Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus on Windows 7


  • This topic is locked This topic is locked
20 replies to this topic

#1 brendina

brendina

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 12 September 2012 - 02:57 PM

On Monday, September 10, 2012, I was using my computer and all was fine at first. About three hours into using it (mostly working on a writing project but occasionally searching for grammar answers on websites), I was doing a Google search and when I clicked on the link I wanted to follow, it redirected back to Google.com. I tried this several times, then tried searching "Google redirects back to Google" and saw that many people have posted similar things...that's when I realized this was a virus. I tried restarting the computer to see if that made any difference, but it didn't. I was using Firefox up to this point, but now decided to open Google Chrome and see if that made any difference. Now when I clicked on the links it my Google search, it redirected to ads.

My husband and I have been trying to figure out what to do ever since. We found this website last night and first tried the TDSS Rootkit Removing Tool, but it didn't find anything. We then started following the steps in the "Preparation Guide For Use..." I backed up our hard drive (virus and all). Here is the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Acer at 12:24:03 on 2012-09-12
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.314 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Cobian Backup 11\cbService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50212t155l04d4ww95w4552s23o
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50212t155l04d4ww95w4552s23o
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50212t155l04d4ww95w4552s23o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50212t155l04d4ww95w4552s23o
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CutePDF Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: CutePDF Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\acer\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [OLSBHGNHRF] rundll32 "c:\users\acer\appdata\roaming\KBDCZV.dll",udkf
uRun: [piqlfrxte] rundll32 "c:\users\acer\appdata\roaming\defragsvcz.dll",txuwxcu
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Cobian Backup 11 interface] "c:\program files\cobian backup 11\cbInterface.exe" -service
StartupFolder: c:\users\acer\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\acer\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{317BC2C8-2D50-4845-B6EC-857E3D8C4B17} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{317BC2C8-2D50-4845-B6EC-857E3D8C4B17}\2375942554533323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{317BC2C8-2D50-4845-B6EC-857E3D8C4B17}\3736275766663723030383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{317BC2C8-2D50-4845-B6EC-857E3D8C4B17}\5487472716364796F6E6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{317BC2C8-2D50-4845-B6EC-857E3D8C4B17}\7596E6475627963734F6D696E676 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{317BC2C8-2D50-4845-B6EC-857E3D8C4B17}\C41405C4D2055726C69636 : DhcpNameServer = 10.0.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\yypbcubx.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|about:home
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\acer\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\acer\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\acer\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-9-11 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files\cobian backup 11\cbService.exe [2012-9-11 1131008]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-1-8 107016]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-1-8 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-1-8 253952]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-1-8 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-10 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-1-8 103296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-10 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
.
=============== Created Last 30 ================
.
2012-09-12 19:11:14 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{db280153-a895-4950-bb47-e9eff2d964d8}\mpengine.dll
2012-09-12 02:07:34 -------- d-----w- c:\program files\Cobian Backup 11
2012-09-11 16:38:13 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-11 07:24:17 -------- d-----w- c:\users\acer\appdata\local\ElevatedDiagnostics
2012-09-10 22:42:54 147456 --sha-r- c:\users\acer\appdata\roaming\defragsvcz.dll
2012-09-10 22:42:48 147456 --sha-r- c:\users\acer\appdata\roaming\KBDCZV.dll
2012-09-10 18:36:05 -------- d-----w- c:\users\acer\appdata\roaming\OpenOffice.org
2012-08-16 01:39:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-16 01:38:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-08-16 01:38:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-15 18:16:24 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 18:16:22 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 18:16:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 18:16:03 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 18:15:58 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 18:15:58 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 18:15:55 768512 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
.
============= FINISH: 12:29:12.17 ===============


I was onto the next step and running GMER when it suddenly stopped working. The error message was something simple like "GMER stopped working unexpectedly. Windows will try to find out why." (Okay, that's not word for word, but the gist. :)) So I don't have that file to attach. Sorry.

