Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible ZeroAccess infection - Vista


  • This topic is locked This topic is locked
12 replies to this topic

#1 thanejudy

thanejudy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 03 June 2013 - 11:18 AM

See topic:

 

http://www.bleepingcomputer.com/forums/t/496817/all-downloads-marked-as-virus/#entry3068189

 

The machine is Vista home basic.  I used RKILL in safe mode and also manual steps to remove and reinstall MS IE.  Malware Bytes was run and CCCleaner.  Machine checks clean but still all downloads regardless of browser are marked as infected.

 

Thanks

Attached File  attach.txt   29.46KB   1 downloadsAttached File  dds.txt   18.57KB   2 downloads



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 04 June 2013 - 09:45 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 thanejudy

thanejudy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 June 2013 - 09:13 AM

Let's close this. Mbar fixed it along with the Sophos scan to remove leftovers. I manually corrected the hosts file as well. Ran msse avg and Sophos and hitman pro. All clean. Downloads now work. No evidence of infection. I would be happy to run this tool though if it might reveal anything that might help you in the future.

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 05 June 2013 - 10:23 AM

Thanks for letting me know.  There is no need to run the tool if you are confident you have the computer cleaned up.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 thanejudy

thanejudy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 June 2013 - 10:24 AM

Well - it looks pretty clean but I tried to clean up AVG (remove) and Hitman Pro and it looks like traces are still there.  Is the barbie thing malware?

 

FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Stacey (administrator) on 05-06-2013 08:03:52
Running from C:\Users\Stacey\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
() c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVG Secure Search) C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(BodyMedia, Inc.) C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(TeamViewer GmbH) C:\Users\Stacey\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Stacey\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) c:\users\stacey\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448080 2007-06-15] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [712704 2008-01-22] (TOSHIBA Corporation)
HKLM\...\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup [1532760 2011-06-14] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [BarbieVideoGirlAutoLauncher] "C:\Program Files\Barbie Video Girl Autolauncher.exe" [385536 2010-09-21] ()
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [1226928 2013-06-03] (AVG Secure Search)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\BodyMedia Sync.lnk
ShortcutTarget: BodyMedia Sync.lnk -> C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe (BodyMedia, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Stacey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us-mg6.mail.yahoo.com/neo/launch?.rand=95eqsv4dn0pi9
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {2E6D23D6-B024-4AFC-957D-9BF4E0DAB530} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {89DEE6EB-16B6-4A8E-AD95-8BC4AC213CFB} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Unity Player) - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Stacey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Stacey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Stacey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Stacey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (WebCake) - C:\Users\Stacey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0
CHR Extension: (Gmail) - C:\Users\Stacey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
========================== Services (Whitelisted) =================
 
