircrack-ng-0.9.3-win\test\wep.open.system.authentication.cap
c:\aircrack-ng-0.9.3-win\test\wep.shared.key.authentication.cap
c:\aircrack-ng-0.9.3-win\test\wpa.cap
c:\aircrack-ng-0.9.3-win\test\wpa2.eapol.cap
scanner sequence 3.ZZ.11.TXLBR0
 ----- EOF -----
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: Clikens86 on November 14, 2013, 12:48:22 PM
Any updates on this Seedy21?
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: seedy21 on November 15, 2013, 02:55:48 AM
Hi Clikens86

Sorry for the delay.

After some research we have confirmed that results show evidence of a networking hacking software. With this we are unable to confirm that you have installed this or if the malware that infected your computer may have done this.

As a result, we would recommend to re-format the machine and start from scratch.

Here is a link to an article that may help you if you have not done this before.

http://artsandcrafts.about.com/od/businessmanagement/a/How-To-Restore-Your-Computer-To-Factory-Settings.htm (http://artsandcrafts.about.com/od/businessmanagement/a/How-To-Restore-Your-Computer-To-Factory-Settings.htm)
Title: Re: [In-Progress] Laptop has FBI virus, can only access the guest account
Post by: negster22 on January 05, 2014, 05:53:31 PM
Since this topic appears to be resolved I am closing it now.

Should the topic starter have any questions, please start a new topic or contact any one of the moderating team members. Please include a link to this thread with your request.