And that's basically it! Any help you could offer would be VERY MUCH APPRECIATED!!! I'm no computer expert and have no idea how to fix this other than by asking people who are experts. I'm already super happy this site exists. Thanks!Attached File  Attach.txt   14.42KB   0 downloads

BC AdBot (Login to Remove)

 


#2 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 12 September 2012 - 08:05 PM

Update: I decided to try running GMER again and this time it seems to be working. It's been running for about the last 25 minutes and it's still going. Not sure if it's supposed to take that long, but at least it hasn't quit this time.

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 PM

Posted 12 September 2012 - 08:39 PM

GMER may have stalled out, so close the program and run the following instead:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 13 September 2012 - 01:03 AM

I believe GMER finished properly. I saved it as instructed and will attach it here. Thank you for your response, bleepin' tiger--will you please let me know if it looks like GMER did not get the needed information? Thanks!Attached File  ark.txt   3.49KB   1 downloads

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 PM

Posted 13 September 2012 - 06:34 PM

yes, thank-you for the GMER log, it did complete properly, if you could please now follow the FRST instructions

thank-you

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 14 September 2012 - 12:39 AM

All righty, just followed the FRST instructions. Here is the FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2012 01
Ran by SYSTEM at 13-09-2012 22:26:42
Running from G:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [1157640 2009-10-06] (Dritek System Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [233472 2009-10-15] (Alps Electric Co., Ltd.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask)
HKLM\...\Run: [Cobian Backup 11] "C:\Program Files\Cobian Backup 11\Cobian.exe" [720896 2012-07-31] (Luis Cobian, CobianSoft)
HKU\Acer\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-08] (Google Inc.)
HKU\Acer\...\Run: [Google Update] "C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-24] (Google Inc.)
HKU\Acer\...\Run: [OLSBHGNHRF] rundll32 "C:\Users\Acer\AppData\Roaming\KBDCZV.dll",udkf [147456 2012-09-10] ()
HKU\Acer\...\Run: [piqlfrxte] rundll32 "C:\Users\Acer\AppData\Roaming\defragsvcz.dll",txuwxcu [147456 2012-09-10] ()
HKU\Brendan\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-08] (Google Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [162336 2009-10-22] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [162336 2009-10-22] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Startup: C:\Users\Acer\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

==================== Services ================================

2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-07-31] (CobianSoft, Luis Cobian)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated)
3 GameConsoleService; "C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
3 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers =================================

