Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[filename].exe contained a virus and was deleted” infection


  • This topic is locked This topic is locked
29 replies to this topic

#1 knotty panda

knotty panda

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 11 July 2013 - 10:08 AM

I did attempt to remove the System Care Virus following the self-help guide and thought I had done so, then I began getting this false “[filename].exe contained a virus and was deleted” infection message.  I understand this is the ZeroAccess rootkit and is particularly nasty.

 

I have purchased the Avast firewall and activated it.  Prior to getting the virus, I thought I was using the Comcast firewall, but the virus blew right past it.

 

This is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2

Run by kathie at 9:58:47 on 2013-07-11

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.1572 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Windows\system32\hasplms.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\BioniCare Express Agent\BioniCare Express Agent.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\Notepad.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar3.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\kathie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll

BHO: FillPerfect Base: {86c67927-26bc-4919-82e1-cda7eeb6864f} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Zoom Downloader: {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} -

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

TB: FillPerfect Toolbar: {c3510135-b15c-40b2-956f-8dd8f9363ce5} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: FillPerfect Slider Sidebar: {D12ACD8B-BF17-4B1F-8C7C-A94E80A2B2F9} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll

EB: FillPerfect Slider Sidebar: {D12ACD8B-BF17-4B1F-8C7C-A94E80A2B2F9} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll

uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [charheme] C:\Windows\System32\dfrgSVCS.exe

uRun: [DownloadManager] "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /as

uRun: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

mRun: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\safemodemalware\mbamgui.exe /install /silent

StartupFolder: C:\Users\kathie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\kathie\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\kathie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: LastPass - C:\Users\kathie\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Users\kathie\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Trusted Zone: cinemanow.com

Trusted Zone: cinemanow.com

Trusted Zone: hp.com

Trusted Zone: qflix.com

Trusted Zone: roxio.com

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab

DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{05E1E782-98EB-43F6-8CA6-6A7383672959} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{77873BED-40A3-4E22-8ED9-133C2A2D6758} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{77873BED-40A3-4E22-8ED9-133C2A2D6758}\2375942554932303 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{77873BED-40A3-4E22-8ED9-133C2A2D6758}\348696E6160244F6C6C6D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{77873BED-40A3-4E22-8ED9-133C2A2D6758}\374756675676131333 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{77873BED-40A3-4E22-8ED9-133C2A2D6758}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{77873BED-40A3-4E22-8ED9-133C2A2D6758}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{77873BED-40A3-4E22-8ED9-133C2A2D6758}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: FillPerfect Base: {86c67927-26bc-4919-82e1-cda7eeb6864f} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} -

x64-TB: FillPerfect Toolbar: {c3510135-b15c-40b2-956f-8dd8f9363ce5} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-EB: FillPerfect Slider Sidebar: {D12ACD8B-BF17-4B1F-8C7C-A94E80A2B2F9} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader64.dll

x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-07-04 00:06; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-07-07 02:05; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-07-10 19:22; addon@defaulttab.com; C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: 2013-07-10 19:22; downloadmanager@zoomdownloader.com; C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\extensions\downloadmanager@zoomdownloader.com

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-4 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-4 189936]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-4 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-4 378944]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-24 89600]

R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2012-5-18 75648]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-4 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-4 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-4 46808]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]

R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-7 13592]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-12-23 517632]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]

R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-7 2656280]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-7 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-7 77936]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-12-7 1145448]

R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\kathie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-7-10 107520]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-13 57280]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-12-7 174168]

S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2011-10-27 26112]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-19 1255736]

.

=============== Created Last 30 ================

.

2013-07-11 03:30:23  -------- d-----w-           C:\Users\kathie\AppData\Local\Secunia PSI

2013-07-11 03:30:13  -------- d-----w-           C:\Program Files (x86)\Secunia

2013-07-11 00:56:56  -------- d-----w-           C:\Program Files (x86)\Mobile App Sync

2013-07-11 00:34:06  -------- d-sh--w-          C:\$RECYCLE.BIN

2013-07-10 23:23:05  -------- d-----w-            C:\Users\kathie\AppData\Local\Zoom_Downloader

2013-07-10 23:22:49  -------- d-----w-           C:\Program Files (x86)\Zoom Downloader

2013-07-10 23:22:26  -------- d-----w-           C:\Users\kathie\AppData\Roaming\DefaultTab

2013-07-10 23:15:55  -------- d-----w-           C:\Users\kathie\AppData\Local\getsavin

2013-07-10 22:51:51  98816  ----a-w-           C:\Windows\sed.exe

2013-07-10 22:51:51  256000            ----a-w-           C:\Windows\PEV.exe

2013-07-10 22:51:51  208896            ----a-w-           C:\Windows\MBR.exe

2013-07-10 22:39:16  -------- d-----w-           C:\ProgramData\APN

2013-07-10 18:49:14  -------- d-----w-           C:\fe6f421d9a5716aa71e8395b66dcda