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-01-30] (WildTangent, Inc.)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-06-03] (AVG Secure Search)
S2 HitmanPro37CrusaderBoot; "C:\Users\Stacey\Desktop\HitmanPro.exe" /crusader:boot [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-06-03] (AVG Technologies)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-12-08] (FTDI Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 SQTECH900A; C:\Windows\System32\Drivers\CaptFXV2.sys [128640 2010-01-28] (Service & Quality Technology.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-05 08:03 - 2013-06-05 08:03 - 00000000 ____D C:\FRST
2013-06-05 08:02 - 2013-06-05 08:03 - 01357013 ____A (Farbar) C:\Users\Stacey\Downloads\FRST.exe
2013-06-05 07:33 - 2013-06-05 07:33 - 00000232 ____A C:\Users\Stacey\Desktop\(8 unread) - staceytherron - Yahoo! Mail.url
2013-06-04 12:43 - 2013-05-31 09:25 - 03975952 ____A (TeamViewer) C:\Users\Stacey\Downloads\TeamViewerQS_en.exe
2013-06-04 08:33 - 2013-06-04 08:33 - 00001903 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-04 08:33 - 2013-06-04 08:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-04 08:33 - 2013-06-04 08:33 - 00000000 ____D C:\Program Files\Adobe
2013-06-04 05:51 - 2013-06-04 05:51 - 00000000 ____D C:\ProgramData\Sun
2013-06-04 05:51 - 2013-06-04 05:48 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-04 05:50 - 2013-06-04 05:48 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-04 05:50 - 2013-06-04 05:48 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-04 05:49 - 2013-06-04 05:48 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-04 05:49 - 2013-06-04 05:48 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-04 05:49 - 2013-06-04 05:48 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-04 05:47 - 2013-06-04 05:47 - 00000000 ____D C:\ProgramData\McAfee
2013-06-03 17:56 - 2013-06-03 17:56 - 00000000 ____D C:\Users\Stacey\AppData\Local\AVG SafeGuard toolbar
2013-06-03 17:54 - 2013-06-03 17:54 - 00000000 ____D C:\Users\Stacey\AppData\Roaming\TuneUp Software
2013-06-03 17:54 - 2013-06-03 17:53 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-06-03 17:53 - 2013-06-03 17:54 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-03 17:53 - 2013-06-03 17:53 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-06-03 17:43 - 2013-06-04 08:05 - 00000000 ____D C:\ProgramData\MFAData
2013-06-03 17:43 - 2013-06-04 07:56 - 00000000 ____D C:\Users\Stacey\AppData\Local\Avg2013
2013-06-03 17:43 - 2013-06-03 17:43 - 00000000 ____D C:\Users\Stacey\AppData\Local\MFAData
2013-06-03 14:16 - 2013-06-03 14:16 - 00000000 ____D C:\ProgramData\Sophos
2013-06-03 13:10 - 2013-06-03 13:11 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Stacey\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-03 10:49 - 2013-06-03 13:30 - 00000000 ____D C:\mbar
2013-06-03 10:39 - 2013-06-03 10:39 - 00000000 ____D C:\mbar-1.06.0.1003
2013-06-02 05:28 - 2013-06-02 06:05 - 00000000 ___RD C:\Users\Stacey\Documents\CCPYMTS
2013-06-01 21:19 - 2013-06-01 21:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-01 01:16 - 2013-06-01 01:16 - 00016801 ____A C:\ComboFix.txt
2013-06-01 00:22 - 2013-06-01 01:16 - 00000000 ____D C:\Qoobox
2013-06-01 00:22 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-01 00:22 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-01 00:22 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-01 00:22 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-01 00:22 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-01 00:22 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-01 00:22 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-01 00:22 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-01 00:20 - 2013-06-01 01:12 - 00000000 ____D C:\Windows\erdnt
2013-06-01 00:18 - 2013-06-01 00:18 - 00000077 ____A C:\Windows\System32\reset.bat