3 EUCR; C:\Windows\system32\DRIVERS\EUCR6SK.SYS [103296 2009-11-22] (ENE Technology Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-13 22:26 - 2012-09-13 22:26 - 00000000 ____D C:\FRST
2012-09-13 21:09 - 2012-09-13 21:10 - 00903858 ____A (Farbar) C:\Users\Acer\Downloads\FRST.exe
2012-09-12 19:24 - 2012-09-12 19:24 - 00003572 ____A C:\Users\Acer\Desktop\ark.txt
2012-09-12 18:45 - 2012-09-12 18:59 - 00000000 ____D C:\Users\Acer\Desktop\101MSDCF
2012-09-12 11:35 - 2012-09-12 11:35 - 00000000 ____D C:\Users\Acer\Desktop\gmer
2012-09-12 11:34 - 2012-09-12 11:34 - 00294216 ____A C:\Users\Acer\Desktop\gmer.zip
2012-09-12 11:32 - 2012-09-12 11:32 - 00014767 ____A C:\Users\Acer\Desktop\Attach.txt
2012-09-12 11:32 - 2012-09-12 11:32 - 00013722 ____A C:\Users\Acer\Desktop\DDS.txt
2012-09-12 11:10 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 19:09 - 2012-09-11 19:09 - 00607260 ____R (Swearware) C:\Users\Acer\Desktop\dds.com
2012-09-11 18:07 - 2012-09-11 18:07 - 00000000 ____D C:\Program Files\Cobian Backup 11
2012-09-11 18:02 - 2012-09-11 18:03 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\Acer\Downloads\cbSetup.exe
2012-09-11 17:51 - 2012-09-11 17:52 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Acer\Desktop\eatfood.com.exe
2012-09-10 14:42 - 2012-09-10 14:42 - 00147456 _RASH C:\Users\Acer\AppData\Roaming\KBDCZV.dll
2012-09-10 14:42 - 2012-09-10 14:42 - 00147456 _RASH C:\Users\Acer\AppData\Roaming\defragsvcz.dll
2012-09-10 12:58 - 2012-09-10 12:59 - 00171710 ____A C:\Users\Acer\Downloads\The Magical and Mysterious Hand Dryer Museum.odt
2012-09-10 10:36 - 2012-09-10 10:36 - 00000000 ____D C:\Users\Acer\AppData\Roaming\OpenOffice.org
2012-09-08 10:50 - 2012-09-08 10:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-09-08 00:11 - 2012-09-08 00:11 - 00000000 ____D C:\Users\Acer\Desktop\slenderman
2012-09-08 00:10 - 2012-09-08 00:10 - 09791455 ____A C:\Users\Acer\Downloads\slenderman.zip
2012-09-08 00:06 - 2012-09-08 00:06 - 00897888 ____A C:\Users\Acer\Downloads\slenderman setup.exe
2012-09-05 12:17 - 2012-09-05 12:17 - 00000000 ____D C:\Users\Brendan\Desktop\brendanweinhold.com
2012-08-23 16:03 - 2012-08-23 16:06 - 176389683 ____A C:\Users\Brendan\Desktop\Johan Final without BG Noise-MPEG-4 .mp4
2012-08-18 22:20 - 2012-08-18 22:20 - 00009558 ____A C:\Users\Brendan\Desktop\uncommon friendships td.celtx
2012-08-18 22:10 - 2012-08-18 22:10 - 00020099 ____A C:\Users\Brendan\Desktop\TD commercial.celtx
2012-08-15 17:39 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 17:39 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 17:39 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 17:39 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 17:39 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 17:39 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 17:39 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 17:39 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 17:39 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 17:39 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 17:38 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 17:38 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 17:38 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 17:38 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 14:57 - 2012-08-15 14:57 - 00020214 ____A C:\Users\Brendan\Desktop\Fun awesome poet stuff..celtx
2012-08-15 13:28 - 2012-08-15 13:43 - 00000537 ____A C:\Users\Brendan\Desktop\ideamarketplace.txt
2012-08-15 10:16 - 2012-07-18 09:10 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 10:16 - 2012-05-04 23:44 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 10:16 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 10:16 - 2012-02-10 21:41 - 00316928 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 10:15 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 10:15 - 2012-07-04 13:23 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 10:15 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 10:15 - 2012-05-13 20:37 - 00768512 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 10:35 - 2012-08-14 10:35 - 00000053 ____A C:\Users\Brendan\Downloads\googleea160e4e0c7532c4.html