2013-07-10 16:07:19  -------- d-----w-           C:\Windows\Temp9E907599-BC93-FE91-3A6A-4F5CDA14A5F7-Signatures

2013-07-10 08:11:50  -------- d-----w-           C:\Windows\TempA8CE28B1-5936-CE6F-B222-C1DE7F5F06D4-Signatures

2013-07-10 06:11:40  -------- d-----w-           C:\Windows\Temp3398654C-F88B-2FAB-8DD2-924AC2F2BD6F-Signatures

2013-07-09 23:04:42  624128            ----a-w-           C:\Windows\System32\qedit.dll

2013-07-09 23:04:42  509440            ----a-w-           C:\Windows\SysWow64\qedit.dll

2013-07-09 23:04:41  1887744          ----a-w-            C:\Windows\System32\WMVDECOD.DLL

2013-07-09 23:04:40  1620480          ----a-w-            C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-09 23:04:33  3153920          ----a-w-           C:\Windows\System32\win32k.sys

2013-07-09 23:04:31  1367040          ----a-w-           C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-09 23:04:30  936448            ----a-w-           C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-09 23:04:03  1643520          ----a-w-           C:\Windows\System32\DWrite.dll

2013-07-09 23:04:02  1247744          ----a-w-           C:\Windows\SysWow64\DWrite.dll

2013-07-09 12:25:30  -------- d-----w-           C:\Windows\Temp7EDB85BC-E750-0B22-F5C6-96ABC4B441BA-Signatures

2013-07-08 20:40:15  -------- d-----w-           C:\Windows\TempB01BB421-1B1F-BB20-252A-FF823594D9AB-Signatures

2013-07-08 08:24:42  -------- d-----w-           C:\Windows\TempA195AE90-7CED-66F7-3DFF-284A72EF236D-Signatures

2013-07-08 02:35:42  -------- d-----w-           C:\Windows\Temp11657FA4-2A14-C949-4D60-E81BCA7C12E1-Signatures

2013-07-08 00:01:36  -------- d-----w-           C:\Windows\Temp83534F2E-52EA-37FA-93E9-14C0B899ABD0-Signatures

2013-07-07 13:47:33  -------- d-----w-           C:\Windows\TempB1EBDC00-1BF4-BF92-9D2D-C9A2EAF462DD-Signatures

2013-07-07 07:06:52  -------- d-----w-           C:\Windows\Temp5139AEF0-89D1-0FD6-FDA4-C370D5A4A17B-Signatures

2013-07-07 07:00:52  -------- d-----w-           C:\Windows\TempE063E419-382F-78B7-9D35-586810F69E92-Signatures

2013-07-07 02:25:33  -------- d-----w-           C:\Windows\Temp16D5096C-39B5-362C-CA08-A1CF0E460AEE-Signatures

2013-07-06 06:23:36  -------- d-----w-           C:\Windows\TempF0798401-1A13-B6F0-9403-94B2A1E98FA6-Signatures

2013-07-05 23:00:02  -------- d-----w-           C:\Windows\TempF99341F9-4B78-7E48-0701-31A3DCBFA859-Signatures

2013-07-05 15:10:04  -------- d-----w-           C:\Windows\Temp6E6EF1CC-375D-B4C8-DBF1-22FE5E364CE1-Signatures

2013-07-05 12:27:25  -------- d-----w-           C:\Windows\Temp6A5D260D-5D03-60AE-5177-591387BEC493-Signatures

2013-07-05 11:22:10  -------- d-----w-           C:\Windows\TempEFAB7D53-CAA4-9B3D-3D21-0268D5030CB6-Signatures

2013-07-05 11:13:55  3717632          ----a-w-           C:\Windows\System32\mstscax.dll

2013-07-05 11:11:31  1887232          ----a-w-           C:\Windows\System32\d3d11.dll

2013-07-05 11:11:30  1505280          ----a-w-           C:\Windows\SysWow64\d3d11.dll

2013-07-05 11:07:53  -------- d-----w-           C:\Windows\Temp41434B5F-D081-ABE6-A2BA-B9B767D72B06-Signatures

2013-07-05 10:57:42  -------- d-----w-           C:\Program Files (x86)\SystemRequirementsLab

2013-07-05 10:41:25  96168  ----a-w-            C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-05 10:39:20  159744            ----a-w-           C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2013-07-05 10:39:20  159744            ----a-w-           C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2013-07-05 10:39:20  159744            ----a-w-           C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2013-07-05 10:39:20  159744            ----a-w-           C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2013-07-05 10:39:20  159744            ----a-w-           C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2013-07-04 04:07:09  72016  ----a-w-           C:\Windows\System32\drivers\aswRdr2.sys

2013-07-04 04:07:06  189936            ----a-w-            C:\Windows\System32\drivers\aswVmm.sys