2013-05-31 23:27 - 2013-05-31 23:27 - 00000000 ____D C:\Intuit
2013-05-31 21:55 - 2013-05-31 21:55 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-31 16:04 - 2013-05-31 21:55 - 00001584 ____A C:\Windows\System32\.crusader
2013-05-31 15:58 - 2013-05-31 16:04 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-31 14:04 - 2013-05-31 14:04 - 00000000 ____D C:\Users\Stacey\Downloads\Fix it portable
2013-05-31 13:45 - 2013-01-27 23:03 - 11091432 ____A (Microsoft Corporation) C:\Users\Stacey\Downloads\mseinstall.exe
2013-05-31 13:28 - 2013-05-31 13:28 - 00078736 ____A C:\Users\Stacey\Documents\cc_20130531_132836.reg
2013-05-31 11:31 - 2013-05-31 11:32 - 380920842 ____A C:\Users\Stacey\Documents\regbackup.reg
2013-05-31 10:38 - 2011-04-20 01:02 - 00899584 ____A C:\Users\Stacey\Downloads\MicrosoftFixit50535.msi
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Windows\System32\searchplugins
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Windows\System32\Extensions
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-31 09:39 - 2013-06-03 11:07 - 00000000 ____D C:\Users\Stacey\AppData\Roaming\TeamViewer
2013-05-30 17:16 - 2013-05-30 17:16 - 00000680 ____A C:\Users\Stacey\AppData\Local\d3d9caps.dat
2013-05-29 20:27 - 2013-05-29 20:34 - 00000000 ____D C:\ProgramData\8493B09B057FBC85000084932C0FC470
2013-05-28 02:15 - 2013-05-28 02:17 - 00000633 ____A C:\Users\Stacey\Desktop\Hubbells.lnk
2013-05-27 16:42 - 2013-05-27 16:42 - 00001982 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-23 20:51 - 2013-05-23 20:51 - 00014297 ____A C:\Users\Stacey\Documents\Codes1.xlsx
2013-05-16 03:13 - 2013-05-05 12:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:13 - 2013-05-05 12:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:01 - 2013-04-04 15:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-04 15:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:01 - 2013-04-04 15:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 15:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-04 15:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-04 15:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:01 - 2013-04-04 14:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:01 - 2013-04-04 14:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:01 - 2013-04-04 14:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 14:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:01 - 2013-04-04 14:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 14:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-04 14:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 14:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 19:10 - 2013-04-15 07:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 19:10 - 2013-04-13 03:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 19:04 - 2013-04-08 18:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 01:44 - 2013-05-13 01:44 - 00000000 ____D C:\Users\Stacey\Documents\CarFax
2013-05-11 16:16 - 2013-05-31 13:38 - 00000000 ____D C:\Program Files\Windows Live
2013-05-11 16:13 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2013-05-11 16:13 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2013-05-11 16:13 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2013-05-11 16:10 - 2013-05-11 20:47 - 00000000 ____D C:\Users\Stacey\AppData\Local\Windows Live
2013-05-11 16:10 - 2013-05-11 16:10 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-05-11 16:09 - 2009-08-04 01:02 - 00754688 ____A (Microsoft Corporation) C:\Windows\System32\webservices.dll
2013-05-11 16:08 - 2013-05-14 22:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-11 16:07 - 2013-05-11 16:07 - 00000814 ____A C:\Windows\setupact.log
2013-05-11 16:07 - 2013-05-11 16:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-05-11 16:07 - 2013-05-11 16:07 - 00000000 ____A C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders ========
 