============ 3 Months Modified Files ========================

2012-09-13 21:20 - 2012-02-09 19:23 - 01071296 ____A C:\Windows\WindowsUpdate.log
2012-09-13 21:12 - 2012-04-07 08:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-13 21:12 - 2012-02-24 17:08 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266022415-3169375678-2913521197-1000UA.job
2012-09-13 21:12 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-13 21:12 - 2009-07-13 20:34 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-13 21:10 - 2012-09-13 21:09 - 00903858 ____A (Farbar) C:\Users\Acer\Downloads\FRST.exe
2012-09-13 20:24 - 2012-02-10 09:36 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-13 16:28 - 2012-02-10 09:36 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-13 16:26 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-13 16:25 - 2009-07-13 20:39 - 00059829 ____A C:\Windows\setupact.log
2012-09-13 08:26 - 2012-05-26 00:53 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-12 23:12 - 2012-02-24 17:08 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1266022415-3169375678-2913521197-1000Core.job
2012-09-12 19:24 - 2012-09-12 19:24 - 00003572 ____A C:\Users\Acer\Desktop\ark.txt
2012-09-12 18:57 - 2010-01-08 17:08 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-12 11:34 - 2012-09-12 11:34 - 00294216 ____A C:\Users\Acer\Desktop\gmer.zip
2012-09-12 11:32 - 2012-09-12 11:32 - 00014767 ____A C:\Users\Acer\Desktop\Attach.txt
2012-09-12 11:32 - 2012-09-12 11:32 - 00013722 ____A C:\Users\Acer\Desktop\DDS.txt
2012-09-11 19:09 - 2012-09-11 19:09 - 00607260 ____R (Swearware) C:\Users\Acer\Desktop\dds.com
2012-09-11 18:03 - 2012-09-11 18:02 - 19620864 ____A (Luis Cobian, CobianSoft) C:\Users\Acer\Downloads\cbSetup.exe
2012-09-11 17:52 - 2012-09-11 17:51 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Acer\Desktop\eatfood.com.exe
2012-09-10 15:38 - 2009-07-13 20:53 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-10 14:42 - 2012-09-10 14:42 - 00147456 _RASH C:\Users\Acer\AppData\Roaming\KBDCZV.dll
2012-09-10 14:42 - 2012-09-10 14:42 - 00147456 _RASH C:\Users\Acer\AppData\Roaming\defragsvcz.dll
2012-09-10 12:59 - 2012-09-10 12:58 - 00171710 ____A C:\Users\Acer\Downloads\The Magical and Mysterious Hand Dryer Museum.odt
2012-09-08 00:10 - 2012-09-08 00:10 - 09791455 ____A C:\Users\Acer\Downloads\slenderman.zip
2012-09-08 00:06 - 2012-09-08 00:06 - 00897888 ____A C:\Users\Acer\Downloads\slenderman setup.exe
2012-09-05 14:45 - 2012-05-19 10:31 - 00000600 ____A C:\Users\Brendan\AppData\Local\PUTTY.RND
2012-09-04 11:29 - 2012-06-08 14:32 - 00002294 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-23 16:06 - 2012-08-23 16:03 - 176389683 ____A C:\Users\Brendan\Desktop\Johan Final without BG Noise-MPEG-4 .mp4
2012-08-18 22:20 - 2012-08-18 22:20 - 00009558 ____A C:\Users\Brendan\Desktop\uncommon friendships td.celtx
2012-08-18 22:10 - 2012-08-18 22:10 - 00020099 ____A C:\Users\Brendan\Desktop\TD commercial.celtx
2012-08-15 23:01 - 2009-07-13 20:33 - 00434888 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 14:57 - 2012-08-15 14:57 - 00020214 ____A C:\Users\Brendan\Desktop\Fun awesome poet stuff..celtx
2012-08-15 13:43 - 2012-08-15 13:28 - 00000537 ____A C:\Users\Brendan\Desktop\ideamarketplace.txt
2012-08-14 10:35 - 2012-08-14 10:35 - 00000053 ____A C:\Users\Brendan\Downloads\googleea160e4e0c7532c4.html
2012-08-14 09:59 - 2010-01-08 18:05 - 00725228 ____A C:\Windows\PFRO.log
2012-08-13 13:21 - 2012-08-13 13:21 - 00027052 ____A C:\Users\Brendan\Desktop\Scene with oded for class in and out.celtx
2012-08-04 22:20 - 2012-08-04 22:20 - 00116824 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-04 22:19 - 2012-08-04 22:19 - 00000020 __ASH C:\Users\Guest\ntuser.ini
2012-08-02 09:05 - 2012-09-12 11:10 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-07-30 09:00 - 2012-07-30 09:00 - 00036361 ____A C:\Users\Brendan\Desktop\13 & 33edit.celtx
2012-07-22 19:12 - 2012-07-22 19:12 - 00036360 ____A C:\Users\Brendan\Desktop\13 & 33.celtx
2012-07-22 16:31 - 2012-07-22 16:31 - 00040942 ____A C:\Users\Brendan\Desktop\TraBren.celtx
2012-07-21 09:25 - 2012-07-21 09:23 - 70793241 ____A C:\Users\Brendan\Downloads\TheDarkWoods.zip
2012-07-18 09:10 - 2012-08-15 10:16 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 23:29 - 2012-07-16 23:28 - 00421640 ____A C:\Users\Brendan\Downloads\bykhe30.zip
2012-07-16 18:55 - 2012-07-16 18:55 - 00154270 ____A C:\Users\Brendan\Desktop\jack_benny.jpeg
2012-07-13 11:46 - 2012-07-13 11:46 - 00012761 ____A C:\Users\Acer\Downloads\Address Book - Households.csv
2012-07-12 00:13 - 2009-07-13 18:04 - 00000510 ____A C:\Windows\win.ini
2012-07-04 13:26 - 2012-08-15 10:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:23 - 2012-08-15 10:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:23 - 2012-08-15 10:15 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-06-28 16:52 - 2012-08-15 17:38 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-15 17:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-15 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-15 17:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-15 17:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-15 17:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 17:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-15 17:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 17:39 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-15 17:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 17:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-15 17:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 17:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 17:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-25 10:26 - 2012-06-25 10:26 - 00002125 ____A C:\Users\Public\Desktop\Magic Online.lnk
2012-06-25 09:40 - 2012-02-09 19:39 - 00069808 ____A C:\Windows\DirectX.log
2012-06-24 23:57 - 2012-06-24 23:57 - 01128776 ____A C:\Users\Brendan\Downloads\MTGOIII_Helper.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-27 08:32:13
Restore point made on: 2012-08-31 10:28:14
Restore point made on: 2012-09-03 19:49:32
Restore point made on: 2012-09-07 15:17:25
Restore point made on: 2012-09-11 08:37:04
Restore point made on: 2012-09-11 09:46:42
Restore point made on: 2012-09-11 18:23:57
Restore point made on: 2012-09-11 20:31:51
Restore point made on: 2012-09-13 08:22:05
Restore point made on: 2012-09-13 19:14:09

