Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zero access rootkit virus says everything has a virus and deletes it


  • This topic is locked This topic is locked
32 replies to this topic

#1 moonbaby690

moonbaby690

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 27 June 2013 - 10:02 PM

Do not know how to remove it.

 

dds.com contained a virus and was deleted.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 1.6.0_15
Run by Marsha at 20:41:42 on 2013-06-27
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1982.859 [GMT -6:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Marsha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mURLSearchHooks: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - c:\program files\yahoo!\ynanoclient\cpn0\YNanoClient_IE.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - c:\program files\yahoo!\ynanoclient\cpn0\YNanoClient_IE.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\5.2.2.3\ips\ipsbho.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files\funmoods\funmoods\1.5.11.16\bh\funmoods.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\5.2.2.3\coieplg.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files\funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - c:\program files\yahoo!\ynanoclient\cpn0\YNanoClient_IE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\marsha\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\users\marsha\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\users\marsha\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
StartupFolder: c:\users\marsha\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{71A24B68-3B03-4466-8A45-F1E9B9CE27EB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{770BD83B-E6B2-4185-AC61-DA89A8D16983} : DHCPNameServer = 68.87.85.102 68.87.69.150
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marsha\appdata\roaming\mozilla\firefox\profiles\h0jdjhi7.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=062613
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=062613&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\marsha\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - ExtSQL: 2013-06-25 18:12; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - 65c75f0f000000000000001a737c2307
FF - user.js: extensions.funmoods_i.instlDay - 15445
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.160:19:20
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2006-1-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2006-1-1 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20121130.005\BHDrvx86.sys [2006-1-17 995488]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2006-1-1 27080]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20121205.001\IDSvix86.sys [2006-1-17 386720]
R1 NNSAlpc;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-29 84200]
R1 NNSHttp;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-29 126184]
R1 NNSHttps;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-29 107752]
R1 NNSIds;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-29 124648]
R1 NNSPicc;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-29 95464]
R1 NNSPop3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-29 106344]
R1 NNSProt;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-29 287336]
R1 NNSPrv;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-29 161384]
R1 NNSSmtp;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-29 108904]
R1 NNSStrm;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-29 230376]
R1 NNSTlsc;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-29 93928]
R1 PSINKnc;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2013-5-28 175848]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2006-1-1 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2006-1-1 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-2 21504]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2006-1-17 68464]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-5-28 145128]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-5-28 105704]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-5-28 114920]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-5-29 127720]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-11-21 227896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2006-1-1 106656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b1bd4e57ec10;Google Update Service (gupdate1c9b1bd4e57ec10);c:\program files\google\update\GoogleUpdate.exe [2009-3-30 133104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-5-28 97512]
S4 NNSPihsw;NNSPihsw;c:\windows\system32\drivers\NNSPihsw.sys [2013-5-29 61672]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile=NOTEPAD.EXE %1
FileExt: .reg: regfile=NOTEPAD.EXE %1
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-06-28 01:31:26    --------    dc----w-    c:\users\marsha\appdata\roaming\Panda Security
2013-06-28 01:27:50    47632    -c--a-w-    c:\windows\system32\drivers\PSKMAD.sys
2013-06-28 01:25:09    --------    dc----w-    c:\program files\Panda Security
2013-06-28 00:57:51    --------    dc----w-    c:\programdata\Panda Security
2013-06-28 00:56:42    --------    dc----w-    c:\program files\Panda USB Vaccine
2013-06-26 00:11:00    --------    dc----r-    c:\program files\Skype
2013-06-21 21:17:06    905576    -c--a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-21 21:17:02    443904    -c--a-w-    c:\windows\system32\win32spl.dll
2013-06-21 21:17:02    37376    -c--a-w-    c:\windows\system32\printcom.dll
2013-06-21 21:16:56    812544    -c--a-w-    c:\windows\system32\certutil.exe
2013-06-21 21:16:55    985600    -c--a-w-    c:\windows\system32\crypt32.dll
2013-06-21 21:16:55    98304    -c--a-w-    c:\windows\system32\cryptnet.dll
2013-06-21 21:16:55    41984    -c--a-w-    c:\windows\system32\certenc.dll
2013-06-21 21:16:55    133120    -c--a-w-    c:\windows\system32\cryptsvc.dll
2013-06-21 21:16:46    3603832    -c--a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-21 21:16:45    3551096    -c--a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-21 21:16:40    24576    -c--a-w-    c:\windows\system32\cryptdlg.dll
2013-05-31 09:15:40    9728    -c--a-w-    c:\windows\system32\Wdfres.dll
2013-05-31 09:15:34    66560    -c--a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-05-31 09:15:34    16896    -c--a-w-    c:\windows\system32\winusb.dll
2013-05-31 09:15:34    155136    -c--a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-05-31 09:15:33    73216    -c--a-w-    c:\windows\system32\WUDFSvc.dll
2013-05-31 09:15:33    526952    -c--a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-05-31 09:15:33    47720    -c--a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-05-31 09:15:33    172032    -c--a-w-    c:\windows\system32\WUDFPlatform.dll
2013-05-31 09:15:30    38912    -c--a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-05-31 09:15:29    613888    -c--a-w-    c:\windows\system32\WUDFx.dll
2013-05-31 09:15:29    196608    -c--a-w-    c:\windows\system32\WUDFHost.exe
2013-05-31 09:03:02    34304    -c--a-w-    c:\windows\system32\atmlib.dll
