Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Already scanned with Malwarebytes, Hitman Pro and RogueKiller but file names still missing
Message
<blockquote data-quote="sophis" data-source="post: 181622" data-attributes="member: 14552"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (<span style="color: red">ATTENTION: ====> FRST version is 26 days old and could be outdated</span>)</p><p>Ran by Gladys (administrator) on TOSHIBA-USER on 08-04-2014 00:39:11</p><p>Running from C:\Documents and Settings\Gladys\Desktop</p><p>Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Normal</p><p>The only official download link for FRST:</p><p>Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a> </p><p>Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a> </p><p>Download link from any site other than Bleeping Computer is unpermitted or outdated.</p><p>See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p>==================== Processes (Whitelisted) =================</p><p>(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe</p><p>(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe</p><p>(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe</p><p>(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe</p><p>(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe</p><p>(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe</p><p>(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe</p><p>(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe</p><p>(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe</p><p>(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe</p><p>() c:\TOSHIBA\IVP\swupdate\swupdtmr.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\Tvs\TvsTray.exe</p><p>(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe</p><p>(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe</p><p>(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe</p><p>(Microsoft Corporation) C:\windows\system32\fxssvc.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe</p><p>(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe</p><p>(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe</p><p>(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe</p><p>() C:\Program Files\Logitech\QuickCam\Quickcam.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe</p><p>(Apple Computer, Inc.) C:\Program Files\iTunes\iTunesHelper.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe</p><p>(TOSHIBA Corporation) C:\windows\system32\TPSMain.exe</p><p>(TOSHIBA Corporation) C:\windows\system32\TDispVol.exe</p><p>(Agere Systems) C:\Program Files\ltmoh\Ltmoh.exe</p><p>() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe</p><p>(TOSHIBA Corporation) C:\windows\system32\TPSBattM.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe</p><p>(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe</p><p>(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe</p><p>(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe</p><p>(Sonic Solutions) C:\WINDOWS\system32\dla\DLACTRLW.exe</p><p>(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe</p><p>(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe</p><p>(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe</p><p>(Microsoft Corporation) C:\windows\system32\wuauclt.exe</p><p>(Apple Computer, Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMASST.exe</p><p>(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe</p><p>(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe</p><p>(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p>HKLM\...\Run: [Tvs] - C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-11-30] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA)</p><p>HKLM\...\Run: [TFncKy] - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe [188416 2005-08-16] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [122880 2005-04-26] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [98304 2008-01-03] (Apple Computer, Inc.)</p><p>HKLM\...\Run: [NDSTray.exe] - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [978944 2005-11-02] (TOSHIBA CORPORATION)</p><p>HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] ()</p><p>HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [278528 2005-05-04] (Apple Computer, Inc.)</p><p>HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)</p><p>HKLM\...\Run: [TPSMain] - C:\windows\system32\TPSMain.exe [282624 2005-05-31] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TDispVol] - C:\windows\system32\TDispVol.exe [73728 2005-03-11] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [82009 2005-12-16] (Synaptics, Inc.)</p><p>HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-12-16] (Synaptics, Inc.)</p><p>HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [184320 2004-08-18] (Agere Systems)</p><p>HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()</p><p>HKLM\...\Run: [IPHSend] - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [124520 2006-02-17] (America Online, Inc.)</p><p>HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-05] (Intel Corporation)</p><p>HKLM\...\Run: [IntelWireless] - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-11-28] (Intel Corporation)</p><p>HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-27] (Intel Corporation)</p><p>HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-11-27] (Intel Corporation)</p><p>HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)</p><p>HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\DLACTRLW.exe [122940 2005-10-06] (Sonic Solutions)</p><p>HKLM\...\Run: [Pinger] - c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation)</p><p>HKLM\...\Policies\Explorer: [NoCDBurning] 0</p><p>HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4351216 2009-05-26] (Yahoo! Inc.)</p><p>HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)</p><p>HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-05] (Google Inc.)</p><p>HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [Google Update] - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-13] (Google Inc.)</p><p>HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [ROC_ROC_APR2013_AV] - C:\Documents and Settings\Gladys\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid b01f7e0ae60447d18fd1d15a44433191-9e2a69660b66eb00ba700cc717937b94c7f3cd27 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012</p><p>HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Documents and Settings\Gladys\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b01f7e0ae60447d18fd1d15a44433191-9e2a69660b66eb00ba700cc717937b94c7f3cd27 --CMPID 0913a</p><p>HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [DriverUpdate] - C:\Program Files\DriverUpdate\DriverUpdate.exe [34138432 2014-03-19] (SlimWare Utilities, Inc.