2013-06-05 08:03 - 2013-06-05 08:03 - 00000000 ____D C:\FRST
2013-06-05 08:03 - 2013-06-05 08:02 - 01357013 ____A (Farbar) C:\Users\Stacey\Downloads\FRST.exe
2013-06-05 07:33 - 2013-06-05 07:33 - 00000232 ____A C:\Users\Stacey\Desktop\(8 unread) - staceytherron - Yahoo! Mail.url
2013-06-05 07:29 - 2010-02-05 00:45 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-05 07:28 - 2013-01-04 22:09 - 00000000 ____D C:\Users\Stacey\Documents\JACQUELINE
2013-06-05 07:28 - 2008-12-09 14:17 - 00000000 ____D C:\Users\Stacey\AppData\Roaming\Adobe
2013-06-05 07:18 - 2012-04-21 12:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-05 07:07 - 2008-08-27 20:52 - 01278905 ____A C:\Windows\WindowsUpdate.log
2013-06-05 06:53 - 2010-02-05 00:45 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-05 06:53 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 06:53 - 2006-11-02 05:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-05 06:53 - 2006-11-02 05:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-04 23:52 - 2006-11-02 06:01 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-04 17:22 - 2012-03-04 00:47 - 00034292 ____A C:\Windows\PFRO.log
2013-06-04 09:34 - 2008-12-29 15:16 - 00000000 ____D C:\Users\Stacey\AppData\Local\Adobe
2013-06-04 08:33 - 2013-06-04 08:33 - 00001903 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-06-04 08:33 - 2013-06-04 08:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-04 08:33 - 2013-06-04 08:33 - 00000000 ____D C:\Program Files\Adobe
2013-06-04 08:33 - 2008-02-12 19:03 - 00000000 ____D C:\ProgramData\Adobe
2013-06-04 08:27 - 2012-04-21 12:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-04 08:27 - 2011-05-13 07:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-04 08:05 - 2013-06-03 17:43 - 00000000 ____D C:\ProgramData\MFAData
2013-06-04 07:56 - 2013-06-03 17:43 - 00000000 ____D C:\Users\Stacey\AppData\Local\Avg2013
2013-06-04 05:51 - 2013-06-04 05:51 - 00000000 ____D C:\ProgramData\Sun
2013-06-04 05:51 - 2008-02-12 19:15 - 00000000 ____D C:\Program Files\Common Files\Java
2013-06-04 05:48 - 2013-06-04 05:51 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-04 05:48 - 2013-06-04 05:50 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-04 05:48 - 2013-06-04 05:50 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-04 05:48 - 2013-06-04 05:49 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-04 05:48 - 2013-06-04 05:49 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-04 05:48 - 2013-06-04 05:49 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-04 05:48 - 2008-02-12 19:15 - 00000000 ____D C:\Program Files\Java
2013-06-04 05:47 - 2013-06-04 05:47 - 00000000 ____D C:\ProgramData\McAfee
2013-06-03 17:56 - 2013-06-03 17:56 - 00000000 ____D C:\Users\Stacey\AppData\Local\AVG SafeGuard toolbar
2013-06-03 17:54 - 2013-06-03 17:54 - 00000000 ____D C:\Users\Stacey\AppData\Roaming\TuneUp Software
2013-06-03 17:54 - 2013-06-03 17:53 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-06-03 17:53 - 2013-06-03 17:54 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-06-03 17:53 - 2013-06-03 17:53 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-06-03 17:43 - 2013-06-03 17:43 - 00000000 ____D C:\Users\Stacey\AppData\Local\MFAData
2013-06-03 14:16 - 2013-06-03 14:16 - 00000000 ____D C:\ProgramData\Sophos
2013-06-03 13:30 - 2013-06-03 10:49 - 00000000 ____D C:\mbar
2013-06-03 13:11 - 2013-06-03 13:10 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Stacey\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-03 11:07 - 2013-05-31 09:39 - 00000000 ____D C:\Users\Stacey\AppData\Roaming\TeamViewer
2013-06-03 10:39 - 2013-06-03 10:39 - 00000000 ____D C:\mbar-1.06.0.1003
2013-06-02 06:05 - 2013-06-02 05:28 - 00000000 ___RD C:\Users\Stacey\Documents\CCPYMTS
2013-06-01 21:20 - 2013-06-01 21:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-01 21:20 - 2011-01-31 23:33 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-01 01:16 - 2013-06-01 01:16 - 00016801 ____A C:\ComboFix.txt
2013-06-01 01:16 - 2013-06-01 00:22 - 00000000 ____D C:\Qoobox
2013-06-01 01:16 - 2006-11-02 04:18 - 00000000 __RHD C:\users\Default
2013-06-01 01:16 - 2006-11-02 04:18 - 00000000 ___RD C:\users\Public
2013-06-01 01:12 - 2013-06-01 00:20 - 00000000 ____D C:\Windows\erdnt
2013-06-01 01:08 - 2006-11-02 03:23 - 00000215 ____A C:\Windows\system.ini
2013-06-01 00:18 - 2013-06-01 00:18 - 00000077 ____A C:\Windows\System32\reset.bat