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1013.1 MB
Available physical RAM: 533.32 MB
Total Pagefile: 1013.1 MB
Available Pagefile: 536.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

==================== Partitions ============================

1 Drive c: (Acer) (Fixed) (Total:136.95 GB) (Free:74.55 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:4.19 GB) NTFS
3 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive g: () (Removable) (Total:7.47 GB) (Free:4.39 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 7657 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 31 KB
Partition 2 Primary 101 MB 12 GB
Partition 3 Primary 136 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 101 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partition 136 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7655 MB Healthy

==================================================================================

Last Boot: 2012-09-09 08:38

==================== End Of Log =============================

And here is the Search.txt:

Farbar Recovery Scan Tool (x86) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-13 22:29:09
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Thank you for helping us with this!

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 PM

Posted 14 September 2012 - 06:10 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
HKU\Acer\...\Run: [OLSBHGNHRF] rundll32 "C:\Users\Acer\AppData\Roaming\KBDCZV.dll",udkf [147456 2012-09-10] ()
HKU\Acer\...\Run: [piqlfrxte] rundll32 "C:\Users\Acer\AppData\Roaming\defragsvcz.dll",txuwxcu [147456 2012-09-10] ()
2012-09-10 14:42 - 2012-09-10 14:42 - 00147456 _RASH C:\Users\Acer\AppData\Roaming\KBDCZV.dll
2012-09-10 14:42 - 2012-09-10 14:42 - 00147456 _RASH C:\Users\Acer\AppData\Roaming\defragsvcz.dll
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT



Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Edited by CatByte, 14 September 2012 - 05:34 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 14 September 2012 - 05:20 PM

Here is the Filxlog.text, moving on to the next step now. Thanks!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-14 15:09:27 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\Acer\Software\Microsoft\Windows\CurrentVersion\Run\\OLSBHGNHRF Value deleted successfully.
HKEY_USERS\Acer\Software\Microsoft\Windows\CurrentVersion\Run\\piqlfrxte Value deleted successfully.
C:\Users\Acer\AppData\Roaming\defragsvcz.dll moved successfully.