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk</p><p>ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk</p><p>ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)</p><p>==================== Internet (Whitelisted) ====================</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.yahoo.com/" target="_blank">http://www.yahoo.com/</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://www.google.com/ie" target="_blank">http://www.google.com/ie</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = <a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html" target="_blank">http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html</a></p><p>URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</p><p>BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)</p><p>BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)</p><p>BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File</p><p>BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)</p><p>BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)</p><p>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)</p><p>Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\system32\browseui.dll (Microsoft Corporation)</p><p>Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\windows\system32\SHELL32.dll (Microsoft Corporation)</p><p>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>Toolbar: HKCU - No Name - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No File</p><p>DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll</p><p>DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} <a href="http://malwaretips.com/file:///D:/data/index/ses_ocx/sessearch.ocx" target="_blank">file:///D:/data/index/ses_ocx/sessearch.ocx</a></p><p>DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} <a href="http://www1.snapfish.com/SnapfishActivia.cab" target="_blank">http://www1.snapfish.com/SnapfishActivia.cab</a></p><p>DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155609754781" target="_blank">http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155609754781</a></p><p>DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} <a href="https://webdl.symantec.com/activex/symdlmgr.cab" target="_blank">https://webdl.symantec.com/activex/symdlmgr.cab</a></p><p>DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <a href="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155609798984" target="_blank">http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155609798984</a></p><p>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} <a href="http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab" target="_blank">http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab</a></p><p>DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <a href="http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab" target="_blank">http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab</a></p><p>DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <a href="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" target="_blank">http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</a></p><p>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)</p><p>Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File</p><p>Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File</p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default</p><p>FF user.js: detected! => C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\user.js</p><p>FF SelectedSearchEngine: Google</p><p>FF Homepage: <a href="http://www.msn.com/" target="_blank">www.msn.com</a></p><p>FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</p><p>FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)</p><p>FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)</p><p>FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()</p><p>FF Plugin: <a href="mailto:yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1">yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1</a> - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)</p><p>FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll ()</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()</p><p>FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-08]</p><p>FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2006-12-14]</p><p>FF Extension: Display TroubleShoot CPL Extension - C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\Extensions\{F92C3348-3C53-6700-6CF0-690A7D9FAACF} [2014-01-29]</p><p>FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\</p><p>FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []</p><p>FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\</p><p>FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ []</p><p>FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\</p><p>FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ []</p><p>FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe</p><p>Chrome: </p><p>=======</p><p>CHR HomePage: hxxp://<a href="http://www.yahoo.com/" target="_blank">www.yahoo.com/</a></p><p>CHR Plugin: (Remoting Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.146\pdf.dll ()</p><p>CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File</p><p>CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</p><p>CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)</p><p>CHR Plugin: (Google Update) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File</p><p>CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)</p><p>CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()</p><p>CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>CHR Extension: (AVG Safe Search) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-07-18]</p><p>CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-10]</p><p>CHR Extension: (AVG Do Not Track) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-06-06]</p><p>CHR Extension: (Google Wallet) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]</p><p>CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]</p><p>CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]</p><p>CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]</p><p>CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</p><p>========================== Services (Whitelisted) =================</p><p>R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)</p><p>R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)</p><p>R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsushita Electric Industrial Co., Ltd.)</p><p>R3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2005-05-04] (Apple Computer, Inc.)</p><p>R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)</p><p>S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)</p><p>R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)</p><p>R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)</p><p>R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation )</p><p>R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-12] ()</p><p>R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [35328 2005-12-20] (TOSHIBA Corp.)</p><p>R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)</p><p>==================== Drivers (Whitelisted) ====================</p><p>R2 AegisP; C:\windows\System32\DRIVERS\AegisP.sys [21275 2006-08-12] (Meetinghouse Data Communications)</p><p>R2 ASCTRM; C:\windows\system32\Drivers\ASCTRM.sys [8552 2006-02-16] (Windows (R) 2000 DDK provider)</p><p>R3 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )</p><p>R3 AVGIDSFilter; C:\windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )</p><p>R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )</p><p>R3 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )</p><p>R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)</p><p>S3 CCDECODE; C:\windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)</p><p>R2 DLABOIOM; C:\windows\System32\DLA\DLABOIOM.SYS [25628 2005-10-06] (Sonic Solutions)</p><p>R1 DLACDBHM; C:\windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)</p><p>R2 DLADResN; C:\windows\System32\DLA\DLADResN.SYS [2496 2005-10-06] (Sonic Solutions)</p><p>R2 DLAIFS_M; C:\windows\System32\DLA\DLAIFS_M.SYS [86524 2005-10-06] (Sonic Solutions)</p><p>R2 DLAOPIOM; C:\windows\System32\DLA\DLAOPIOM.SYS [14684 2005-10-06] (Sonic Solutions)</p><p>R2 DLAPoolM; C:\windows\System32\DLA\DLAPoolM.SYS [6364 2005-10-06] (Sonic Solutions)</p><p>R1 DLARTL_N; C:\windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)</p><p>R2 DLAUDFAM; C:\windows\System32\DLA\DLAUDFAM.SYS [94332 2005-10-06] (Sonic Solutions)</p><p>R2 DLAUDF_M; C:\windows\System32\DLA\DLAUDF_M.SYS [87036 2005-10-06] (Sonic Solutions)</p><p>R2 DRVNDDM; C:\windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)</p><p>S3 FilterService; C:\windows\System32\DRIVERS\lvuvcflt.sys [23832 2007-10-11] (Logitech Inc.)