2013-05-31 23:27 - 2013-05-31 23:27 - 00000000 ____D C:\Intuit
2013-05-31 23:24 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\MSAgent
2013-05-31 21:55 - 2013-05-31 21:55 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-31 21:55 - 2013-05-31 16:04 - 00001584 ____A C:\Windows\System32\.crusader
2013-05-31 16:04 - 2013-05-31 15:58 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-31 14:23 - 2011-01-31 23:31 - 00000000 ____D C:\Program Files\Delete_this_mess
2013-05-31 14:04 - 2013-05-31 14:04 - 00000000 ____D C:\Users\Stacey\Downloads\Fix it portable
2013-05-31 13:52 - 2008-02-12 19:09 - 00000000 ____D C:\ProgramData\Symantec
2013-05-31 13:52 - 2008-02-12 19:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-05-31 13:38 - 2013-05-11 16:16 - 00000000 ____D C:\Program Files\Windows Live
2013-05-31 13:28 - 2013-05-31 13:28 - 00078736 ____A C:\Users\Stacey\Documents\cc_20130531_132836.reg
2013-05-31 11:32 - 2013-05-31 11:31 - 380920842 ____A C:\Users\Stacey\Documents\regbackup.reg
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Windows\System32\searchplugins
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Windows\System32\Extensions
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-31 09:42 - 2006-11-02 03:33 - 00721710 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 09:31 - 2013-03-14 10:01 - 00000000 ____D C:\Users\Stacey\AppData\Roaming\IrfanView
2013-05-31 09:31 - 2006-11-02 05:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-31 09:31 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2013-05-31 09:31 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\System32\spool
2013-05-31 09:31 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-31 09:31 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\rescache
2013-05-31 09:30 - 2009-05-17 17:33 - 00000000 ____D C:\Users\Stacey\AppData\Local\Microsoft Help
2013-05-31 09:30 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2013-05-31 09:25 - 2013-06-04 12:43 - 03975952 ____A (TeamViewer) C:\Users\Stacey\Downloads\TeamViewerQS_en.exe
2013-05-30 17:16 - 2013-05-30 17:16 - 00000680 ____A C:\Users\Stacey\AppData\Local\d3d9caps.dat
2013-05-29 21:03 - 2009-11-15 00:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-29 20:56 - 2013-03-16 01:47 - 00000119 ____A C:\Users\Stacey\AppData\Roaming\mbam.context.scan
2013-05-29 20:34 - 2013-05-29 20:27 - 00000000 ____D C:\ProgramData\8493B09B057FBC85000084932C0FC470
2013-05-28 02:17 - 2013-05-28 02:15 - 00000633 ____A C:\Users\Stacey\Desktop\Hubbells.lnk
2013-05-27 17:07 - 2009-05-12 23:51 - 00000000 ____D C:\Windows\Google Toolbar
2013-05-27 16:42 - 2013-05-27 16:42 - 00001982 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-27 16:42 - 2008-02-12 19:32 - 00000000 ____D C:\Program Files\Google
2013-05-27 11:53 - 2009-12-03 04:25 - 00000000 ____D C:\QuickBooks
2013-05-23 20:51 - 2013-05-23 20:51 - 00014297 ____A C:\Users\Stacey\Documents\Codes1.xlsx
2013-05-17 06:52 - 2006-11-02 05:37 - 00000000 ____D C:\Windows\Performance
2013-05-16 03:41 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 03:33 - 2006-11-02 05:47 - 00418264 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 03:14 - 2008-08-27 20:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 03:03 - 2006-11-02 03:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-14 22:48 - 2013-05-11 16:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-13 02:01 - 2013-01-25 21:54 - 00000000 ____D C:\Users\Stacey\Documents\BUNCO
2013-05-13 01:50 - 2009-12-25 04:51 - 00001358 ____A C:\Users\Stacey\Documents\GREEN JELLO SALAD.txt
2013-05-13 01:44 - 2013-05-13 01:44 - 00000000 ____D C:\Users\Stacey\Documents\CarFax
2013-05-11 20:47 - 2013-05-11 16:10 - 00000000 ____D C:\Users\Stacey\AppData\Local\Windows Live
2013-05-11 16:29 - 2008-12-09 14:12 - 00120248 ____A C:\Users\Stacey\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-11 16:19 - 2011-05-30 13:40 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-11 16:15 - 2006-11-02 04:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-11 16:10 - 2013-05-11 16:10 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-05-11 16:09 - 2008-12-09 14:12 - 00000000 ____D C:\users\Stacey
2013-05-11 16:07 - 2013-05-11 16:07 - 00000814 ____A C:\Windows\setupact.log
2013-05-11 16:07 - 2013-05-11 16:07 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01007.Wdf
2013-05-11 16:07 - 2013-05-11 16:07 - 00000000 ____A C:\Windows\setuperr.log
 