==== End of Fixlog ====

#9 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 14 September 2012 - 05:57 PM

Here is the log from the Malwarebytes Anti-Malware scanner module:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.14.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Acer :: ACER-PC [administrator]

Protection: Enabled

9/14/2012 3:28:04 PM
mbam-log-2012-09-14 (15-28-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232942
Time elapsed: 14 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Acer\Downloads\slenderman setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
C:\Users\Brendan\Downloads\freefileviewer_2_1283.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

And here is the log from the Malwarebytes Anti-Walware protection module:
2012/09/14 15:26:36 -0700 ACER-PC Acer MESSAGE Executing scheduled update: Daily
2012/09/14 15:26:55 -0700 ACER-PC Acer MESSAGE Starting protection
2012/09/14 15:26:55 -0700 ACER-PC Acer MESSAGE Protection started successfully
2012/09/14 15:26:55 -0700 ACER-PC Acer MESSAGE Starting IP protection
2012/09/14 15:27:07 -0700 ACER-PC Acer MESSAGE IP Protection started successfully
2012/09/14 15:27:10 -0700 ACER-PC Acer MESSAGE Starting database refresh
2012/09/14 15:27:10 -0700 ACER-PC Acer MESSAGE Stopping IP protection
2012/09/14 15:27:10 -0700 ACER-PC Acer MESSAGE Scheduled update executed successfully: database updated from version v2012.09.07.13 to version v2012.09.14.07
2012/09/14 15:27:11 -0700 ACER-PC Acer MESSAGE IP Protection stopped successfully
2012/09/14 15:27:21 -0700 ACER-PC Acer MESSAGE Database refreshed successfully
2012/09/14 15:27:21 -0700 ACER-PC Acer MESSAGE Starting IP protection
2012/09/14 15:27:31 -0700 ACER-PC Acer MESSAGE IP Protection started successfully
2012/09/14 15:48:50 -0700 ACER-PC Acer MESSAGE Starting protection
2012/09/14 15:48:50 -0700 ACER-PC Acer MESSAGE Protection started successfully
2012/09/14 15:48:50 -0700 ACER-PC Acer MESSAGE Starting IP protection
2012/09/14 15:49:16 -0700 ACER-PC Acer MESSAGE IP Protection started successfully

It found two things! I think I got infected when I downloaded a game. :( *hangs head sheepishly*
Moving on to the next step now.

#10 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 15 September 2012 - 02:10 AM

Here is the ESETSCAN report:

C:\FRST\Quarantine\defragsvcz.dll a variant of Win32/Kryptik.AKCO trojan
C:\Program Files\Raw Image Viewer\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Users\Acer\AppData\Roaming\KBDCZV.dll a variant of Win32/Kryptik.AKCO trojan
C:\Users\Brendan\Downloads\RAWImageViewerSetup.exe Win32/Toolbar.Babylon application


Thanks!

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 PM

Posted 15 September 2012 - 07:22 AM

Please run the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Program Files\Raw Image Viewer\MyBabylonTB.exe 
C:\Users\Acer\AppData\Roaming\KBDCZV.dll 
C:\Users\Brendan\Downloads\RAWImageViewerSetup.exe 
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 16 September 2012 - 01:28 AM

Hello!

Here is the Fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-15 22:56:11 Run:2
Running from G:\

==============================================

C:\Program Files\Raw Image Viewer\MyBabylonTB.exe moved successfully.
C:\Users\Acer\AppData\Roaming\KBDCZV.dll moved successfully.
C:\Users\Brendan\Downloads\RAWImageViewerSetup.exe moved successfully.