</p><p>R3 Iviaspi; C:\windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)</p><p>S3 LVcKap; C:\windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)</p><p>S3 LVMVDrv; C:\windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)</p><p>R3 LVPr2Mon; C:\windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()</p><p>S3 LVUSBSta; C:\windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)</p><p>R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-08] (Malwarebytes Corporation)</p><p>R2 MCSTRM; C:\windows\system32\Drivers\MCSTRM.sys [8413 2006-12-11] (RealNetworks, Inc.)</p><p>R1 meiudf; C:\windows\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsushita Electric Industrial Co.,Ltd.)</p><p>S3 NdisIP; C:\windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)</p><p>R2 Netdevio; C:\windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)</p><p>R3 Pfc; C:\windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)</p><p>R2 s24trans; C:\windows\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation)</p><p>R3 tbiosdrv; C:\windows\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-24] ()</p><p>R3 TVALD; C:\windows\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation)</p><p>R3 Tvs; C:\windows\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation)</p><p>R3 w39n51; C:\windows\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)</p><p>S3 wanatw; C:\windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)</p><p>S4 IntelIde; No ImagePath</p><p>U5 ScsiPort; C:\windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)</p><p>S3 SymIM; system32\DRIVERS\SymIM.sys [X]</p><p>S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]</p><p>U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation)</p><p>U1 WS2IFSL;</p><p>==================== NetSvcs (Whitelisted) ===================</p><p>NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)</p><p>==================== One Month Created Files and Folders ========</p><p>2014-04-08 00:39 - 2014-04-08 00:42 - 00027443 _____ () C:\Documents and Settings\Gladys\Desktop\FRST.txt</p><p>2014-04-08 00:37 - 2014-04-08 00:39 - 00000000 ____D () C:\FRST</p><p>2014-04-08 00:36 - 2014-04-08 00:35 - 01145856 _____ (Farbar) C:\Documents and Settings\Gladys\Desktop\FRST.exe</p><p>2014-04-07 23:25 - 2014-04-07 23:25 - 00000000 ____D () C:\windows\LastGood</p><p>2014-04-03 23:16 - 2014-04-03 23:16 - 00001290 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_SC_04032014_231645.txt</p><p>2014-04-03 23:11 - 2011-02-18 15:26 - 00001878 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk</p><p>2014-04-03 23:11 - 2011-02-13 00:47 - 00001583 _____ () C:\Documents and Settings\All Users\Desktop\AIM.lnk</p><p>2014-04-03 23:11 - 2010-09-24 12:02 - 00001975 _____ () C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK</p><p>2014-04-03 23:11 - 2010-08-07 16:02 - 00000707 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk</p><p>2014-04-03 23:11 - 2009-05-28 13:13 - 00000823 _____ () C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk</p><p>2014-04-03 23:11 - 2008-11-23 18:33 - 00001716 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.1 Beta 1.lnk</p><p>2014-04-03 23:11 - 2008-09-06 22:26 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk</p><p>2014-04-03 23:11 - 2008-07-21 23:17 - 00001751 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk</p><p>2014-04-03 23:11 - 2008-04-14 14:08 - 00001792 _____ () C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk</p><p>2014-04-03 23:11 - 2008-01-03 00:20 - 00001625 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk</p><p>2014-04-03 23:11 - 2008-01-03 00:20 - 00000735 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk</p><p>2014-04-03 23:11 - 2007-11-29 21:12 - 00001598 _____ () C:\Documents and Settings\All Users\Desktop\Convert with deskPDF.lnk</p><p>2014-04-03 23:11 - 2007-11-11 23:53 - 00001975 _____ () C:\Documents and Settings\All Users\Desktop\Norton SystemWorks.lnk</p><p>2014-04-03 23:11 - 2007-08-25 14:39 - 00001868 _____ () C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk</p><p>2014-04-03 23:11 - 2006-08-17 21:01 - 00001891 _____ () C:\Documents and Settings\All Users\Desktop\AIM Triton.lnk</p><p>2014-04-03 23:11 - 2006-06-05 20:37 - 00001668 _____ () C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk</p><p>2014-04-03 23:11 - 2006-02-15 09:46 - 00001533 _____ () C:\Documents and Settings\All Users\Desktop\TOSHIBA Assist.lnk</p><p>2014-04-03 23:11 - 2006-02-15 08:39 - 00001515 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk</p><p>2014-04-03 23:11 - 2006-02-15 08:39 - 00000398 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk</p><p>2014-04-03 23:11 - 2006-02-15 08:37 - 00000794 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk</p><p>2014-04-03 23:11 - 2006-02-15 08:35 - 00000609 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk</p><p>2014-04-03 23:11 - 2005-04-05 14:22 - 00000664 _____ () C:\Documents and Settings\All Users\Desktop\Recovery Disc Creator (Express Media Player).lnk</p><p>2014-04-03 23:11 - 2004-08-25 17:22 - 00007639 _____ () C:\Documents and Settings\All Users\Desktop\Bluetooth Stack Installation Guide.txt</p><p>2014-04-03 23:11 - 2002-10-29 14:11 - 00000405 _____ () C:\Documents and Settings\All Users\Desktop\User's Guide.lnk</p><p>2014-04-03 23:10 - 2005-04-05 14:22 - 00000664 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Recovery Disc Creator (Express Media Player).lnk</p><p>2014-04-03 23:09 - 2008-07-21 23:17 - 00001810 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk</p><p>2014-04-03 23:09 - 2006-02-18 08:25 - 00001477 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk</p><p>2014-04-03 23:09 - 2006-02-16 02:56 - 00000697 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\America Online 9.0.lnk</p><p>2014-04-03 23:08 - 2007-11-11 23:53 - 00001975 _____ () C:\Documents and Settings\All Users\Start Menu\Norton SystemWorks.lnk</p><p>2014-04-03 23:08 - 2006-08-14 19:43 - 00001577 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk</p><p>2014-04-03 23:00 - 2014-04-03 23:00 - 00001760 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_D_04032014_230039.txt</p><p>2014-04-03 19:32 - 2014-04-03 19:32 - 00001713 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_193212.txt</p><p>2014-04-03 02:35 - 2014-04-03 02:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro</p><p>2014-04-03 02:34 - 2014-04-03 02:34 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-04-03 01:03 - 2014-04-03 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2014-04-03 00:57 - 2014-04-03 00:57 - 00000955 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_005730.txt</p><p>2014-04-02 22:42 - 2014-04-04 01:14 - 00000000 ____D () C:\Documents and Settings\Gladys\Desktop\RK_Quarantine</p><p>2014-04-02 00:07 - 2014-04-08 00:07 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-04-02 00:05 - 2014-04-08 00:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-04-02 00:04 - 2014-04-08 00:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware</p><p>2014-04-02 00:04 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys</p><p>2014-03-27 01:30 - 2014-03-27 01:30 - 00000000 ____D () C:\Documents and Settings\Gladys\Local Settings\Application Data\SlimWare Utilities Inc</p><p>2014-03-27 00:41 - 2014-03-27 00:41 - 00001856 _____ () C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk</p><p>2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Program Files\DriverUpdate</p><p>2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate</p><p>2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Downloaded