Files to move or delete:
====================
C:\Users\Stacey\BarbieVideoGirlSetup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2013-06-05 07:00
 
==================== End Of Log ============================

 

 

Addition:

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by Stacey at 2013-06-05 08:05:07 Run:
Running from C:\Users\Stacey\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Atheros Driver Installation Program (Version: 7.1)
Atheros Wi-Fi Protected Setup Library
ATI Catalyst Install Manager (Version: 3.0.634.0)
AVG SafeGuard toolbar (Version: 15.2.0.5)
Barbie Video Girl (Version: 1.0.0.21)
Barbie Video Girl Driver (Version: 1.38.0000)
Blue's Preschool
BodyMedia SYNC (Version: 2.2.0.93)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2007.0815.2326.40058)
Catalyst Control Center Graphics Full Existing (Version: 2007.0815.2326.40058)
Catalyst Control Center Graphics Full New (Version: 2007.0815.2326.40058)
Catalyst Control Center Graphics Light (Version: 2007.0815.2326.40058)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Czech (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Danish (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Dutch (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Finnish (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization French (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization German (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Greek (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Hungarian (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Italian (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Japanese (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Korean (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Norwegian (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Polish (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Portuguese (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Russian (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Spanish (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Swedish (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Thai (Version: 2007.0815.2326.40058)
Catalyst Control Center Localization Turkish (Version: 2007.0815.2326.40058)
CCC Help Chinese Standard (Version: 2007.0815.2325.40058)
CCC Help Chinese Traditional (Version: 2007.0815.2325.40058)
CCC Help Czech (Version: 2007.0815.2325.40058)
CCC Help Danish (Version: 2007.0815.2325.40058)
CCC Help Dutch (Version: 2007.0815.2325.40058)
CCC Help English (Version: 2007.0815.2325.40058)
CCC Help Finnish (Version: 2007.0815.2325.40058)
CCC Help French (Version: 2007.0815.2325.40058)
CCC Help German (Version: 2007.0815.2325.40058)
CCC Help Greek (Version: 2007.0815.2325.40058)
CCC Help Hungarian (Version: 2007.0815.2325.40058)
CCC Help Italian (Version: 2007.0815.2325.40058)
CCC Help Japanese (Version: 2007.0815.2325.40058)
CCC Help Korean (Version: 2007.0815.2325.40058)
CCC Help Norwegian (Version: 2007.0815.2325.40058)
CCC Help Polish (Version: 2007.0815.2325.40058)
CCC Help Portuguese (Version: 2007.0815.2325.40058)
CCC Help Russian (Version: 2007.0815.2325.40058)
CCC Help Spanish (Version: 2007.0815.2325.40058)
CCC Help Swedish (Version: 2007.0815.2325.40058)
CCC Help Thai (Version: 2007.0815.2325.40058)
CCC Help Turkish (Version: 2007.0815.2325.40058)
ccc-core-static (Version: 2007.0815.2326.40058)
ccc-utility (Version: 2007.0815.2326.40058)
CCleaner (Version: 3.14)
CD/DVD Drive Acoustic Silencer (Version: 2.02.01)
Clifford Learning Activities
Coupon Printer for Windows (Version: 5.0.0.2)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
DVD MovieFactory for TOSHIBA (Version: 5.51)
Fax (Version: 130.0.418.000)
GearDrvs (Version: 1)
GearDrvs (Version: 1.00.0000)
Google Chrome (Version: 27.0.1453.94)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 3 (Version: 1.6.0.30)
Junk Mail filter update (Version: 15.4.3502.0922)
MarketResearch (Version: 130.0.374.000)
Memeo AutoBackup (Version: 3.00.3023)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network (Version: 130.0.374.000)
Norton 360 (Version: 1.2.0.10)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
QuickBooks (Version: 19.0.4014.705)
QuickBooks Financial Center (Version: 1.00.0000)
QuickBooks Simple Start 2009 (Version: 19.0.4014.705)
QuickTime (Version: 7.71.80.42)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5559)
Realtek USB 2.0 Card Reader (Version: )
Scan (Version: 140.0.80.000)
SCRABBLE (Version: 1.0.1.3)
Segoe UI (Version: 15.4.2271.0615)
Shop for HP Supplies (Version: 13.0)
Skins (Version: 2007.0815.2326.40058)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.373.000)
SupportSoft Assisted Service (Version: 15)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
Toolbox (Version: 130.0.648.000)
TOSHIBA Assist (Version: 2.01.05)
TOSHIBA ConfigFree (Version: 7.1.27)
TOSHIBA Disc Creator (Version: 2.0.1.1a)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Games (Version: 1.0.0.43)
TOSHIBA Hardware Setup (Version: 2.00.06)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.3)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.1.14)
TrayApp (Version: 130.0.376.000)
Unity Web Player (Version: 2.1.0f5_16147)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
 
==================== Restore Points  =========================
 
16-05-2013 10:01:20 Windows Update
17-05-2013 13:26:44 Scheduled Checkpoint
18-05-2013 20:12:20 Scheduled Checkpoint
20-05-2013 00:46:38 Windows Update
22-05-2013 16:12:16 Scheduled Checkpoint
23-05-2013 15:38:58 Scheduled Checkpoint
23-05-2013 23:17:23 Windows Update
24-05-2013 13:21:03 Scheduled Checkpoint
25-05-2013 18:37:57 Scheduled Checkpoint
26-05-2013 22:00:27 Scheduled Checkpoint
28-05-2013 03:44:22 Windows Update
29-05-2013 01:43:54 Scheduled Checkpoint
29-05-2013 15:24:51 Scheduled Checkpoint
31-05-2013 16:22:04 Restore Operation
31-05-2013 17:39:20 Installed Microsoft Fix it 50535
31-05-2013 20:35:46 Windows Live Essentials
31-05-2013 20:51:35 Removed LiveUpdate Notice (Symantec Corporation)
31-05-2013 21:07:46 Windows Update
03-06-2013 07:00:28 Scheduled Checkpoint
03-06-2013 19:19:26 Malwarebytes Anti-Rootkit Restore Point
03-06-2013 20:43:19 Removed Bing Bar
03-06-2013 21:12:36 Installed Sophos Virus Removal Tool.
04-06-2013 00:48:33 Installed AVG 2013
04-06-2013 00:49:34 Installed AVG 2013
04-06-2013 01:22:51 Windows Update
04-06-2013 12:47:30 Installed Java 7 Update 21
04-06-2013 12:53:15 Windows Update
04-06-2013 14:53:09 Removed AVG 2013
04-06-2013 14:56:57 Removed AVG 2013
04-06-2013 15:05:47 Removed Sophos Virus Removal Tool.
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/05/2013 07:56:04 AM) (Source: Application Error) (User: )
Description: Faulting application qbw32.exe, version 19.0.4014.705, time stamp 0x4ef315cb, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00047336,
process id 0xa64, application start time 0xqbw32.exe0.
 