2013-05-31 09:03:02    293376    -c--a-w-    c:\windows\system32\atmfd.dll
2013-05-31 08:02:11    --------    dc----w-    c:\users\marsha\appdata\local\Spotify
2013-05-31 08:01:26    --------    dc----w-    c:\users\marsha\appdata\roaming\Spotify
2013-05-31 04:18:24    --------    dc----w-    c:\users\marsha\appdata\local\NanoService
2013-05-31 04:18:23    --------    dc----w-    c:\users\marsha\appdata\local\Yahoo!
2013-05-31 04:17:55    --------    dc-h--w-    c:\windows\msdownld.tmp
2013-05-31 02:57:17    73216    -c--a-w-    c:\windows\system32\spool\prtprocs\w32x86\CNMPPAA.DLL
2013-05-31 02:57:17    27648    -c--a-w-    c:\windows\system32\spool\prtprocs\w32x86\CNMPDAA.DLL
2013-05-31 02:55:59    290816    -c--a-w-    c:\windows\system32\CNMLMAA.DLL
2013-05-31 02:47:12    307200    -c--a-w-    c:\windows\system32\CNC280L.dll
2013-05-31 02:47:12    15872    -c--a-w-    c:\windows\system32\CNHMCA.dll
2013-05-31 02:47:12    1335296    -c--a-w-    c:\windows\system32\CNC280C.dll
2013-05-31 02:47:12    114688    -c--a-w-    c:\windows\system32\CNC280I.dll
2013-05-31 02:47:12    106496    -c--a-w-    c:\windows\system32\CNC280U.dll
2013-05-31 01:16:18    623616    -c--a-w-    c:\windows\system32\localspl.dll
2013-05-31 01:15:31    75776    -c--a-w-    c:\windows\system32\synceng.dll
2013-05-31 01:15:24    64000    -c--a-w-    c:\windows\system32\smss.exe
2013-05-31 01:15:24    49152    -c--a-w-    c:\windows\system32\csrsrv.dll
2013-05-31 01:15:19    376320    -c--a-w-    c:\windows\system32\dpnet.dll
2013-05-31 01:15:19    23040    -c--a-w-    c:\windows\system32\dpnsvr.exe
2013-05-31 01:15:18    224640    -c--a-w-    c:\windows\system32\drivers\volsnap.sys
2013-05-31 01:15:13    638328    -c--a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-31 01:15:13    37376    -c--a-w-    c:\windows\system32\cdd.dll
2013-05-31 01:13:43    204288    -c--a-w-    c:\windows\system32\ncrypt.dll
2013-05-31 01:13:40    1082232    -c--a-w-    c:\windows\system32\drivers\ntfs.sys
2013-05-31 01:13:10    172544    -c--a-w-    c:\windows\system32\wintrust.dll
2013-05-31 01:13:08    1314816    -c--a-w-    c:\windows\system32\quartz.dll
2013-05-31 01:13:05    708608    -c--a-w-    c:\program files\common files\system\ado\msado15.dll
2013-05-31 01:12:58    2048    -c--a-w-    c:\windows\system32\tzres.dll
2013-05-31 01:12:33    1400832    -c--a-w-    c:\windows\system32\msxml6.dll
2013-05-31 01:12:26    1248768    -c--a-w-    c:\windows\system32\msxml3.dll
2013-05-31 01:12:24    2049024    -c--a-w-    c:\windows\system32\win32k.sys
2013-05-31 01:11:44    2067968    -c--a-w-    c:\windows\system32\mstscax.dll
2013-05-31 01:11:42    180736    -c--a-w-    c:\windows\system32\drivers\rdpwd.sys
2013-05-31 01:11:40    376320    -c--a-w-    c:\windows\system32\winsrv.dll
2013-05-31 01:11:35    440704    -c--a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-05-31 01:11:35    278528    -c--a-w-    c:\windows\system32\schannel.dll
2013-05-31 01:11:31    15872    -c--a-w-    c:\windows\system32\drivers\usb8023.sys
2013-05-29 23:16:51    127720    -c--a-w-    c:\windows\system32\drivers\PSINProt.sys
2013-05-29 11:55:11    93928    -c--a-w-    c:\windows\system32\drivers\NNStlsc.sys
2013-05-29 11:55:11    230376    -c--a-w-    c:\windows\system32\drivers\NNSStrm.sys
2013-05-29 11:55:11    108904    -c--a-w-    c:\windows\system32\drivers\NNSSmtp.sys
2013-05-29 11:55:10    287336    -c--a-w-    c:\windows\system32\drivers\NNSProt.sys
2013-05-29 11:55:10    161384    -c--a-w-    c:\windows\system32\drivers\NNSPrv.sys
2013-05-29 11:55:10    106344    -c--a-w-    c:\windows\system32\drivers\NNSPop3.sys
2013-05-29 11:55:09    95464    -c--a-w-    c:\windows\system32\drivers\NNSpicc.sys
2013-05-29 11:55:09    61672    -c--a-w-    c:\windows\system32\drivers\NNSPihsw.sys
2013-05-29 11:55:09    124648    -c--a-w-    c:\windows\system32\drivers\NNSIds.sys
2013-05-29 11:55:08    84200    -c--a-w-    c:\windows\system32\drivers\NNSAlpc.sys
2013-05-29 11:55:08    126184    -c--a-w-    c:\windows\system32\drivers\NNSHttp.sys
2013-05-29 11:55:08    107752    -c--a-w-    c:\windows\system32\drivers\NNSHttps.sys
.
==================== Find3M  ====================
.
2013-05-28 17:25:09    97512    -c--a-w-    c:\windows\system32\drivers\PSINReg.sys
2013-05-28 17:24:43    175848    -c--a-w-    c:\windows\system32\drivers\PSINKNC.sys
2013-05-28 17:24:43    114920    -c--a-w-    c:\windows\system32\drivers\PSINProc.sys
2013-05-28 17:24:42    145128    -c--a-w-    c:\windows\system32\drivers\PSINAflt.sys
2013-05-28 17:24:42    105704    -c--a-w-    c:\windows\system32\drivers\PSINFile.sys
2013-05-16 22:39:39    1800704    -c--a-w-    c:\windows\system32\jscript9.dll
2013-05-16 22:28:26    1129472    -c--a-w-    c:\windows\system32\wininet.dll
2013-05-16 22:27:30    1427968    -c--a-w-    c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37    142848    -c--a-w-    c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30    420864    -c--a-w-    c:\windows\system32\vbscript.dll
2013-05-16 22:16:57    2382848    -c--a-w-    c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:45:58.17 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2007 12:29:29 PM
System Uptime: 6/27/2013 2:23:25 PM (6 hours ago)
.
Motherboard: Quanta |  | 30B9
Processor: AMD Turion™ 64 X2 Mobile Technology TL-56 | Socket S1 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 91.539 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.732 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Bonjour
BufferChm
C4700
Canon MP280 series MP Drivers
Cisco Network Magic
Comcast Desktop Software (v1.2.0.9)
Comcast High-Speed Internet Install Wizard
Conexant HD Audio
D3DX10
Destinations
DeviceDiscovery
Driver Detective
Duplicate Music Files Finder 1.5.5
ESU for Microsoft Vista
FrostWire 5.3.4
Funmoods on IE and Chrome
GearDrvs
Google Chrome
Google Gears
Google Update Helper
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 13.0
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Print Projects 1.0
HP Quick Launch Buttons
HP QuickPlay 3.2
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guide 0042
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
iolo technologies' System Mechanic
iTunes
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Junk Mail filter update
LightScribe  1.4.136.1
Logitech Webcam Software Driver Package
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Network
Network Magic
Norton 360
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Panda Cloud Antivirus
Panda USB Vaccine 1.0.1.4
Picasa 3
PMB
PS_AIO_06_C4700_SW_Min
PSSWCORE
Pure Networks Platform
QLBCASL
QuickTime
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Shop for HP Supplies
Sibelius Scorch (ActiveX Only)
Skype Click to Call
Skype™ 6.5
SmartWebPrinting
SolutionCenter
Spotify
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Version Checker for Funmoods
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WebEx Support Manager for Internet Explorer
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Axis
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 28 June 2013 - 03:51 AM