Installers</p><p>2014-03-12 01:21 - 2014-03-12 01:25 - 00013350 _____ () C:\windows\KB2925418-IE8.log</p><p>2014-03-12 01:20 - 2014-03-12 01:20 - 00000000 __HDC () C:\windows\$NtUninstallKB2929961$</p><p>2014-03-12 01:19 - 2014-03-12 01:19 - 00000000 __HDC () C:\windows\$NtUninstallKB2930275$</p><p>2014-03-11 23:42 - 2014-03-12 01:21 - 00012343 _____ () C:\windows\KB2929961.log</p><p>2014-03-11 23:41 - 2014-03-12 01:20 - 00013708 _____ () C:\windows\KB2930275.log</p><p>2014-03-09 19:02 - 2014-04-07 23:15 - 00000224 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job</p><p>2014-03-09 19:02 - 2014-03-10 20:12 - 00000218 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job</p><p>==================== One Month Modified Files and Folders =======</p><p>2014-04-08 00:42 - 2014-04-08 00:39 - 00027443 _____ () C:\Documents and Settings\Gladys\Desktop\FRST.txt</p><p>2014-04-08 00:39 - 2014-04-08 00:37 - 00000000 ____D () C:\FRST</p><p>2014-04-08 00:35 - 2014-04-08 00:36 - 01145856 _____ (Farbar) C:\Documents and Settings\Gladys\Desktop\FRST.exe</p><p>2014-04-08 00:07 - 2014-04-02 00:07 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-04-08 00:04 - 2014-04-02 00:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-04-08 00:04 - 2014-04-02 00:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware</p><p>2014-04-07 23:53 - 2010-02-13 16:43 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-04-07 23:46 - 2010-02-13 18:21 - 00000982 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3633264511-1396050676-896409009-1006UA.job</p><p>2014-04-07 23:25 - 2014-04-07 23:25 - 00000000 ____D () C:\windows\LastGood</p><p>2014-04-07 23:25 - 2006-02-15 08:37 - 01734880 _____ () C:\windows\WindowsUpdate.log</p><p>2014-04-07 23:23 - 2011-03-14 20:48 - 00696848 _____ () C:\windows\setupapi.log</p><p>2014-04-07 23:23 - 2006-02-15 08:35 - 00000000 ____D () C:\windows\Registration</p><p>2014-04-07 23:18 - 2006-02-15 00:32 - 00000159 _____ () C:\windows\wiadebug.log</p><p>2014-04-07 23:17 - 2006-02-15 00:32 - 00000048 _____ () C:\windows\wiaservc.log</p><p>2014-04-07 23:15 - 2014-03-09 19:02 - 00000224 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job</p><p>2014-04-07 23:15 - 2010-02-13 16:43 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-04-07 23:15 - 2006-02-15 08:42 - 00000006 ____H () C:\windows\Tasks\SA.DAT</p><p>2014-04-07 23:14 - 2006-02-16 03:18 - 00000000 ____D () C:\windows\system32\DLA</p><p>2014-04-07 23:08 - 2006-02-15 08:42 - 00032390 _____ () C:\windows\SchedLgU.Txt</p><p>2014-04-07 23:07 - 2006-08-14 19:23 - 00000278 ___SH () C:\Documents and Settings\Gladys\ntuser.ini</p><p>2014-04-07 18:46 - 2010-02-13 18:21 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3633264511-1396050676-896409009-1006Core.job</p><p>2014-04-07 18:02 - 2011-07-16 17:25 - 00000000 ____D () C:\windows\system32\Drivers\AVG</p><p>2014-04-05 23:27 - 2006-12-12 00:28 - 00000000 ____D () C:\Documents and Settings\Gladys\Application Data\Skype</p><p>2014-04-05 21:43 - 2011-07-10 13:58 - 00001908 _____ () C:\windows\diagwrn.xml</p><p>2014-04-05 21:43 - 2011-07-10 13:58 - 00001908 _____ () C:\windows\diagerr.xml</p><p>2014-04-05 21:43 - 2006-02-15 00:29 - 00000611 _____ () C:\windows\setupact.log</p><p>2014-04-05 21:36 - 2006-02-15 00:29 - 00000000 _____ () C:\windows\setuperr.log</p><p>2014-04-04 01:14 - 2014-04-02 22:42 - 00000000 ____D () C:\Documents and Settings\Gladys\Desktop\RK_Quarantine</p><p>2014-04-03 23:26 - 2006-09-19 14:10 - 00000000 ____D () C:\Gladys</p><p>2014-04-03 23:16 - 2014-04-03 23:16 - 00001290 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_SC_04032014_231645.txt</p><p>2014-04-03 23:11 - 2009-05-28 13:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger</p><p>2014-04-03 23:11 - 2008-05-16 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live</p><p>2014-04-03 23:10 - 2006-02-16 02:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime</p><p>2014-04-03 23:10 - 2006-02-16 02:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TOSHIBA Applications</p><p>2014-04-03 23:10 - 2006-02-15 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements</p><p>2014-04-03 23:09 - 2008-08-23 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack</p><p>2014-04-03 23:09 - 2008-04-14 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Logitech</p><p>2014-04-03 23:09 - 2008-01-03 00:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes</p><p>2014-04-03 23:09 - 2006-08-17 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AIM</p><p>2014-04-03 23:09 - 2006-08-12 16:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless</p><p>2014-04-03 23:09 - 2006-06-05 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD</p><p>2014-04-03 23:09 - 2006-02-16 03:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works</p><p>2014-04-03 23:09 - 2006-02-16 02:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\America Online</p><p>2014-04-03 23:09 - 2006-02-16 02:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD Creator 2</p><p>2014-04-03 23:09 - 2006-02-15 08:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office</p><p>2014-04-03 23:09 - 2006-02-15 08:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games</p><p>2014-04-03 23:09 - 2006-02-15 08:33 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories</p><p>2014-04-03 23:00 - 2014-04-03 23:00 - 00001760 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_D_04032014_230039.txt</p><p>2014-04-03 19:32 - 2014-04-03 19:32 - 00001713 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_193212.txt</p><p>2014-04-03 19:19 - 2014-04-03 01:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2014-04-03 09:51 - 2014-04-02 00:04 - 00050648 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys</p><p>2014-04-03 09:50 - 2010-08-07 16:02 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys</p><p>2014-04-03 02:37 - 2014-04-03 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro</p><p>2014-04-03 02:34 - 2014-04-03 02:34 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-04-03 00:57 - 2014-04-03 00:57 - 00000955 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_005730.txt</p><p>2014-04-02 21:35 - 2006-02-15 08:59 - 00000000 __HDC () C:\windows\$NtUninstallKB905749$</p><p>2014-04-02 00:05 - 2010-08-07 16:03 - 00000000 ____D () C:\Documents and Settings\Gladys\Application Data\Malwarebytes</p><p>2014-04-02 00:05 - 2010-08-07 16:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes</p><p>2014-03-31 03:04 - 2006-08-14 19:23 - 00000000 ____D () C:\Documents and Settings\Gladys</p><p>2014-03-29 20:26 - 2006-08-14 19:23 - 00000000 ____D () C:\Documents and Settings\Gladys\Local Settings\Application Data\Google</p><p>2014-03-27 01:30 - 2014-03-27 01:30 - 00000000 ____D () C:\Documents and Settings\Gladys\Local Settings\Application Data\SlimWare Utilities Inc</p><p>2014-03-27 00:41 - 2014-03-27 00:41 - 00001856 _____ () C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk</p><p>2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Program Files\DriverUpdate</p><p>2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate</p><p>2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Downloaded Installers</p><p>2014-03-22 23:49 - 2006-02-15 07:04 - 00001158 _____ () C:\windows\system32\wpa.dbl</p><p>2014-03-19 03:13 - 2013-07-17 22:20 - 00000000 ____D () C:\windows\system32\MRT</p><p>2014-03-19 02:51 - 2006-08-14 19:58 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe</p><p>2014-03-15 19:21 - 2010-04-21 22:40 - 00002304 _____ () C:\Documents and Settings\Gladys\Desktop\Google Chrome.lnk</p><p>2014-03-12 17:47 - 2006-02-15 00:29 - 00229592 _____ () C:\windows\system32\FNTCACHE.DAT</p><p>2014-03-12 01:25 - 2014-03-12 01:21 - 00013350 _____ () C:\windows\KB2925418-IE8.