2013-07-04 04:07:06  1030952          ----a-w-            C:\Windows\System32\drivers\aswSnx.sys

2013-07-04 04:07:05  65336  ----a-w-           C:\Windows\System32\drivers\aswRvrt.sys

2013-07-04 04:07:03  80816  ----a-w-           C:\Windows\System32\drivers\aswMonFlt.sys

2013-07-04 04:06:46  41664  ----a-w-           C:\Windows\avastSS.scr

2013-07-04 04:06:33  -------- d-----w-           C:\Program Files\AVAST Software

2013-07-04 04:00:55  -------- d-----w-           C:\ProgramData\AVAST Software

2013-07-03 18:42:23  -------- d-----w-           C:\Program Files (x86)\safemodemalware

2013-07-03 17:17:58  -------- d-----w-            C:\ProgramData\CCDCD5022F902E570000CCDC082C3464

2013-07-03 08:32:42  18456  ----a-w-            C:\Windows\System32\drivers\psi_mf_amd64.sys

2013-06-19 05:41:55  76232  ----a-w-           C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8B5084A-E9B1-4373-8661-B5A645D21366}\offreg.dll

2013-06-16 16:45:20  964552            ----a-w-           C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5C3EFAA-CB7D-4830-9C70-8F656A128811}\gapaengine.dll

2013-06-16 16:45:05  9460464          ----a-w-           C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8B5084A-E9B1-4373-8661-B5A645D21366}\mpengine.dll

.

==================== Find3M  ====================

.

2013-07-05 10:41:23  867240            ----a-w-            C:\Windows\SysWow64\npDeployJava1.dll

2013-07-05 10:41:22  789416            ----a-w-            C:\Windows\SysWow64\deployJava1.dll

2013-07-05 10:36:31  71048  ----a-w-            C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-05 10:36:31  692104            ----a-w-            C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 23:43:37  1767936          ----a-w-           C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00  2877440          ----a-w-           C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58  61440  ----a-w-           C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58  109056            ----a-w-           C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20  2241024          ----a-w-           C:\Windows\System32\wininet.dll

2013-06-11 23:25:16  3958784          ----a-w-           C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13  67072  ----a-w-           C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13  136704            ----a-w-           C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45  71680  ----a-w-           C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58  89600  ----a-w-           C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18  2706432          ----a-w-           C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52  2706432          ----a-w-           C:\Windows\SysWow64\mshtml.tlb

2013-05-13 05:51:01  184320            ----a-w-           C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00  1464320          ----a-w-           C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00  139776            ----a-w-           C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40  52224  ----a-w-           C:\Windows\System32\certenc.dll

2013-05-13 04:45:55  140288            ----a-w-           C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55  1160192          ----a-w-           C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55  103936            ----a-w-           C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55  1192448          ----a-w-           C:\Windows\System32\certutil.exe

2013-05-13 03:08:10  903168            ----a-w-           C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06  43008  ----a-w-           C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27  30720  ----a-w-           C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54  24576  ----a-w-           C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01  1910632          ----a-w-           C:\Windows\System32\drivers\tcpip.sys

2013-05-01 07:59:12  94208  ----a-w-           C:\Windows\SysWow64\QuickTimeVR.qtx

2013-05-01 07:59:12  69632  ----a-w-           C:\Windows\SysWow64\QuickTime.qts

2013-04-26 05:51:36  751104            ----a-w-           C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21  492544            ----a-w-           C:\Windows\SysWow64\win32spl.dll

2013-04-17 07:02:06  1230336          ----a-w-            C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46  1424384          ----a-w-            C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23  135168            ----a-w-            C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19  350208            ----a-w-            C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19  308736            ----a-w-            C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19  111104            ----a-w-            C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16  474624            ----a-w-           C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15  2176512          ----a-w-           C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08  1656680          ----a-w-           C:\Windows\System32\drivers\ntfs.sys

.

============= FINISH:  9:59:20.22 ===============

This is the DDS txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/16/2011 10:33:33 AM

System Uptime: 7/11/2013 5:51:43 AM (4 hours ago)

.

Motherboard: Hewlett-Packard |  | 3585

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 447 GiB total, 359.756 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.623 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.

F: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: CyberLink WebCam Virtual Driver

Device ID: ROOT\MEDIA\0000

Manufacturer: CyberLink

Name: CyberLink WebCam Virtual Driver

PNP Device ID: ROOT\MEDIA\0000

Service: clwvd

.

==== System Restore Points ===================

.