Hello moonbaby690

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 June 2013 - 10:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-06-2013
Ran by Marsha (administrator) on 28-06-2013 09:30:37
Running from C:\Users\Marsha\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Marsha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [215552 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [467240 2008-12-14] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: []  [x]
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1646216 2013-01-24] (Ask)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray [32736 2013-05-28] (Panda Security, S.L.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Marsha\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-04] (Google Inc.)
HKCU\...\Run: [Spotify] "C:\Users\Marsha\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-24] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] "C:\Users\Marsha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-24] (Spotify Ltd)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-03-20] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-03-20] (Hewlett-Packard)
HKU\modernwyatt\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\modernwyatt\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Marsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: "autocheck autochk * "

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM SearchScopes: DefaultScope {D28FD1DE-C3F7-4668-99C2-7F8E9A4057A2} URL =
SearchScopes: HKLM - {1D0EA208-0686-4300-949E-B1F67D9718AE} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM - {FBF5129C-1925-491B-8753-60150F99ED35} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
SearchScopes: HKCU - B86845BDB6CA4EF3A9B97C5CDA2189A8 URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
SearchScopes: HKCU - {0360E861-C1B2-4399-B3B8-0EF56F937385} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {273D9E8B-0D97-4A6A-A982-E1B7DBF968A9} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {EA13ADA8-3C49-400E-B9A9-F2412A30BAC9} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll (Funmoods BHO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (Funmoods)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default
FF user.js: detected! => C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\user.js
FF SearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=062613
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=062613&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Funmoods.com - C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\Extensions\ffxtlbr@funmoods.com
FF Extension: Ask Toolbar - C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\Extensions\toolbar@ask.com
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] C:\Program Files\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: <?xml version="1.0"?>

<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
     xmlns:em="http://www.mozilla.org/2004/em-rdf#">
  <Description about="urn:mozilla:install-manifest">
    <em:id>smartwebprinting@hp.com</em:id>
    <em:version>4.5</em:version>

    <em:targetApplication>
      <!-- Firefox -->
      <Description>
        <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
        <em:minVersion>3.0.0.0</em:minVersion>
        <em:maxVersion>3.*.*.*</em:maxVersion>
      </Description>
    </em:targetApplication>

    <!-- front-end metadata -->
    <em:name>HP Smart Web Printing</em:name>
    <em:description>Print what you want, how you want.</em:description>
    <em:creator>hp.com</em:creator>
    <em:homepageURL>http://www.hp.com/go/smartwebprinting</em:homepageURL>
    
    <em:aboutURL>chrome://hpsmartwebprinting/content/about.xul</em:aboutURL>
    <em:iconURL>chrome://hpsmartwebprinting/skin/toolbar-icon-normal-24.png</em:iconURL>
    <em:targetPlatform>WINNT_x86-msvc</em:targetPlatform>
  </Description>
</RDF>
 - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Mozilla Firefox 21.0\Extensions: [Components] C:\Program Files\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files\Mozilla Firefox\components
FF HKLM\...\Mozilla Firefox 21.0\Extensions: [Plugins] C:\Program Files\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files\Mozilla Firefox\plugins