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 03382758 _____ () C:\windows\FaxSetup.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 01683118 _____ () C:\windows\iis6.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 01622419 _____ () C:\windows\ocgen.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 01549021 _____ () C:\windows\tsoc.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 01041598 _____ () C:\windows\msmqinst.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00668748 _____ () C:\windows\ntdtcsetup.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00605606 _____ () C:\windows\netfxocm.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00384285 _____ () C:\windows\MedCtrOC.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00381287 _____ () C:\windows\plusoc.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00186103 _____ () C:\windows\ehOCGen.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00182369 _____ () C:\windows\ocmsn.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00170284 _____ () C:\windows\tabletoc.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00169072 _____ () C:\windows\msgsocm.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00055187 _____ () C:\windows\comsetup.log</p><p>2014-03-12 01:25 - 2006-02-15 00:30 - 00001374 _____ () C:\windows\imsins.log</p><p>2014-03-12 01:24 - 2006-02-15 08:59 - 00497154 _____ () C:\windows\updspapi.log</p><p>2014-03-12 01:23 - 2012-02-18 04:10 - 00000000 ____D () C:\windows\ie8updates</p><p>2014-03-12 01:21 - 2014-03-11 23:42 - 00012343 _____ () C:\windows\KB2929961.log</p><p>2014-03-12 01:21 - 2006-02-15 00:30 - 00001374 _____ () C:\windows\imsins.BAK</p><p>2014-03-12 01:20 - 2014-03-12 01:20 - 00000000 __HDC () C:\windows\$NtUninstallKB2929961$</p><p>2014-03-12 01:20 - 2014-03-11 23:41 - 00013708 _____ () C:\windows\KB2930275.log</p><p>2014-03-12 01:19 - 2014-03-12 01:19 - 00000000 __HDC () C:\windows\$NtUninstallKB2930275$</p><p>2014-03-10 20:12 - 2014-03-09 19:02 - 00000218 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job</p><p>2014-03-09 19:11 - 2006-02-15 00:30 - 00528976 _____ () C:\windows\system32\PerfStringBackup.INI</p><p>Some content of TEMP:</p><p>====================</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\converter.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\msgup900_2162_us.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\ntdll_dump.dll</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\quickcamenu.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\SkypeSetup.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\svruninstall.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\SymLCSVC.EXE</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\yahoo_toolbar_install_helper.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\ymsgr_inst.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\ytb_7.2.5.15_1.6.6_ysp_1.2.8_mail_bts_pub_us_setup_.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\ywiseext.dll</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\_is30.exe</p><p>C:\Documents and Settings\Gladys\Local Settings\Temp\_is33.exe</p><p></p><p>==================== Bamital & volsnap Check =================</p><p>C:\windows\explorer.exe => MD5 is legit</p><p>C:\windows\system32\winlogon.exe => MD5 is legit</p><p>C:\windows\system32\svchost.exe => MD5 is legit</p><p>C:\windows\system32\services.exe => MD5 is legit</p><p>C:\windows\system32\User32.dll => MD5 is legit</p><p>C:\windows\system32\userinit.exe => MD5 is legit</p><p>C:\windows\system32\rpcss.dll => MD5 is legit</p><p>C:\windows\system32\Drivers\volsnap.sys => MD5 is legit</p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="sophis, post: 181622, member: 14552"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 ([color=red]ATTENTION: ====> FRST version is 26 days old and could be outdated[/color]) Ran by Gladys (administrator) on TOSHIBA-USER on 08-04-2014 00:39:11 Running from C:\Documents and Settings\Gladys\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/[/url] Download link for 64-Bit Version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/[/url] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe (America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe () c:\TOSHIBA\IVP\swupdate\swupdtmr.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe (TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (Microsoft Corporation) C:\windows\system32\fxssvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe () C:\Program Files\Logitech\QuickCam\Quickcam.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (Apple Computer, Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe (TOSHIBA Corporation) C:\windows\system32\TPSMain.exe (TOSHIBA Corporation) C:\windows\system32\TDispVol.exe (Agere Systems) C:\Program Files\ltmoh\Ltmoh.exe () C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (TOSHIBA Corporation) C:\windows\system32\TPSBattM.exe (Intel Corporation) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Sonic Solutions) C:\WINDOWS\system32\dla\DLACTRLW.exe (TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Logitech Inc.) C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Microsoft Corporation) C:\windows\system32\wuauclt.exe (Apple Computer, Inc.) C:\Program Files\iPod\bin\iPodService.exe (Matsushita Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMASST.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Tvs] - C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-11-30] (TOSHIBA Corporation) HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2006-01-05] (TOSHIBA) HKLM\...\Run: [TFncKy] - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe [188416 2005-08-16] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [122880 2005-04-26] (TOSHIBA Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [98304 2008-01-03] (Apple Computer, Inc.) HKLM\...\Run: [NDSTray.exe] - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [978944 2005-11-02] (TOSHIBA CORPORATION) HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] () HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [278528 2005-05-04] (Apple Computer, Inc.) HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [TPSMain] - C:\windows\system32\TPSMain.exe [282624 2005-05-31] (TOSHIBA Corporation) HKLM\...\Run: [TDispVol] - C:\windows\system32\TDispVol.exe [73728 2005-03-11] (TOSHIBA Corporation) HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [82009 2005-12-16] (Synaptics, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761945 2005-12-16] (Synaptics, Inc.) HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [184320 2004-08-18] (Agere Systems) HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] () HKLM\...\Run: [IPHSend] - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [124520 2006-02-17] (America Online, Inc.) HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-05] (Intel Corporation) HKLM\...\Run: [IntelWireless] - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-11-28] (Intel Corporation) HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-11-27] (Intel Corporation) HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-11-27] (Intel Corporation) HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\DLACTRLW.exe [122940 2005-10-06] (Sonic Solutions) HKLM\...