RP282: 7/7/2013 9:47:01 AM - Windows Update

RP283: 7/7/2013 8:01:00 PM - Windows Update

RP284: 7/7/2013 10:35:09 PM - Windows Update

RP285: 7/8/2013 4:24:15 AM - Windows Update

RP286: 7/8/2013 4:39:35 PM - Windows Update

RP287: 7/9/2013 8:24:41 AM - Windows Update

RP288: 7/10/2013 12:01:30 AM - adobe

RP289: 7/10/2013 2:05:40 AM - Windows Update

RP290: 7/10/2013 4:11:22 AM - Windows Update

RP291: 7/10/2013 12:06:23 PM - Windows Update

RP292: 7/10/2013 1:45:17 PM - before file deletion

RP293: 7/10/2013 2:48:57 PM - Windows Update

RP294: 7/10/2013 7:53:23 PM - good 2

RP295: 7/11/2013 6:12:13 AM - after rootkill before malware 7/11 6 a.m.

.

==== Installed Programs ======================

.

Able2Extract 7.0

Ad Muncher v4.93.33707

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATT-PRT22

avast! Free Antivirus

Bejeweled 3

BioniCare Express Agent

BioniCare Express Agent 1.2.0.0

Blackhawk Striker 2

Blasterball 3

Bounce Symphony

Cake Mania

Chronicles of Albian

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cradle of Rome 2

CutePDF Writer 2.8

CyberLink YouCam

D3DX10

DefaultTab

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Doxillion Document Converter

Dragon NaturallySpeaking 11

Dropbox

eLecta Live Virtual Room 8.0

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.3

Express Burn

Express Dictate

Express Scribe

Farm Frenzy

FATE

FillPerfect

Free Alarm Clock 2.5.0

Free PDF to Word Doc Converter v1.1

Governor of Poker 2 Premium Edition

GPL Ghostscript 9.00

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Auto

HP Client Services

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Launch Box

HP MovieStore

HP On Screen Display

HP Power Manager

HP Product Detection

HP Quick Launch

HP QuickWeb

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

Intel® Control Center

Intel® Identity Protection Technology 1.2.22.0

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java 7 Update 25

Java Auto Updater

Java™ 6 Update 31

Jewel Quest: The Sleepless Star - Collector's Edition

JMicron Flash Media Controller Driver

Junk Mail filter update

LastPass (uninstall only)

Livescribe Connect

Livescribe Desktop

Mah Jong Medley

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Hotmail Connector 64-bit

Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Store Download Manager

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Mobile App Sync

Movie Maker

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

Penguins!

Photo Common

Photo Gallery

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

QuickTime

REALTEK Wireless LAN Driver

Recovery Manager

RoxioNow Player

Secunia PSI (3.0.0.7011)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Sentinel HASP Run-time

Skype Click to Call

Skype™ 6.5

Slingo Supreme

Speex Voice Audio CODEC

Switch Sound File Converter

Synaptics Pointing Device Driver

System Requirements Lab for Intel

TermPlus

Time Clock MTS V3.3.9

Total Eclipse v5

TypeEasy

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

VIP Access SDK (1.1.0.1)

Virtual Villagers 5 - New Believers

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)

WildTangent Games App

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Zoom Downloader

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

7/9/2013 10:47:06 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.

7/8/2013 11:53:40 AM, Error: Service Control Manager [7031]  - The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

7/5/2013 3:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

7/5/2013 10:39:55 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.

7/11/2013 9:22:43 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891

7/11/2013 9:22:43 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891

7/11/2013 6:01:53 AM, Error: Service Control Manager [7034]  - The DefaultTabUpdate service terminated unexpectedly.  It has done this 1 time(s).

7/11/2013 5:53:16 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.

7/11/2013 5:52:48 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

7/11/2013 5:52:48 AM, Error: Service Control Manager [7000]  - The HP Software Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

7/11/2013 5:52:05 AM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  Access is denied.

7/10/2013 8:34:52 PM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.

7/10/2013 7:43:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/10/2013 7:11:45 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.

7/10/2013 7:11:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/10/2013 7:11:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/10/2013 7:11:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/10/2013 7:11:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/10/2013 7:11:30 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswTdi aswVmm discache MpFilter spldr Wanarpv6

7/10/2013 7:11:30 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

7/10/2013 7:00:01 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/10/2013 6:58:14 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

7/10/2013 6:51:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

7/10/2013 6:39:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/10/2013 6:39:10 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

7/10/2013 5:50:38 PM, Error: Service Control Manager [7003]  - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

7/10/2013 5:50:38 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/10/2013 5:50:38 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/10/2013 3:11:40 AM, Error: Service Control Manager [7001]  - The NisSrv service depends on the Microsoft Network Inspection System service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.

7/10/2013 12:07:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - KB2804527 (4.2.223.1).

.

==== End Of File ===========================

 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 PM

Posted 11 July 2013 - 12:19 PM





Hello knotty panda

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

***** I will need you to download this program from a clean computer and transfer it to this computer via a flash drive or a pen drive to run. *****



I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 11 July 2013 - 07:39 PM

Thanks in advance for all your help, Gringo!  I'm in the path of Chantel as are you so I will keep in touch as best I can.  I also have to admit I'm confused by your instructions.  Did I need to do this in safe mode?  Also, what does "clean" computer mean?  I don't know anyone who has a pristine computer, not unless I go buy a new one.  I just did the best I could.  Also, I have a word processor's trick for all your devoted fans; when copying large amounts of text, click anywhere in the text log, do CRTL A, that will highlight the entire file, then do CTRL C to copy the text and pick it up for copying into the target.