Error: (06/05/2013 07:30:49 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Simple Start Free Edition":
An attempt to LogOff without a logon.
 
Error: (06/05/2013 07:30:34 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/05/2013 07:30:34 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/05/2013 07:30:34 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/05/2013 07:30:34 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/04/2013 11:52:30 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (06/03/2013 00:19:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (06/03/2013 11:46:23 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (06/03/2013 11:44:01 AM) (Source: Application Error) (User: )
Description: Faulting application uninstall.exe_unknown, version 2.6.1339.144, time stamp 0x519ddcdf, faulting module uninstall.exe, version 2.6.1339.144, time stamp 0x519ddcdf, exception code 0x40000015, fault offset 0x000f1790,
process id 0x115c, application start time 0xuninstall.exe_unknown0.
 
 
System errors:
=============
Error: (06/05/2013 06:54:53 AM) (Source: Service Control Manager) (User: )
Description: HitmanPro 3.7 Crusader (Boot)%%2
 
Error: (06/04/2013 11:52:30 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/04/2013 05:24:08 PM) (Source: Service Control Manager) (User: )
Description: HitmanPro 3.7 Crusader (Boot)%%2
 
Error: (06/04/2013 00:59:25 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/04/2013 08:32:30 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053
 
Error: (06/04/2013 08:32:30 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search
 
Error: (06/04/2013 08:32:29 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/04/2013 08:21:24 AM) (Source: Service Control Manager) (User: )
Description: HitmanPro 3.7 Crusader (Boot)%%2
 
Error: (06/04/2013 08:17:13 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (06/03/2013 02:08:03 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Network Inspection%%1053
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-04 07:54:53.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-04 07:54:53.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-04 07:54:52.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-04 07:54:52.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-04 07:54:45.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-04 07:54:45.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-04 07:54:44.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-04 07:54:43.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-03 22:33:04.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-03 22:33:04.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 2940.89 MB
Available physical RAM: 1661.43 MB
Total Pagefile: 6116.3 MB
Available Pagefile: 4815.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.33 MB
 
==================== Drives ================================
 
Drive c: (SQ004668V05) (Fixed) (Total:231.42 GB) (Free:149.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: F99B3D64)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=231 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 05 June 2013 - 02:52 PM

Do you still have ComboFix on your desktop?  DON'T run it if you do - just let me know if you still have it on the computer.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 thanejudy

thanejudy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 05 June 2013 - 03:40 PM

No - I deleted it after everything was clean.  I can get it back easily enough.



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 06 June 2013 - 09:13 AM

This LINK will take you to the download page for AVG's removal tool.  Pick the correct version and run it to remove those AVG remnants.

ComboFix does not appear to have been properly uninstalled.  Download it again to your desktop, then do this:

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 thanejudy

thanejudy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 06 June 2013 - 10:07 AM

OK -I did these two steps successfully.  



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 06 June 2013 - 06:37 PM

I don't think that Barbie file is malware, FRST just fagged it because the exe is in an odd spot.  You could always upload it HERE just to be sure though.  Is there anything else you need a hand with?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 thanejudy

thanejudy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 07 June 2013 - 08:24 AM

No - I think we are set.  I really appreciate the help here and hopefully this will help someone else who has the inability to download files because of this rootkit.  I'd really like to know why MSSE didn't prevent this in the first place.  



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 07 June 2013 - 10:58 PM

You had a newer variant of the ZeroAccess rootkit that is getting by most of the AVs right now.  Take care.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 08 June 2013 - 09:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users