\Run: [Pinger] - c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4351216 2009-05-26] (Yahoo! Inc.) HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA) HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-05] (Google Inc.) HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [Google Update] - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-13] (Google Inc.) HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [ROC_ROC_APR2013_AV] - C:\Documents and Settings\Gladys\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid b01f7e0ae60447d18fd1d15a44433191-9e2a69660b66eb00ba700cc717937b94c7f3cd27 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [AVG-Secure-Search-Update_0913a] - C:\Documents and Settings\Gladys\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b01f7e0ae60447d18fd1d15a44433191-9e2a69660b66eb00ba700cc717937b94c7f3cd27 --CMPID 0913a HKU\S-1-5-21-3633264511-1396050676-896409009-1006\...\Run: [DriverUpdate] - C:\Program Files\DriverUpdate\DriverUpdate.exe [34138432 2014-03-19] (SlimWare Utilities, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.google.com/ie[/url] HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/url] HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html[/url] URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\windows\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKCU - No Name - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No File DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} [URL='http://malwaretips.com/file:///D:/data/index/ses_ocx/sessearch.ocx']file:///D:/data/index/ses_ocx/sessearch.ocx[/URL] DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [url]http://www1.snapfish.com/SnapfishActivia.cab[/url] DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155609754781[/url] DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [url]https://webdl.symantec.com/activex/symdlmgr.cab[/url] DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155609798984[/url] DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url]http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[/url] DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [url]http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[/url] DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default FF user.js: detected! => C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\user.js FF SelectedSearchEngine: Google FF Homepage: [URL='http://www.msn.com/']www.msn.com[/URL] FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF Plugin: [EMAIL]yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1[/EMAIL] - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSWF32.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll () FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-09-08] FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2006-12-14] FF Extension: Display TroubleShoot CPL Extension - C:\Documents and Settings\Gladys\Application Data\Mozilla\Firefox\Profiles\81dzzj4d.default\Extensions\{F92C3348-3C53-6700-6CF0-690A7D9FAACF} [2014-01-29] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\ FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ [] FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe Chrome: ======= CHR HomePage: hxxp://[url="http://www.yahoo.com/"]www.yahoo.com/[/url] CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.146\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (AVG Safe Search) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-07-18] CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-09-10] CHR Extension: (AVG Do Not Track) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-06-06] CHR Extension: (Google Wallet) - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Gladys\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsushita Electric Industrial Co., Ltd.) R3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [327680 2005-05-04] (Apple Computer, Inc.) R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.) S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-11-28] (Intel Corporation ) R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-12] () R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [35328 2005-12-20] (TOSHIBA Corp.) R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\windows\System32\DRIVERS\AegisP.sys [21275 2006-08-12] (Meetinghouse Data Communications) R2 ASCTRM; C:\windows\system32\Drivers\ASCTRM.sys [8552 2006-02-16] (Windows (R) 2000 DDK provider) R3 AVGIDSDriver; C:\windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHX; C:\windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShim; C:\windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 DLABOIOM; C:\windows\System32\DLA\DLABOIOM.SYS [25628 2005-10-06] (Sonic Solutions) R1 DLACDBHM; C:\windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) R2 DLADResN; C:\windows\System32\DLA\DLADResN.SYS [2496 2005-10-06] (Sonic Solutions) R2 DLAIFS_M; C:\windows\System32\DLA\DLAIFS_M.SYS [86524 2005-10-06] (Sonic Solutions) R2 DLAOPIOM; C:\windows\System32\DLA\DLAOPIOM.SYS [14684 2005-10-06] (Sonic Solutions) R2 DLAPoolM; C:\windows\System32\DLA\DLAPoolM.SYS [6364 2005-10-06] (Sonic Solutions) R1 DLARTL_N; C:\windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) R2 DLAUDFAM; C:\windows\System32\DLA\DLAUDFAM.SYS [94332 2005-10-06] (Sonic Solutions) R2 DLAUDF_M; C:\windows\System32\DLA\DLAUDF_M.SYS [87036 2005-10-06] (Sonic Solutions) R2 DRVNDDM; C:\windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) S3 FilterService; C:\windows\System32\DRIVERS\lvuvcflt.sys [23832 2007-10-11] (Logitech Inc.) R3 Iviaspi; C:\windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) S3 LVcKap; C:\windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.) S3 LVMVDrv; C:\windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.) R3 LVPr2Mon; C:\windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] () S3 LVUSBSta; C:\windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-08] (Malwarebytes Corporation) R2 MCSTRM; C:\windows\system32\Drivers\MCSTRM.sys [8413 2006-12-11] (RealNetworks, Inc.) R1 meiudf; C:\windows\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsushita Electric Industrial Co.,Ltd.) S3 NdisIP; C:\windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 Netdevio; C:\windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) R3 Pfc; C:\windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) R2 s24trans; C:\windows\System32\DRIVERS\s24trans.sys [13568 2005-11-28] (Intel Corporation) R3 tbiosdrv; C:\windows\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-24] () R3 TVALD; C:\windows\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation) R3 Tvs; C:\windows\System32\DRIVERS\Tvs.sys [43392 2005-11-30] (TOSHIBA Corporation) R3 w39n51; C:\windows\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation) S3 wanatw; C:\windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S4 IntelIde; No ImagePath U5 ScsiPort; C:\windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SymIM; system32\DRIVERS\SymIM.sys [X] S3 SymIMMP; system32\DRIVERS\SymIM.sys [X] U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-04-08 00:39 - 2014-04-08 00:42 - 00027443 _____ () C:\Documents and Settings\Gladys\Desktop\FRST.txt 2014-04-08 00:37 - 2014-04-08 00:39 - 00000000 ____D () C:\FRST 2014-04-08 00:36 - 2014-04-08 00:35 - 01145856 _____ (Farbar) C:\Documents and Settings\Gladys\Desktop\FRST.exe 2014-04-07 23:25 - 2014-04-07 23:25 - 00000000 ____D () C:\windows\LastGood 2014-04-03 23:16 - 2014-04-03 23:16 - 00001290 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_SC_04032014_231645.txt 2014-04-03 23:11 - 2011-02-18 15:26 - 00001878 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk 2014-04-03 23:11 - 2011-02-13 00:47 - 00001583 _____ () C:\Documents and Settings\All Users\Desktop\AIM.lnk 2014-04-03 23:11 - 2010-09-24 12:02 - 00001975 _____ () C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK 2014-04-03 23:11 - 2010-08-07 16:02 - 00000707 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk 2014-04-03 23:11 - 2009-05-28 13:13 - 00000823 _____ () C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk 2014-04-03 23:11 - 2008-11-23 18:33 - 00001716 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.1 Beta 1.lnk 2014-04-03 23:11 - 2008-09-06 22:26 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk 2014-04-03 23:11 - 2008-07-21 23:17 - 00001751 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk 2014-04-03 23:11 - 2008-04-14 14:08 - 00001792 _____ () C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk 2014-04-03 23:11 - 2008-01-03 00:20 - 00001625 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-04-03 23:11 - 2008-01-03 00:20 - 00000735 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-04-03 23:11 - 2007-11-29 21:12 - 00001598 _____ () C:\Documents and Settings\All Users\Desktop\Convert with deskPDF.lnk 2014-04-03 23:11 - 2007-11-11 23:53 - 00001975 _____ () C:\Documents and Settings\All Users\Desktop\Norton SystemWorks.lnk 2014-04-03 23:11 - 2007-08-25 14:39 - 00001868 _____ () C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk 2014-04-03 23:11 - 2006-08-17 21:01 - 00001891 _____ () C:\Documents and Settings\All Users\Desktop\AIM Triton.lnk 2014-04-03 23:11 - 2006-06-05 20:37 - 00001668 _____ () C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk 2014-04-03 23:11 - 2006-02-15 09:46 - 00001533 _____ () C:\Documents and Settings\All Users\Desktop\TOSHIBA Assist.lnk 2014-04-03 23:11 - 2006-02-15 08:39 - 00001515 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk 2014-04-03 23:11 - 2006-02-15 08:39 - 00000398 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk 2014-04-03 23:11 - 2006-02-15 08:37 - 00000794 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk 2014-04-03 23:11 - 2006-02-15 08:35 - 00000609 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk 2014-04-03 23:11 - 2005-04-05 14:22 - 00000664 _____ () C:\Documents and Settings\All Users\Desktop\Recovery Disc Creator (Express Media Player).lnk 2014-04-03 23:11 - 2004-08-25 17:22 - 00007639 _____ () C:\Documents and Settings\All Users\Desktop\Bluetooth Stack Installation Guide.txt 2014-04-03 23:11 - 2002-10-29 14:11 - 00000405 _____ () C:\Documents and Settings\All Users\Desktop\User's Guide.lnk 2014-04-03 23:10 - 2005-04-05 14:22 - 00000664 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Recovery Disc Creator (Express Media Player).lnk 2014-04-03 23:09 - 2008-07-21 23:17 - 00001810 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk 2014-04-03 23:09 - 2006-02-18 08:25 - 00001477 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk 2014-04-03 23:09 - 2006-02-16 02:56 - 00000697 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\America Online 9.0.lnk 2014-04-03 23:08 - 2007-11-11 23:53 - 00001975 _____ () C:\Documents and Settings\All Users\Start Menu\Norton SystemWorks.lnk 2014-04-03 23:08 - 2006-08-14 19:43 - 00001577 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk 2014-04-03 23:00 - 2014-04-03 23:00 - 00001760 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_D_04032014_230039.txt 2014-04-03 19:32 - 2014-04-03 19:32 - 00001713 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_193212.txt 2014-04-03 02:35 - 2014-04-03 02:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro 2014-04-03 02:34 - 2014-04-03 02:34 - 00000000 ____D () C:\Program Files\HitmanPro 2014-04-03 01:03 - 2014-04-03 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2014-04-03 00:57 - 2014-04-03 00:57 - 00000955 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_005730.txt 2014-04-02 22:42 - 2014-04-04 01:14 - 00000000 ____D () C:\Documents and Settings\Gladys\Desktop\RK_Quarantine 2014-04-02 00:07 - 2014-04-08 00:07 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-02 00:05 - 2014-04-08 00:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-02 00:04 - 2014-04-08 00:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-02 00:04 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-03-27 01:30 - 2014-03-27 01:30 - 00000000 ____D () C:\Documents and Settings\Gladys\Local Settings\Application Data\SlimWare Utilities Inc 2014-03-27 00:41 - 2014-03-27 00:41 - 00001856 _____ () C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk 2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Program Files\DriverUpdate 2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate 2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Downloaded Installers 2014-03-12 01:21 - 2014-03-12 01:25 - 00013350 _____ () C:\windows\KB2925418-IE8.log 2014-03-12 01:20 - 2014-03-12 01:20 - 00000000 __HDC () C:\windows\$NtUninstallKB2929961$ 2014-03-12 01:19 - 2014-03-12 01:19 - 00000000 __HDC () C:\windows\$NtUninstallKB2930275$ 2014-03-11 23:42 - 2014-03-12 01:21 - 00012343 _____ () C:\windows\KB2929961.log 2014-03-11 23:41 - 2014-03-12 01:20 - 00013708 _____ () C:\windows\KB2930275.log 2014-03-09 19:02 - 2014-04-07 23:15 - 00000224 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-09 19:02 - 2014-03-10 20:12 - 00000218 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job ==================== One Month Modified Files and Folders ======= 2014-04-08 00:42 - 2014-04-08 00:39 - 00027443 _____ () C:\Documents and Settings\Gladys\Desktop\FRST.txt 2014-04-08 00:39 - 2014-04-08 00:37 - 00000000 ____D () C:\FRST 2014-04-08 00:35 - 2014-04-08 00:36 - 01145856 _____ (Farbar) C:\Documents and Settings\Gladys\Desktop\FRST.exe 2014-04-08 00:07 - 2014-04-02 00:07 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-08 00:04 - 2014-04-02 00:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-08 00:04 - 2014-04-02 00:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-07 23:53 - 2010-02-13 16:43 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-07 23:46 - 2010-02-13 18:21 - 00000982 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3633264511-1396050676-896409009-1006UA.job 2014-04-07 23:25 - 2014-04-07 23:25 - 00000000 ____D () C:\windows\LastGood 2014-04-07 23:25 - 2006-02-15 08:37 - 01734880 _____ () C:\windows\WindowsUpdate.log 2014-04-07 23:23 - 2011-03-14 20:48 - 00696848 _____ () C:\windows\setupapi.log 2014-04-07 23:23 - 2006-02-15 08:35 - 00000000 ____D () C:\windows\Registration 2014-04-07 23:18 - 2006-02-15 00:32 - 00000159 _____ () C:\windows\wiadebug.log 2014-04-07 23:17 - 2006-02-15 00:32 - 00000048 _____ () C:\windows\wiaservc.log 2014-04-07 23:15 - 2014-03-09 19:02 - 00000224 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-04-07 23:15 - 2010-02-13 16:43 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-07 23:15 - 2006-02-15 08:42 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-04-07 23:14 - 2006-02-16 03:18 - 00000000 ____D () C:\windows\system32\DLA 2014-04-07 23:08 - 2006-02-15 08:42 - 00032390 _____ () C:\windows\SchedLgU.Txt 2014-04-07 23:07 - 2006-08-14 19:23 - 00000278 ___SH () C:\Documents and Settings\Gladys\ntuser.ini 2014-04-07 18:46 - 2010-02-13 18:21 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3633264511-1396050676-896409009-1006Core.job 2014-04-07 18:02 - 2011-07-16 17:25 - 00000000 ____D () C:\windows\system32\Drivers\AVG 2014-04-05 23:27 - 2006-12-12 00:28 - 00000000 ____D () C:\Documents and Settings\Gladys\Application Data\Skype 2014-04-05 21:43 - 2011-07-10 13:58 - 00001908 _____ () C:\windows\diagwrn.xml 2014-04-05 21:43 - 2011-07-10 13:58 - 00001908 _____ () C:\windows\diagerr.xml 2014-04-05 21:43 - 2006-02-15 00:29 - 00000611 _____ () C:\windows\setupact.log 2014-04-05 21:36 - 2006-02-15 00:29 - 00000000 _____ () C:\windows\setuperr.log 2014-04-04 01:14 - 2014-04-02 22:42 - 00000000 ____D () C:\Documents and Settings\Gladys\Desktop\RK_Quarantine 