 

Here are the logs:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013

Ran by kathie (administrator) on 11-07-2013 20:27:08

Running from C:\Users\kathie\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

() C:\Users\kathie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(SafeNet Inc.) C:\Windows\system32\hasplms.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe

(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Adknowledge) C:\Program Files (x86)\Mobile App Sync\D2MClient.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Dropbox, Inc.) C:\Users\kathie\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

(Farbar) C:\Users\kathie\Downloads\FRST64(1).exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [168216 2011-05-09] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [392472 2011-05-09] (Intel Corporation)

HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [416024 2011-05-09] (Intel Corporation)

HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-12-24] (IDT, Inc.)

HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess

HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2011-06-04] (Acresso Corporation)

HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)

HKCU\...\Run: [charheme] - C:\Windows\system32\dfrgSVCS.exe [x]

HKCU\...\Run: [MobileAppSync] - "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe" [313856 2013-07-10] (Adknowledge)

HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)

HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [DNS7reminder] - "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" [328992 2010-10-27] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [Ad Muncher] - "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt [595144 2012-07-29] (Murray Hurps Software Pty Ltd)

HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)

HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {365F0755-017E-4463-B69B-D35196DDA078} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - {365F0755-017E-4463-B69B-D35196DDA078} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

HKCU SearchScopes: DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKCU - {365F0755-017E-4463-B69B-D35196DDA078} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {44B9E329-C714-477B-95CC-C30712845D9B} URL = http://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10111&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A5M&apn_dtid=^YYYYYY^YY^US&apn_uid=18f2e7c6-fafb-4965-a4c3-9fabb0791278&apn_sauid=AD241292-7761-40FA-B26E-374A7205CEBF&

SearchScopes: HKCU - {97EB5CDB-A84A-41F8-8569-167FC929ABFC} URL = http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: FillPerfect Base - {86c67927-26bc-4919-82e1-cda7eeb6864f} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader64.dll ()

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll No File

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\kathie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

BHO-x32: FillPerfect Base - {86c67927-26bc-4919-82e1-cda7eeb6864f} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll ()

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll No File

Toolbar: HKLM - FillPerfect Toolbar - {c3510135-b15c-40b2-956f-8dd8f9363ce5} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader64.dll ()

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()

Toolbar: HKLM-x32 - FillPerfect Toolbar - {c3510135-b15c-40b2-956f-8dd8f9363ce5} - C:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll ()

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: HKLM-x32 {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab

DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab

DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab

DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

FireFox:

========

FF ProfilePath: C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: GetSavin - C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\Extensions\getsavin@jetpack

FF Extension: DownloadHelper - C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: FoxLingo - C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

FF Extension: addon - C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\Extensions\addon@defaulttab.com.xpi

FF Extension: No Name - C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\Extensions\{6f04cb43-71c3-47cf-9fa9-7464156991e8}.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

 

Chrome:

=======

 

==================== Services (Whitelisted) =================

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)

R2 DefaultTabUpdate; C:\Users\kathie\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-10] ()

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)

R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] ()

R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe)

 

==================== Drivers (Whitelisted) ====================

 

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)

R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-05-09] (AVAST Software)

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)

R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-13] (ALWIL Software)

R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-04] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-04] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-04] ()

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)

S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA))

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S1 ddzpopww; \??\C:\Windows\system32\drivers\ddzpopww.sys [x]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]

S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-07-11 20:25 - 2013-07-11 20:25 - 00000000 ____D C:\FRST

2013-07-11 10:36 - 2013-05-09 04:59 - 00270824 ____A (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys

2013-07-11 10:36 - 2013-05-09 04:59 - 00131232 ____A (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys

2013-07-11 10:36 - 2013-05-09 04:59 - 00022600 ____A (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2013-07-11 10:36 - 2013-03-13 14:01 - 00012368 ____A (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys

2013-07-10 23:30 - 2013-07-10 23:30 - 00000000 ____D C:\Program Files (x86)\Secunia

2013-07-10 20:56 - 2013-07-10 20:56 - 00000000 ____D C:\Program Files (x86)\Mobile App Sync

2013-07-10 19:15 - 2013-07-10 19:22 - 00000000 ____A C:\end

2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Windows\erdnt

2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Qoobox

2013-07-10 18:51 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe

2013-07-10 18:51 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe

2013-07-10 18:51 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-07-10 18:51 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-07-10 18:51 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-07-10 18:51 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe

2013-07-10 18:51 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe

2013-07-10 18:51 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe

2013-07-10 14:49 - 2013-07-10 14:49 - 00000000 ____D C:\fe6f421d9a5716aa71e8395b66dcda

2013-07-10 12:07 - 2013-07-10 12:07 - 00000000 ____D C:\Windows\Temp9E907599-BC93-FE91-3A6A-4F5CDA14A5F7-Signatures

2013-07-10 04:11 - 2013-07-10 04:11 - 00000000 ____D C:\Windows\TempA8CE28B1-5936-CE6F-B222-C1DE7F5F06D4-Signatures

2013-07-10 02:12 - 2013-06-11 19:43 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-10 02:12 - 2013-06-11 19:43 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-10 02:12 - 2013-06-11 19:43 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-10 02:12 - 2013-06-11 19:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-10 02:12 - 2013-06-11 19:43 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-10 02:12 - 2013-06-11 19:43 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-10 02:12 - 2013-06-11 19:43 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-10 02:12 - 2013-06-11 19:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-10 02:12 - 2013-06-11 19:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-10 02:12 - 2013-06-11 19:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-10 02:12 - 2013-06-11 19:42 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-10 02:12 - 2013-06-11 19:42 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-10 02:12 - 2013-06-11 19:42 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-10 02:12 - 2013-06-11 19:26 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-10 02:12 - 2013-06-11 19:26 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-10 02:12 - 2013-06-11 19:26 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-10 02:12 - 2013-06-11 19:25 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-10 02:12 - 2013-06-11 19:25 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-10 02:12 - 2013-06-11 18:51 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-10 02:12 - 2013-06-11 18:50 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-10 02:12 - 2013-06-06 23:22 - 02706432 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-10 02:12 - 2013-06-06 22:37 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-10 02:11 - 2013-07-10 02:11 - 00000000 ____D C:\Windows\Temp3398654C-F88B-2FAB-8DD2-924AC2F2BD6F-Signatures

2013-07-09 19:11 - 2013-07-09 22:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-09 19:04 - 2013-06-04 23:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-09 19:04 - 2013-06-04 02:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-09 19:04 - 2013-06-04 00:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-09 19:04 - 2013-05-06 02:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-09 19:04 - 2013-05-06 00:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-09 19:04 - 2013-04-09 19:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-09 19:04 - 2013-04-02 18:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-09 08:25 - 2013-07-09 08:25 - 00000000 ____D C:\Windows\Temp7EDB85BC-E750-0B22-F5C6-96ABC4B441BA-Signatures

2013-07-08 16:40 - 2013-07-08 16:40 - 00000000 ____D C:\Windows\TempB01BB421-1B1F-BB20-252A-FF823594D9AB-Signatures

2013-07-08 04:24 - 2013-07-08 04:24 - 00000000 ____D C:\Windows\TempA195AE90-7CED-66F7-3DFF-284A72EF236D-Signatures

2013-07-07 22:35 - 2013-07-07 22:35 - 00000000 ____D C:\Windows\Temp11657FA4-2A14-C949-4D60-E81BCA7C12E1-Signatures

2013-07-07 20:01 - 2013-07-07 20:01 - 00000000 ____D C:\Windows\Temp83534F2E-52EA-37FA-93E9-14C0B899ABD0-Signatures

2013-07-07 09:47 - 2013-07-07 09:47 - 00000000 ____D C:\Windows\TempB1EBDC00-1BF4-BF92-9D2D-C9A2EAF462DD-Signatures

2013-07-07 03:06 - 2013-07-07 03:06 - 00000000 ____D C:\Windows\Temp5139AEF0-89D1-0FD6-FDA4-C370D5A4A17B-Signatures

2013-07-07 03:00 - 2013-07-07 03:00 - 00000000 ____D C:\Windows\TempE063E419-382F-78B7-9D35-586810F69E92-Signatures

2013-07-06 22:25 - 2013-07-06 22:25 - 00000000 ____D C:\Windows\Temp16D5096C-39B5-362C-CA08-A1CF0E460AEE-Signatures

2013-07-06 02:23 - 2013-07-06 02:23 - 00000000 ____D C:\Windows\TempF0798401-1A13-B6F0-9403-94B2A1E98FA6-Signatures

2013-07-05 19:00 - 2013-07-05 19:00 - 00000000 ____D C:\Windows\TempF99341F9-4B78-7E48-0701-31A3DCBFA859-Signatures

2013-07-05 11:10 - 2013-07-05 11:10 - 00000000 ____D C:\Windows\Temp6E6EF1CC-375D-B4C8-DBF1-22FE5E364CE1-Signatures

2013-07-05 08:29 - 2013-07-05 08:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-05 08:29 - 2013-07-05 08:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-07-05 08:29 - 2013-07-05 08:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-07-05 08:29 - 2013-07-05 08:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-07-05 08:29 - 2013-07-05 08:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec

2013-07-05 08:29 - 2013-07-05 08:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-07-05 08:29 - 2013-07-05 08:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-07-05 08:29 - 2013-07-05 08:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-07-05 08:29 - 2013-07-05 08:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-07-05 08:27 - 2013-07-05 08:31 - 00007201 ____A C:\Windows\IE10_main.log

2013-07-05 08:27 - 2013-07-05 08:27 - 00000000 ____D C:\Windows\Temp6A5D260D-5D03-60AE-5177-591387BEC493-Signatures

2013-07-05 07:22 - 2013-07-05 07:22 - 00000000 ____D C:\Windows\TempEFAB7D53-CAA4-9B3D-3D21-0268D5030CB6-Signatures

2013-07-05 07:18 - 2013-07-10 02:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-05 07:18 - 2013-07-10 02:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-05 07:14 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll

2013-07-05 07:14 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2013-07-05 07:14 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-07-05 07:14 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2013-07-05 07:14 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-07-05 07:14 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2013-07-05 07:14 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\system32\consent.exe

2013-07-05 07:14 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-07-05 07:14 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-07-05 07:14 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-07-05 07:14 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2013-07-05 07:14 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-07-05 07:14 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-07-05 07:14 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-07-05 07:14 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-07-05 07:13 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-07-05 07:13 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-07-05 07:13 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-07-05 07:13 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll

2013-07-05 07:13 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-07-05 07:13 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-07-05 07:13 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-07-05 07:13 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe

2013-07-05 07:13 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2013-07-05 07:13 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2013-07-05 07:13 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-07-05 07:13 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2013-07-05 07:13 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-07-05 07:13 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2013-07-05 07:13 - 2013-03-19 02:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-07-05 07:13 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-07-05 07:13 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll

2013-07-05 07:13 - 2013-03-19 01:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-07-05 07:13 - 2013-03-19 01:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-07-05 07:13 - 2013-03-19 01:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-07-05 07:13 - 2013-03-19 00:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-07-05 07:13 - 2013-03-18 23:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-07-05 07:13 - 2013-02-15 02:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2013-07-05 07:13 - 2013-02-15 02:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2013-07-05 07:13 - 2013-02-15 02:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2013-07-05 07:13 - 2013-02-15 00:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-07-05 07:13 - 2013-02-15 00:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-07-05 07:13 - 2013-02-14 23:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-07-05 07:13 - 2013-02-12 00:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

2013-07-05 07:13 - 2013-01-24 02:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

2013-07-05 07:11 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-07-05 07:11 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2013-07-05 07:07 - 2013-07-05 07:08 - 00000000 ____D C:\Windows\Temp41434B5F-D081-ABE6-A2BA-B9B767D72B06-Signatures

2013-07-05 06:57 - 2013-07-05 06:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab

2013-07-05 06:41 - 2013-07-05 06:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-07-05 06:41 - 2013-07-05 06:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-07-05 06:39 - 2013-07-05 06:39 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-07-04 00:07 - 2013-07-11 18:26 - 00004182 ____A C:\Windows\System32\Tasks\avast! Emergency Update

2013-07-04 00:07 - 2013-07-11 10:36 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-07-04 00:07 - 2013-07-04 00:07 - 01030952 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-07-04 00:07 - 2013-07-04 00:07 - 00378944 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2013-07-04 00:07 - 2013-07-04 00:07 - 00189936 ____A C:\Windows\system32\Drivers\aswVmm.sys

2013-07-04 00:07 - 2013-07-04 00:07 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum

2013-07-04 00:07 - 2013-07-04 00:07 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum

2013-07-04 00:07 - 2013-07-04 00:07 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum

2013-07-04 00:07 - 2013-05-09 04:59 - 00080816 ____A (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-07-04 00:07 - 2013-05-09 04:59 - 00072016 ____A (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-07-04 00:07 - 2013-05-09 04:59 - 00065336 ____A C:\Windows\system32\Drivers\aswRvrt.sys

2013-07-04 00:07 - 2013-05-09 04:59 - 00064288 ____A (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-07-04 00:07 - 2013-05-09 04:59 - 00033400 ____A (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-07-04 00:07 - 2013-05-09 04:58 - 00287840 ____A (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-07-04 00:06 - 2013-07-04 00:06 - 00000000 ____D C:\Program Files\AVAST Software

2013-07-04 00:06 - 2013-05-09 04:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr

2013-07-03 23:25 - 2013-07-03 23:25 - 00003118 ____A C:\Windows\System32\Tasks\{3D72D532-F676-4D5D-86CC-B769E8920F78}

2013-07-03 23:22 - 2013-07-03 23:22 - 00002978 ____A C:\Windows\System32\Tasks\{57DA1792-70C5-4617-AF62-DAF4BF789E2E}

2013-07-03 23:21 - 2013-07-03 23:21 - 00002978 ____A C:\Windows\System32\Tasks\{B7A762C0-A07F-4A8A-8809-57B13170BC18}