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=062613
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=062613", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=062613&q={searchTerms}&src=IE-SearchBox
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97&dt=062613
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marsha\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marsha\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Marsha\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (registryAccess) - C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.1.22682_0\background/registryAccess.dll (APN)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U15) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Frostwire Toolbar) - C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.1.22682_0
CHR Extension: (YouTube) - C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Funmoods) - C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0
CHR Extension: (Gmail) - C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2007-03-28] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2007-03-28] ()
S2 gupdate1c9b1bd4e57ec10; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-30] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)
R2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.)
R2 HPSLPSVC; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1070080 2013-03-18] (iolo technologies, LLC)
R2 N360; C:\Program Files\Norton 360\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-05-28] (Panda Security, S.L.)
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-05-28] (Panda Security, S.L.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
R2 YNanoService; C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe [157016 2012-07-25] (Yahoo! Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [995488 2012-11-07] (Symantec Corporation)
S3 btwmodem; C:\Windows\System32\DRIVERS\btwmodem.sys [30189 2005-05-31] (Broadcom Corporation.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2006-01-01] (Symantec Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [27080 2012-04-17] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2006-01-01] (Symantec Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [159232 2007-02-22] (Conexant Systems Inc.)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [16288 2007-04-12] (Hewlett Packard)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121205.001\IDSvix86.sys [386720 2012-11-20] (Symantec Corporation)
R2 MCSTRM; C:\Windows\System32\Drivers\MCSTRM.sys [8413 2007-09-03] (RealNetworks, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121208.007\NAVENG.SYS [92704 2006-01-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121208.007\NAVEX15.SYS [1601184 2006-01-17] (Symantec Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-29] (Panda Security, S.L.)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-11-29] (Raxco Software, Inc.)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145128 2013-05-28] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-05-28] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-05-28] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-05-28] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-05-29] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-05-28] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0502020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0502020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-12-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 BTKRNL; system32\DRIVERS\btkrnl.sys [x]
S3 BTWUSB; System32\Drivers\btwusb.sys [x]
U4 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-28 09:30 - 2013-06-28 09:30 - 00000000 ___DC C:\FRST
2013-06-28 09:29 - 2013-06-28 09:29 - 01933484 ___AC (Farbar) C:\Users\Marsha\Downloads\FRST64.exe
2013-06-28 09:27 - 2013-06-28 09:27 - 01371463 ___AC (Farbar) C:\Users\Marsha\Downloads\FRST(1).exe
2013-06-28 09:22 - 2013-06-28 09:22 - 01371463 ___AC (Farbar) C:\Users\Marsha\Downloads\FRST.exe
2013-06-27 20:46 - 2013-06-27 20:53 - 00009982 ___AC C:\Users\Marsha\Desktop\attach.txt
2013-06-27 20:46 - 2013-06-27 20:52 - 00025782 ___AC C:\Users\Marsha\Desktop\dds.txt
2013-06-27 20:40 - 2013-06-27 20:40 - 00688992 ___AC (Swearware) C:\Users\Marsha\Downloads\dds(2).com
2013-06-27 20:36 - 2013-06-27 20:36 - 00688992 ___RC (Swearware) C:\Users\Marsha\Downloads\dds.com
2013-06-27 20:36 - 2013-06-27 20:36 - 00688992 ___AC (Swearware) C:\Users\Marsha\Downloads\dds(1).com
2013-06-27 19:31 - 2013-06-27 19:31 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Panda Security
2013-06-27 19:27 - 2013-04-29 09:17 - 00047632 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2013-06-27 19:25 - 2013-06-27 19:25 - 00000000 ___DC C:\Program Files\Panda Security
2013-06-27 18:57 - 2013-06-27 19:25 - 00000000 ___DC C:\ProgramData\Panda Security
2013-06-27 18:56 - 2013-06-27 18:56 - 00000000 ___DC C:\Program Files\Panda USB Vaccine
2013-06-27 18:24 - 2013-06-27 18:24 - 00823346 ___AC C:\Users\Marsha\Downloads\USBVaccine.zip
2013-06-25 18:11 - 2013-06-27 15:29 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Skype
2013-06-25 18:11 - 2013-06-25 20:15 - 00002377 ___AC C:\Users\Public\Desktop\Skype.lnk
2013-06-25 18:11 - 2013-06-25 18:12 - 00000000 __RDC C:\Program Files\Skype
2013-06-25 18:11 - 2013-06-25 18:11 - 00000000 ___DC C:\Program Files\Common Files\Skype
2013-06-25 18:10 - 2013-06-25 18:27 - 00000000 ___DC C:\ProgramData\Skype
2013-06-25 18:09 - 2013-06-25 18:09 - 01491560 ___AC (Skype Technologies S.A.) C:\Users\Marsha\Downloads\SkypeSetup.exe
2013-06-25 18:07 - 2013-06-25 18:07 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Funmoods
2013-06-25 18:07 - 2013-05-16 17:08 - 12329984 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-25 18:07 - 2013-05-16 16:49 - 09738752 ___AC (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-25 18:07 - 2013-05-16 16:39 - 01800704 ___AC (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-25 18:07 - 2013-05-16 16:28 - 01129472 ___AC (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-25 18:07 - 2013-05-16 16:28 - 01104384 ___AC (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-25 18:07 - 2013-05-16 16:27 - 01427968 ___AC (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-25 18:07 - 2013-05-16 16:26 - 00231936 ___AC (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-25 18:07 - 2013-05-16 16:23 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-25 18:07 - 2013-05-16 16:21 - 00717824 ___AC (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-25 18:07 - 2013-05-16 16:21 - 00142848 ___AC (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-25 18:07 - 2013-05-16 16:20 - 00420864 ___AC (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-25 18:07 - 2013-05-16 16:19 - 00607744 ___AC (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-25 18:07 - 2013-05-16 16:17 - 01796096 ___AC (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-25 18:07 - 2013-05-16 16:17 - 00073216 ___AC (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-25 18:07 - 2013-05-16 16:16 - 02382848 ___AC (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-25 18:07 - 2013-05-16 16:12 - 00176640 ___AC (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 15:17 - 2013-05-07 22:37 - 00905576 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-21 15:17 - 2013-05-01 22:04 - 00443904 ___AC (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-21 15:17 - 2013-05-01 22:03 - 00037376 ___AC (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-21 15:16 - 2013-05-02 16:03 - 03603832 ___AC (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-21 15:16 - 2013-05-02 16:03 - 03551096 ___AC (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-21 15:16 - 2013-04-23 22:00 - 00985600 ___AC (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-21 15:16 - 2013-04-23 22:00 - 00133120 ___AC (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-21 15:16 - 2013-04-23 22:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-21 15:16 - 2013-04-23 22:00 - 00041984 ___AC (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-21 