2014-04-03 23:26 - 2006-09-19 14:10 - 00000000 ____D () C:\Gladys 2014-04-03 23:16 - 2014-04-03 23:16 - 00001290 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_SC_04032014_231645.txt 2014-04-03 23:11 - 2009-05-28 13:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger 2014-04-03 23:11 - 2008-05-16 23:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live 2014-04-03 23:10 - 2006-02-16 02:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-04-03 23:10 - 2006-02-16 02:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TOSHIBA Applications 2014-04-03 23:10 - 2006-02-15 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements 2014-04-03 23:09 - 2008-08-23 23:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack 2014-04-03 23:09 - 2008-04-14 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Logitech 2014-04-03 23:09 - 2008-01-03 00:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-04-03 23:09 - 2006-08-17 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AIM 2014-04-03 23:09 - 2006-08-12 16:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless 2014-04-03 23:09 - 2006-06-05 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD 2014-04-03 23:09 - 2006-02-16 03:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works 2014-04-03 23:09 - 2006-02-16 02:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\America Online 2014-04-03 23:09 - 2006-02-16 02:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD Creator 2 2014-04-03 23:09 - 2006-02-15 08:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2014-04-03 23:09 - 2006-02-15 08:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games 2014-04-03 23:09 - 2006-02-15 08:33 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories 2014-04-03 23:00 - 2014-04-03 23:00 - 00001760 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_D_04032014_230039.txt 2014-04-03 19:32 - 2014-04-03 19:32 - 00001713 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_193212.txt 2014-04-03 19:19 - 2014-04-03 01:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2014-04-03 09:51 - 2014-04-02 00:04 - 00050648 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:50 - 2010-08-07 16:02 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-04-03 02:37 - 2014-04-03 02:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro 2014-04-03 02:34 - 2014-04-03 02:34 - 00000000 ____D () C:\Program Files\HitmanPro 2014-04-03 00:57 - 2014-04-03 00:57 - 00000955 _____ () C:\Documents and Settings\Gladys\Desktop\RKreport[0]_S_04032014_005730.txt 2014-04-02 21:35 - 2006-02-15 08:59 - 00000000 __HDC () C:\windows\$NtUninstallKB905749$ 2014-04-02 00:05 - 2010-08-07 16:03 - 00000000 ____D () C:\Documents and Settings\Gladys\Application Data\Malwarebytes 2014-04-02 00:05 - 2010-08-07 16:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-03-31 03:04 - 2006-08-14 19:23 - 00000000 ____D () C:\Documents and Settings\Gladys 2014-03-29 20:26 - 2006-08-14 19:23 - 00000000 ____D () C:\Documents and Settings\Gladys\Local Settings\Application Data\Google 2014-03-27 01:30 - 2014-03-27 01:30 - 00000000 ____D () C:\Documents and Settings\Gladys\Local Settings\Application Data\SlimWare Utilities Inc 2014-03-27 00:41 - 2014-03-27 00:41 - 00001856 _____ () C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk 2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Program Files\DriverUpdate 2014-03-27 00:41 - 2014-03-27 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate 2014-03-27 00:40 - 2014-03-27 00:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Downloaded Installers 2014-03-22 23:49 - 2006-02-15 07:04 - 00001158 _____ () C:\windows\system32\wpa.dbl 2014-03-19 03:13 - 2013-07-17 22:20 - 00000000 ____D () C:\windows\system32\MRT 2014-03-19 02:51 - 2006-08-14 19:58 - 87350280 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-03-15 19:21 - 2010-04-21 22:40 - 00002304 _____ () C:\Documents and Settings\Gladys\Desktop\Google Chrome.lnk 2014-03-12 17:47 - 2006-02-15 00:29 - 00229592 _____ () C:\windows\system32\FNTCACHE.DAT 2014-03-12 01:25 - 2014-03-12 01:21 - 00013350 _____ () C:\windows\KB2925418-IE8.log 2014-03-12 01:25 - 2006-02-15 00:30 - 03382758 _____ () C:\windows\FaxSetup.log 2014-03-12 01:25 - 2006-02-15 00:30 - 01683118 _____ () C:\windows\iis6.log 2014-03-12 01:25 - 2006-02-15 00:30 - 01622419 _____ () C:\windows\ocgen.log 2014-03-12 01:25 - 2006-02-15 00:30 - 01549021 _____ () C:\windows\tsoc.log 2014-03-12 01:25 - 2006-02-15 00:30 - 01041598 _____ () C:\windows\msmqinst.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00668748 _____ () C:\windows\ntdtcsetup.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00605606 _____ () C:\windows\netfxocm.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00384285 _____ () C:\windows\MedCtrOC.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00381287 _____ () C:\windows\plusoc.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00186103 _____ () C:\windows\ehOCGen.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00182369 _____ () C:\windows\ocmsn.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00170284 _____ () C:\windows\tabletoc.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00169072 _____ () C:\windows\msgsocm.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00055187 _____ () C:\windows\comsetup.log 2014-03-12 01:25 - 2006-02-15 00:30 - 00001374 _____ () C:\windows\imsins.log 2014-03-12 01:24 - 2006-02-15 08:59 - 00497154 _____ () C:\windows\updspapi.log 2014-03-12 01:23 - 2012-02-18 04:10 - 00000000 ____D () C:\windows\ie8updates 2014-03-12 01:21 - 2014-03-11 23:42 - 00012343 _____ () C:\windows\KB2929961.log 2014-03-12 01:21 - 2006-02-15 00:30 - 00001374 _____ () C:\windows\imsins.BAK 2014-03-12 01:20 - 2014-03-12 01:20 - 00000000 __HDC () C:\windows\$NtUninstallKB2929961$ 2014-03-12 01:20 - 2014-03-11 23:41 - 00013708 _____ () C:\windows\KB2930275.log 2014-03-12 01:19 - 2014-03-12 01:19 - 00000000 __HDC () C:\windows\$NtUninstallKB2930275$ 2014-03-10 20:12 - 2014-03-09 19:02 - 00000218 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-09 19:11 - 2006-02-15 00:30 - 00528976 _____ () C:\windows\system32\PerfStringBackup.INI Some content of TEMP: ==================== C:\Documents and Settings\Gladys\Local Settings\Temp\converter.exe C:\Documents and Settings\Gladys\Local Settings\Temp\msgup900_2162_us.exe C:\Documents and Settings\Gladys\Local Settings\Temp\ntdll_dump.dll C:\Documents and Settings\Gladys\Local Settings\Temp\quickcamenu.exe C:\Documents and Settings\Gladys\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\Gladys\Local Settings\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe C:\Documents and Settings\Gladys\Local Settings\Temp\svruninstall.exe C:\Documents and Settings\Gladys\Local Settings\Temp\SymLCSVC.EXE C:\Documents and Settings\Gladys\Local Settings\Temp\yahoo_toolbar_install_helper.exe C:\Documents and Settings\Gladys\Local Settings\Temp\ymsgr_inst.exe C:\Documents and Settings\Gladys\Local Settings\Temp\ytb_7.2.5.15_1.6.6_ysp_1.2.8_mail_bts_pub_us_setup_.exe C:\Documents and Settings\Gladys\Local Settings\Temp\ywiseext.dll C:\Documents and Settings\Gladys\Local Settings\Temp\_is30.exe C:\Documents and Settings\Gladys\Local Settings\Temp\_is33.exe ==================== Bamital & volsnap Check ================= C:\windows\explorer.exe => MD5 is legit C:\windows\system32\winlogon.exe => MD5 is legit C:\windows\system32\svchost.exe => MD5 is legit C:\windows\system32\services.exe => MD5 is legit C:\windows\system32\User32.dll => MD5 is legit C:\windows\system32\userinit.exe => MD5 is legit C:\windows\system32\rpcss.dll => MD5 is legit C:\windows\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top