==== End of Fixlog ====

Here is the AdwCleaner report:
# AdwCleaner v2.001 - Logfile created 09/15/2012 at 23:16:36
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Acer - ACER-PC
# Boot Mode : Normal
# Running from : C:\Users\Acer\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Acer\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Acer\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Brendan\AppData\Local\APN
Folder Deleted : C:\Users\Brendan\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Brendan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\s6csacqm.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\yypbcubx.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/?shva=1#inbox|about:home");

Profile name : default
File : C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\s6csacqm.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Brendan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4482 octets] - [15/09/2012 23:16:36]

########## EOF - C:\AdwCleaner[S1].txt - [4542 octets] ##########

I just did a brief Google search and when I clicked on the link for the search result, it went to the correct page! Does this mean everything is good now? THANK YOU, THANK YOU, THANK YOU!!!!!!!!!!!

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:31 PM

Posted 16 September 2012 - 08:25 AM

yes it's looking good, we just have to check for any broken services or outdated programs,

please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by CatByte, 16 September 2012 - 02:26 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 16 September 2012 - 02:07 PM

All righty, here is the Result.txt from MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Brendan (administrator) on 16-09-2012 at 11:59:44
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================




=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acer Assist
Acer Crystal Eye webcam Ver:1.1.121.1113 (Version: 1.1.121.1113)
Acer ePower Management (Version: 4.05.3004)
Acer eRecovery Management (Version: 4.05.3005)
Acer Games (Version: 1.0.0.71)
Acer Registration (Version: 1.02.3006)
Acer ScreenSaver (Version: 1.2.1026)
Acer Updater (Version: 1.01.3017)
Acer VCM (Version: 4.05.3000)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Reader 9.1 MUI (Version: 9.1.0)
ALPS Touch Pad Driver (Version: 7.5.2002.1110)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.14)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.19)
Celtx (2.9.1) (Version: 2.9.1 (en-US))
Cobian Backup 11 Gravity
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CutePDF Editor Toolbar Updater (Version: 1.2.2.23821)
CutePDF Writer 3.0
eSobi v2 (Version: 2.0.4.000274)
FastStone Image Viewer 4.6 (Version: 4.6)
FileZilla Client 3.5.3 (Version: 3.5.3)
Flixster Collections (Version: 1.0.76)
Google Chrome (Version: 21.0.1180.89)
Google Talk Plugin (Version: 3.6.1.9117)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
Identity Card (Version: 1.00.3002)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.1929)
Intel® Matrix Storage Manager
iTunes (Version: 10.6.1.7)
Junk Mail filter update (Version: 14.0.8089.726)
Launch Manager (Version: 3.0.07)
Magic Online (Version: 3.00.0000)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 14.0.1468.721)
MyWinLocker (Version: 3.1.76.0)
OpenOffice.org 3.4 (Version: 3.4.9590)
RAW Image Viewer
Realtek High Definition Audio Driver (Version: 6.0.1.5999)
Skype Click to Call (Version: 5.10.9560)
Skype™ 5.10 (Version: 5.10.116)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center (Version: 1.00.3008)
Windows Driver Package - ENE (EUCR) USB (11/23/2009 5.89.0.62) (Version: 11/23/2009 5.89.0.62)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

**** End of log ****

And here is the FSS.txt:

Farbar Service Scanner Version: 06-08-2012
Ran by Brendan (administrator) on 16-09-2012 at 12:06:16
Running from "C:\Users\Brendan\Desktop"
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 06:59] - [2012-03-30 03:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2012-02-16 13:11] - [2011-03-02 22:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 16:53] - [2009-07-13 18:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 16:54] - [2009-07-13 18:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 16:23] - [2009-07-13 18:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 16:24] - [2009-07-13 18:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2012-02-16 13:08] - [2010-12-20 22:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 16:30] - [2009-07-13 18:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-12 15:15] - [2012-04-23 21:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Thanks!

#15 brendina

brendina
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 16 September 2012 - 02:10 PM

Does it matter that I was logged in as a different user every time prior to today?

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users