15:16 - 2013-04-23 19:46 - 00812544 ___AC (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-21 15:16 - 2013-04-17 06:30 - 00024576 ___AC (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-05-31 03:15 - 2012-07-25 21:39 - 00526952 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-31 03:15 - 2012-07-25 21:39 - 00047720 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-31 03:15 - 2012-07-25 21:21 - 00196608 ___AC (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-31 03:15 - 2012-07-25 21:20 - 00613888 ___AC (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-31 03:15 - 2012-07-25 21:20 - 00172032 ___AC (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-31 03:15 - 2012-07-25 21:20 - 00073216 ___AC (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-31 03:15 - 2012-07-25 21:20 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-31 03:15 - 2012-07-25 20:46 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-31 03:15 - 2012-07-25 20:33 - 00066560 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-31 03:15 - 2012-07-25 20:32 - 00155136 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-31 03:15 - 2012-06-02 08:57 - 00000003 ___AC C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-31 03:15 - 2012-06-02 08:34 - 00000003 ___AC C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-31 03:15 - 2009-07-14 06:12 - 00016896 ___AC (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-05-31 03:03 - 2012-12-16 07:12 - 00034304 ___AC (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-05-31 03:03 - 2012-12-16 04:50 - 00293376 ___AC (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-05-31 02:02 - 2013-06-21 15:11 - 00000000 ___DC C:\Users\Marsha\AppData\Local\Spotify
2013-05-31 02:02 - 2013-05-31 02:02 - 00001716 ___AC C:\Users\Marsha\Desktop\Spotify.lnk
2013-05-31 02:01 - 2013-06-28 09:07 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Spotify
2013-05-31 02:01 - 2013-05-31 02:01 - 00092776 ___AC (Spotify Ltd) C:\Users\Marsha\Downloads\SpotifySetup.exe
2013-05-30 22:43 - 2013-05-30 22:43 - 22318424 ___AC (Microsoft Corporation) C:\Users\Marsha\Downloads\IE9_YAxis_setup_Vista_x86_v1_0_1_20120731(1).exe
2013-05-30 22:42 - 2013-05-30 22:42 - 00000000 ___DC C:\ProgramData\Mozilla
2013-05-30 22:42 - 2013-05-30 22:42 - 00000000 ___DC C:\Program Files\Mozilla Maintenance Service
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Yahoo!
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\Users\Marsha\AppData\Local\Yahoo!
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\Users\Marsha\AppData\Local\NanoService
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\ProgramData\Yahoo! Companion
2013-05-30 22:17 - 2013-05-30 22:18 - 00000000 __HDC C:\Windows\msdownld.tmp
2013-05-30 22:17 - 2013-05-30 22:17 - 22318424 ___AC (Microsoft Corporation) C:\Users\Marsha\Downloads\IE9_YAxis_setup_Vista_x86_v1_0_1_20120731.exe
2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 __HDC C:\Windows\System32\CanonIJ Uninstaller Information
2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 __HDC C:\ProgramData\CanonBJ
2013-05-30 20:55 - 2010-08-25 05:00 - 00290816 ___AC (CANON INC.) C:\Windows\System32\CNMLMAA.DLL
2013-05-30 20:47 - 2010-03-18 19:25 - 00307200 ___AC (CANON INC.) C:\Windows\System32\CNC280L.dll
2013-05-30 20:47 - 2010-03-18 17:12 - 01335296 ___AC (CANON INC.) C:\Windows\System32\CNC280C.dll
2013-05-30 20:47 - 2010-03-18 17:12 - 00114688 ___AC (CANON INC.) C:\Windows\System32\CNC280I.dll
2013-05-30 20:47 - 2010-03-18 17:11 - 00106496 ___AC (CANON INC.) C:\Windows\System32\CNC280U.dll
2013-05-30 20:47 - 2009-11-13 14:38 - 00012800 ___AC C:\Windows\System32\CNC1746D.TBL
2013-05-30 20:47 - 2008-08-25 18:02 - 00015872 ___AC (CANON INC.) C:\Windows\System32\CNHMCA.dll
2013-05-30 20:22 - 2013-05-30 20:22 - 00000000 ___DC C:\Users\Marsha\Documents\OneNote Notebooks
2013-05-30 19:16 - 2012-05-11 09:57 - 00623616 ___AC (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-05-30 19:15 - 2013-04-15 08:20 - 00638328 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-30 19:15 - 2013-04-13 04:56 - 00037376 ___AC (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-30 19:15 - 2013-03-08 21:45 - 00049152 ___AC (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-30 19:15 - 2013-03-08 19:28 - 00064000 ___AC (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-30 19:15 - 2012-11-02 04:18 - 00376320 ___AC (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-05-30 19:15 - 2012-11-02 02:26 - 00023040 ___AC (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-05-30 19:15 - 2012-09-25 10:19 - 00075776 ___AC (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-05-30 19:15 - 2012-08-21 05:47 - 00224640 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-05-30 19:15 - 2012-06-29 10:01 - 00467968 ___AC (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-05-30 19:15 - 2012-06-08 11:47 - 11586048 ___AC (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-30 19:13 - 2013-03-03 13:07 - 01082232 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-30 19:13 - 2012-11-21 21:54 - 00353280 ___AC (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-05-30 19:13 - 2012-11-19 22:22 - 00204288 ___AC (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-05-30 19:13 - 2012-11-07 21:48 - 01314816 ___AC (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-05-30 19:13 - 2012-09-28 10:11 - 00892928 ___AC (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-30 19:13 - 2012-08-24 09:53 - 00172544 ___AC (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-05-30 19:12 - 2013-04-08 19:36 - 02049024 ___AC (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-30 19:12 - 2012-11-12 19:29 - 00002048 ___AC (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-30 19:12 - 2012-11-02 04:19 - 01400832 ___AC (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-05-30 19:12 - 2012-06-05 10:47 - 01248768 ___AC (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-05-30 19:11 - 2013-03-07 21:53 - 00376320 ___AC (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-30 19:11 - 2013-03-07 21:52 - 02067968 ___AC (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-30 19:11 - 2013-02-11 19:57 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-30 19:11 - 2012-06-04 09:26 - 00440704 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-05-30 19:11 - 2012-06-01 18:04 - 00278528 ___AC (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-30 19:11 - 2012-05-01 08:03 - 00180736 ___AC (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-05-29 17:16 - 2013-05-29 17:16 - 00127720 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINProt.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00287336 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSProt.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00230376 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSStrm.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00161384 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPrv.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00126184 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSHttp.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00124648 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSIds.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00108904 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSSmtp.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00107752 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSHttps.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00106344 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPop3.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00095464 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSpicc.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00093928 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNStlsc.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00084200 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSAlpc.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00061672 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPihsw.sys

==================== One Month Modified Files and Folders ========

2013-06-28 09:30 - 2013-06-28 09:30 - 00000000 ___DC C:\FRST
2013-06-28 09:29 - 2013-06-28 09:29 - 01933484 ___AC (Farbar) C:\Users\Marsha\Downloads\FRST64.exe
2013-06-28 09:27 - 2013-06-28 09:27 - 01371463 ___AC (Farbar) C:\Users\Marsha\Downloads\FRST(1).exe
2013-06-28 09:23 - 2009-07-06 07:54 - 00000886 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-28 09:22 - 2013-06-28 09:22 - 01371463 ___AC (Farbar) C:\Users\Marsha\Downloads\FRST.exe
2013-06-28 09:21 - 2012-04-15 09:37 - 00000912 ___AC C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34928613-2241828326-1383797744-1001UA.job
2013-06-28 09:07 - 2013-05-31 02:01 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Spotify
2013-06-28 08:53 - 2007-07-18 12:36 - 01259143 ___AC C:\Windows\WindowsUpdate.log
2013-06-28 08:50 - 2006-11-02 04:33 - 00703388 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-28 08:43 - 2009-11-23 19:38 - 00064695 ___AC C:\ProgramData\nvModes.dat
2013-06-28 08:43 - 2009-11-23 19:38 - 00064695 ___AC C:\ProgramData\nvModes.001
2013-06-28 08:43 - 2006-11-02 06:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:43 - 2006-11-02 06:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 08:42 - 2009-07-06 07:54 - 00000882 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-28 08:42 - 2006-11-02 07:01 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-28 08:42 - 2006-11-02 06:47 - 00415184 ___AC C:\Windows\System32\FNTCACHE.DAT
2013-06-27 22:09 - 2006-11-02 07:01 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 20:53 - 2013-06-27 20:46 - 00009982 ___AC C:\Users\Marsha\Desktop\attach.txt
2013-06-27 20:52 - 2013-06-27 20:46 - 00025782 ___AC C:\Users\Marsha\Desktop\dds.txt
2013-06-27 20:40 - 2013-06-27 20:40 - 00688992 ___AC (Swearware) C:\Users\Marsha\Downloads\dds(2).com
2013-06-27 20:36 - 2013-06-27 20:36 - 00688992 ___RC (Swearware) C:\Users\Marsha\Downloads\dds.com
2013-06-27 20:36 - 2013-06-27 20:36 - 00688992 ___AC (Swearware) C:\Users\Marsha\Downloads\dds(1).com
2013-06-27 19:31 - 2013-06-27 19:31 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Panda Security
2013-06-27 19:26 - 2012-04-05 12:50 - 00108800 ___AC C:\Users\Marsha\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-27 19:25 - 2013-06-27 19:25 - 00000000 ___DC C:\Program Files\Panda Security
2013-06-27 19:25 - 2013-06-27 18:57 - 00000000 ___DC C:\ProgramData\Panda Security
2013-06-27 18:56 - 2013-06-27 18:56 - 00000000 ___DC C:\Program Files\Panda USB Vaccine
2013-06-27 18:24 - 2013-06-27 18:24 - 00823346 ___AC C:\Users\Marsha\Downloads\USBVaccine.zip
2013-06-27 18:03 - 2012-05-03 12:32 - 00000795 ___AC C:\Windows\setupact.log
2013-06-27 15:29 - 2013-06-25 18:11 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Skype
2013-06-27 14:45 - 2006-11-02 05:18 - 00000000 ___DC C:\Windows\Microsoft.NET
2013-06-25 20:15 - 2013-06-25 18:11 - 00002377 ___AC C:\Users\Public\Desktop\Skype.lnk
2013-06-25 19:21 - 2012-04-15 09:37 - 00000860 ___AC C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34928613-2241828326-1383797744-1001Core.job
2013-06-25 19:18 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\rescache
2013-06-25 18:27 - 2013-06-25 18:10 - 00000000 ___DC C:\ProgramData\Skype
2013-06-25 18:12 - 2013-06-25 18:11 - 00000000 __RDC C:\Program Files\Skype
2013-06-25 18:11 - 2013-06-25 18:11 - 00000000 ___DC C:\Program Files\Common Files\Skype
2013-06-25 18:09 - 2013-06-25 18:09 - 01491560 ___AC (Skype Technologies S.A.) C:\Users\Marsha\Downloads\SkypeSetup.exe
2013-06-25 18:09 - 2011-08-24 14:36 - 00000000 ___DC C:\Program Files\Ask.com
2013-06-25 18:07 - 2013-06-25 18:07 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Funmoods
2013-06-24 18:17 - 2006-11-02 04:24 - 73381792 ___AC (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-21 15:30 - 2012-04-15 09:43 - 00002047 ___AC C:\Users\Marsha\Desktop\Google Chrome.lnk
2013-06-21 15:11 - 2013-05-31 02:02 - 00000000 ___DC C:\Users\Marsha\AppData\Local\Spotify
2013-05-31 05:15 - 2009-02-19 10:19 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2013-05-31 05:03 - 2007-04-20 01:48 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-05-31 02:02 - 2013-05-31 02:02 - 00001716 ___AC C:\Users\Marsha\Desktop\Spotify.lnk
2013-05-31 02:01 - 2013-05-31 02:01 - 00092776 ___AC (Spotify Ltd) C:\Users\Marsha\Downloads\SpotifySetup.exe
2013-05-30 22:43 - 2013-05-30 22:43 - 22318424 ___AC (Microsoft Corporation) C:\Users\Marsha\Downloads\IE9_YAxis_setup_Vista_x86_v1_0_1_20120731(1).exe
2013-05-30 22:43 - 2009-04-28 13:21 - 00000000 ___DC C:\Program Files\Mozilla Firefox
2013-05-30 22:42 - 2013-05-30 22:42 - 00000000 ___DC C:\ProgramData\Mozilla
2013-05-30 22:42 - 2013-05-30 22:42 - 00000000 ___DC C:\Program Files\Mozilla Maintenance Service
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\Users\Marsha\AppData\Roaming\Yahoo!
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\Users\Marsha\AppData\Local\Yahoo!
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\Users\Marsha\AppData\Local\NanoService
2013-05-30 22:18 - 2013-05-30 22:18 - 00000000 ___DC C:\ProgramData\Yahoo! Companion
2013-05-30 22:18 - 2013-05-30 22:17 - 00000000 __HDC C:\Windows\msdownld.tmp
2013-05-30 22:18 - 2011-08-16 11:08 - 00018737 ___AC C:\Windows\IE9_main.log
2013-05-30 22:18 - 2007-09-05 00:28 - 00000000 ___DC C:\ProgramData\Yahoo!
2013-05-30 22:18 - 2007-04-20 02:12 - 00000000 ___DC C:\Program Files\Yahoo!
2013-05-30 22:17 - 2013-05-30 22:17 - 22318424 ___AC (Microsoft Corporation) C:\Users\Marsha\Downloads\IE9_YAxis_setup_Vista_x86_v1_0_1_20120731.exe
2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 __HDC C:\Windows\System32\CanonIJ Uninstaller Information
2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 __HDC C:\ProgramData\CanonBJ
2013-05-30 20:56 - 2012-04-05 12:49 - 00000000 ___DC C:\users\Marsha
2013-05-30 20:48 - 2006-11-02 06:37 - 00000000 ___DC C:\Windows\twain_32
2013-05-30 20:48 - 2006-11-02 05:18 - 00000000 _RSDC C:\Windows\Media
2013-05-30 20:22 - 2013-05-30 20:22 - 00000000 ___DC C:\Users\Marsha\Documents\OneNote Notebooks
2013-05-29 17:16 - 2013-05-29 17:16 - 00127720 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\PSINProt.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00287336 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSProt.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00230376 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSStrm.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00161384 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPrv.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00126184 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSHttp.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00124648 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSIds.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00108904 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSSmtp.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00107752 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSHttps.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00106344 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPop3.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00095464 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSpicc.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00093928 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNStlsc.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00084200 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSAlpc.sys
2013-05-29 05:55 - 2013-05-29 05:55 - 00061672 ___AC (Panda Security, S.L.) C:\Windows\System32\Drivers\NNSPihsw.sys

Files to move or delete:
====================
C:\Users\modernwyatt\iTunesSetup.exe
C:\Users\modernwyatt\msgr10us.exe
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-28 08:54

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-06-2013
Ran by Marsha at 2013-06-28 09:38:03
Running from C:\Users\Marsha\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.1)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Reader 8.1.3 (Version: 8.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (HKCU Version: 1.2.4.35882)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
C4700 (Version: 130.0.373.000)
Canon MP280 series MP Drivers
Cisco Network Magic (Version: 5.1.9027.0)
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Comcast High-Speed Internet Install Wizard
Conexant HD Audio
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
Driver Detective (Version: 7)
Duplicate Music Files Finder 1.5.5
ESU for Microsoft Vista (Version: 2.0.1.1)
FrostWire 5.3.4 (Version: 5.3.4.0)
Funmoods on IE and Chrome
GearDrvs (Version: 1)
GearDrvs (Version: 1.00.0000)
Google Chrome (HKCU Version: 27.0.1453.116)
Google Gears (Version: 0.5.3600)
Google Update Helper (Version: 1.3.21.145)
GPBaseService2 (Version: 130.0.371.000)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Active Support Library 32 bit components (Version: 1.0.9)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 5.1.0.2278)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Easy Setup - Frontend (Version: 5.1.0.2279)
HP Help and Support (Version: 1.1.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Photosmart Essential 2.0 (Version: 2.0)
HP Photosmart Essential2.5 (Version: 1.00.0000)
HP Print Projects 1.0 (Version: 1.0)
HP Quick Launch Buttons (Version: 6.50.14.1)
HP QuickPlay 3.2
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Total Care Advisor (Version: 1.1.19)
HP Update (Version: 4.000.011.006)
HP User Guide 0042 (Version: 1.01.0007)
HP Wireless Assistant (Version: 3.00 F1)
HPAsset component for HP Active Support Library (Version: 3.0.0.2)
HPNetworkAssistant (Version: 1.1.70)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
iolo technologies' System Mechanic (Version: 11.7.0)
iTunes (Version: 10.6.1.7)
Java™ 6 Update 15 (Version: 6.0.150)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Junk Mail filter update (Version: 15.4.3502.0922)
LightScribe  1.4.136.1 (Version: 1.4.136.1)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
MarketResearch (Version: 130.0.374.000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSCU for Microsoft Vista (Version: 1.0.1.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPLAP0503)
Network (Version: 130.0.374.000)
Network Magic (Version: 5.1.9027.0)
Norton 360 (Version: 5.2.2.3)
NVIDIA Drivers (Version: 1.4)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Panda Cloud Antivirus (Version: 02.02.00.0000)
Panda Cloud Antivirus (Version: 6.02.00.0000)
Panda USB Vaccine 1.0.1.4
Picasa 3 (Version: 3.8)
PMB (Version: 5.2.00.03250)
PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000)
PSSWCORE (Version: 2.00.5000)
Pure Networks Platform (Version: 11.1.8350.0)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.71.80.42)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.551)
Scan (Version: 13.0.0.0)
Segoe UI (Version: 15.4.2271.0615)
Shop for HP Supplies (Version: 13.0)
Sibelius Scorch (ActiveX Only) (Version: 1.0.0)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.5 (Version: 6.5.158)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Status (Version: 130.0.373.000)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Version Checker for Funmoods
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Axis
Yahoo! Software Update
Yahoo! Toolbar

==================== Restore Points  =========================

25-06-2013 00:09:17 Windows Update
26-06-2013 09:00:30 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0022D97E-A96A-4773-A777-C2DFA6EEFCB1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {0937328E-06A5-4DD3-8397-74E330D6816D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {0CC7A53F-722D-4FA7-AD05-9CE698225119} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E3125D1-F507-4285-B506-5BB5A81E39F7} - System32\Tasks\Ad-Aware Update (Daily 4)
Task: {24591C2F-97EE-4F80-8A25-88DC9AF0528A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-30] (Google Inc.)
Task: {27CC6645-148A-4B2B-944E-B9EF295D8A39} - System32\Tasks\Funmoods => C:\Users\Marsha\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE [2013-06-25] ()
Task: {2E0076D4-6ADA-4106-BAA3-23238E13695E} - System32\Tasks\Orb Startup => C:\Program Files\Winamp Remote\bin\orbtray.exe No File
Task: {3967F7E6-2887-45D4-BF4A-93A6F2B15B35} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {670C528C-2AFC-4AE8-9B40-DB346CFBF446} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-34928613-2241828326-1383797744-1001Core => C:\Users\Marsha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04] (Google Inc.)
Task: {6D5F41BA-7DAB-44EF-8B6A-3B1E69B8DED5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-01-24] ()
Task: {6E0B6592-E510-47F6-AB99-412E0E997B54} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {7311D982-138E-4263-A938-2BF7C6777DF8} - System32\Tasks\User_Feed_Synchronization-{34750ACE-3EE6-443E-BFC4-067CD0F05EF5} => C:\Windows\system32\msfeedssync.exe [2011-08-16] (Microsoft Corporation)
Task: {782B6CA3-E48B-4744-AE98-E2B30C130D90} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File
Task: {80C9FE96-50CA-4DAC-881D-FC0F2A61EA51} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {80EB29A7-6129-43F6-A7C0-11D2C365F1D7} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {905E358F-92D9-4214-A8FE-7EA6424BFE25} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {A93E216E-4C41-4D63-A538-EE4FDA70AE1E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - modernwyatt => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {B37F667C-9BFA-4DCF-8C0A-432E60B8B31E} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files\Norton 360\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {B95C8D3F-4EBE-40A4-8631-1690A4BE98D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-30] (Google Inc.)
Task: {C7B84C58-CAC0-4FAD-97D8-308177B4EEA9} - System32\Tasks\User_Feed_Synchronization-{E5B1D39A-A5EE-4D1C-8FEA-D0D15702C598} => C:\Windows\system32\msfeedssync.exe [2011-08-16] (Microsoft Corporation)
Task: {CA0E60A7-144C-4618-8BCB-529C6EDDFBB4} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {DAEAF5F2-B8F7-46AF-9FB4-CDE53032DDE7} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F50A3A65-5594-4D13-84F7-F55ACC6C2E26} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-34928613-2241828326-1383797744-1001UA => C:\Users\Marsha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04] (Google Inc.)
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34928613-2241828326-1383797744-1001Core.job => C:\Users\Marsha\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34928613-2241828326-1383797744-1001UA.job => C:\Users\Marsha\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2013 03:00:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20937518

Error: (06/26/2013 03:00:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20937518

Error: (06/26/2013 03:00:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2013 05:39:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50684

Error: (06/25/2013 05:39:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50684

Error: (06/25/2013 05:39:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2013 05:39:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49514

Error: (06/25/2013 05:39:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49514

Error: (06/25/2013 05:39:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2013 05:39:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47237


System errors:
=============
Error: (06/28/2013 08:48:22 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (06/28/2013 08:46:46 AM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (06/28/2013 08:46:46 AM) (Source: Service Control Manager) (User: )
Description: iPod Service%%1053

Error: (06/28/2013 08:46:46 AM) (Source: Service Control Manager) (User: )
Description: 30000iPod Service

Error: (06/28/2013 08:45:45 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Error: (06/28/2013 08:45:38 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Background Capture Service (CBCS)

Error: (06/27/2013 02:26:44 PM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Error: (06/27/2013 02:26:44 PM) (Source: Service Control Manager) (User: )
Description: CyberLink Background Capture Service (CBCS)

Error: (06/24/2013 06:10:19 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of a failed free space computation.

Error: (06/24/2013 06:05:48 PM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-28 09:37:48.130
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:46.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:45.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:44.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:42.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:41.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:40.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:38.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:37.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NNStlsc.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 09:37:35.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NNStlsc.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 1981.87 MB
Available physical RAM: 793.01 MB
Total Pagefile: 4206.26 MB
Available Pagefile: 2525.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:140.87 GB) (Free:91.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:8.17 GB) (Free:1.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:29.8 GB) (Free:28.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 1E721E72)
Partition 1: (Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 28 June 2013 - 01:29 PM



Hello moonbaby690

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 June 2013 - 01:39 PM

Roger that....of course I am doing this on the laptop not the desktop (I know I know), not sure how to shut down protection software....just sayin........(I feel so stupid!)



#6 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 June 2013 - 02:49 PM

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 13:28:08
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Marsha - MODERNWYATT-PC
# Boot Mode : Normal
# Running from : C:\Users\Marsha\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J91KN5RO\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : 24x7HelpSvc
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\searchplugins\funmoods.xml
File Deleted : C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\searchplugins\safesearch.xml
File Deleted : C:\Users\Marsha\Desktop\Free Dolphin Screensaver.lnk
File Deleted : C:\Users\Public\Desktop\24x7 Help.lnk
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\Program Files\Zoom Downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Downloader
Folder Deleted : C:\Users\Marsha\AppData\Local\APN
Folder Deleted : C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Marsha\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Marsha\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Marsha\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Marsha\AppData\Roaming\24x7 Help
Folder Deleted : C:\Users\Marsha\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Marsha\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\extensions\downloadmanager@zoomdownloader.com
Folder Deleted : C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\modernwyatt\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\modernwyatt\AppData\Roaming\Mozilla\Firefox\Profiles\gd3bhdk6.default\extensions\staged
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\24x7HELP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311541150}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311541150}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\Software\24x7HELP
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311541150}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322542250}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035450.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035450.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035450.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035450.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355545550}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366546650}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344544450}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{250BECD2-5C43-48CF-A3C6-666338526D67}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311541150}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311541150}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=AgnUpd&cd=2XzuyEtN2Y1L1QzutDtDtC0BtByEyC0C0Ezz0B0ByD0FtD0FtN0D0Tzu0CyDyEyEtN1L2XzutN1L1Czu&cr=1149961464&ir= --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\modernwyatt\AppData\Roaming\Mozilla\Firefox\Profiles\gd3bhdk6.default\prefs.js

C:\Users\modernwyatt\AppData\Roaming\Mozilla\Firefox\Profiles\gd3bhdk6.default\user.js ... Deleted !

Deleted : user_pref("extensions.enabledAddons", "{635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826,{[...]

File : C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\prefs.js

C:\Users\Marsha\AppData\Roaming\Mozilla\Firefox\Profiles\h0jdjhi7.default\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods_i.aflt", "axl");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl");
Deleted : user_pref("extensions.funmoods_i.id", "65c75f0f000000000000001a737c2307");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15445");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl");
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=axl&q=")[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.160:19:20");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Marsha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [21593 octets] - [28/06/2013 13:28:08]

########## EOF - C:\AdwCleaner[S1].txt - [21654 octets] ##########

 

OMG took the long way around and did it wrong the first time.....ouch my brain hurts!  on to junkware removal!!!!!!!!!!!



#7 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 June 2013 - 03:14 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Marsha on Fri 06/28/2013 at 13:55:26.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcfixspeed

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{07E16B85-ACC6-420F-BC88-8B3FE08D4415}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1D0EA208-0686-4300-949E-B1F67D9718AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FBF5129C-1925-491B-8753-60150F99ED35}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\Marsha\AppData\Roaming\pcfixspeed"
Successfully deleted: [Folder] "C:\Program Files\24x7help"
Successfully deleted: [Folder] "C:\Program Files\pcfixspeed"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"

 

~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml"

 

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Folder] C:\Users\Marsha\appdata\local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/28/2013 at 14:10:31.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 June 2013 - 03:17 PM

Gringo,

 

Things are running fine on the laptop, but the desktop has the infection and deletes everything.  I know this is a process....just not sure how it all works!  How I am going to be able to fix the desktop.  Thanks for the GREAT instructions!!!!!!!!!!!  Very helpful!!!!!!!!!  for a computer dork!



#9 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 28 June 2013 - 03:21 PM

Gringo,

 

I have an external hard drive with backups any chance I could restore to a point before the virus hit my system?



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 29 June 2013 - 01:36 PM

Hello


Which one are we working on now - desktop or laptop?

run this on the one we are working on.


I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 29 June 2013 - 02:11 PM

Gringo,

 

I have printed out the instructions.  I have only been able to work on the laptop because the desk top is infected and says everything has a virus and deletes it.  It won't let me open or download anything. 

 

I will try and run combofix on desktop. I tried to download combofix on the infected desktop here is my message same as all the other operations I have tried:  Combofix.exe contained a virus and was deleted.   ugh..............



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 29 June 2013 - 08:40 PM

Hello

Are they both infected? When this one is done I will help you with the other - don't try to run the same tools on the laptop - I will take care of it - but you will need a pendrive



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 29 June 2013 - 09:37 PM

Gringo,

 

Only the desk top is infected.  I have a flash drive....don't know what a pendrive is sir. 



#14 moonbaby690

moonbaby690
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:06:00 PM

Posted 29 June 2013 - 10:06 PM

I will take care of it - but you will need a pendrive  cannot tell you how reassuring this is.............I will get a pendrive, whatever is it thank you sir!!!!!!!!!!!!!


 



Tell me what it is and I will get one :bananas:



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:00 PM

Posted 29 June 2013 - 11:03 PM

They are called different depending where you live but this should give you the idea http://www.google.com/search?q=pendrive&tbm=isch&tbo=u&source=univ&sa=X&ei=1a3PUaLKJITiiAL4poGYDQ&ved=0CEcQsAQ&biw=1024&bih=1149
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users