2013-07-03 14:42 - 2013-07-11 06:09 - 00000000 ____D C:\Program Files (x86)\safemodemalware

 

==================== One Month Modified Files and Folders =======

 

2013-07-11 20:25 - 2013-07-11 20:25 - 00000000 ____D C:\FRST

2013-07-11 18:32 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-11 18:32 - 2009-07-14 00:45 - 00032064 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-11 18:26 - 2013-07-04 00:07 - 00004182 ____A C:\Windows\System32\Tasks\avast! Emergency Update

2013-07-11 18:25 - 2011-12-18 15:44 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2013-07-11 18:24 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-07-11 18:24 - 2009-07-14 00:51 - 00125065 ____A C:\Windows\setupact.log

2013-07-11 12:36 - 2012-05-18 12:36 - 00000000 ____D C:\Eclipse Backups

2013-07-11 12:36 - 2012-05-18 12:34 - 00000659 ____A C:\test.dat

2013-07-11 12:36 - 1999-11-22 14:41 - 00004062 ____A C:\Windows\Eclipse.ini

2013-07-11 11:04 - 2011-12-16 11:43 - 00003934 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{808877F1-1F09-4C6C-B11B-8A458069D5FD}

2013-07-11 10:36 - 2013-07-04 00:07 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-07-11 06:09 - 2013-07-03 14:42 - 00000000 ____D C:\Program Files (x86)\safemodemalware

2013-07-10 23:30 - 2013-07-10 23:30 - 00000000 ____D C:\Program Files (x86)\Secunia

2013-07-10 23:30 - 2011-12-07 16:58 - 01794589 ____A C:\Windows\WindowsUpdate.log

2013-07-10 21:55 - 2009-07-14 01:13 - 00783394 ____A C:\Windows\system32\PerfStringBackup.INI

2013-07-10 21:28 - 2011-12-16 11:43 - 00001413 ____A C:\Users\kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-07-10 20:56 - 2013-07-10 20:56 - 00000000 ____D C:\Program Files (x86)\Mobile App Sync

2013-07-10 19:51 - 2011-12-16 11:33 - 00000000 ____D C:\Users\kathie

2013-07-10 19:22 - 2013-07-10 19:15 - 00000000 ____A C:\end

2013-07-10 19:22 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2013-07-10 19:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2013-07-10 19:10 - 2010-11-20 23:47 - 00573474 ____A C:\Windows\PFRO.log

2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Windows\erdnt

2013-07-10 18:51 - 2013-07-10 18:51 - 00000000 ____D C:\Qoobox

2013-07-10 14:49 - 2013-07-10 14:49 - 00000000 ____D C:\fe6f421d9a5716aa71e8395b66dcda

2013-07-10 12:07 - 2013-07-10 12:07 - 00000000 ____D C:\Windows\Temp9E907599-BC93-FE91-3A6A-4F5CDA14A5F7-Signatures

2013-07-10 12:07 - 2011-12-17 16:51 - 00002106 ____A C:\Windows\epplauncher.mif

2013-07-10 04:11 - 2013-07-10 04:11 - 00000000 ____D C:\Windows\TempA8CE28B1-5936-CE6F-B222-C1DE7F5F06D4-Signatures

2013-07-10 02:58 - 2009-07-14 00:45 - 00417416 ____A C:\Windows\system32\FNTCACHE.DAT

2013-07-10 02:57 - 2013-07-05 07:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-10 02:56 - 2013-07-05 07:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-10 02:13 - 2011-12-19 08:58 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-07-10 02:11 - 2013-07-10 02:11 - 00000000 ____D C:\Windows\Temp3398654C-F88B-2FAB-8DD2-924AC2F2BD6F-Signatures

2013-07-10 02:11 - 2012-05-01 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-07-10 02:11 - 2011-12-17 16:51 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-07-09 23:34 - 2012-05-12 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-09 22:43 - 2013-07-09 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-09 08:25 - 2013-07-09 08:25 - 00000000 ____D C:\Windows\Temp7EDB85BC-E750-0B22-F5C6-96ABC4B441BA-Signatures

2013-07-08 16:40 - 2013-07-08 16:40 - 00000000 ____D C:\Windows\TempB01BB421-1B1F-BB20-252A-FF823594D9AB-Signatures

2013-07-08 04:24 - 2013-07-08 04:24 - 00000000 ____D C:\Windows\TempA195AE90-7CED-66F7-3DFF-284A72EF236D-Signatures

2013-07-07 22:35 - 2013-07-07 22:35 - 00000000 ____D C:\Windows\Temp11657FA4-2A14-C949-4D60-E81BCA7C12E1-Signatures

2013-07-07 20:01 - 2013-07-07 20:01 - 00000000 ____D C:\Windows\Temp83534F2E-52EA-37FA-93E9-14C0B899ABD0-Signatures

2013-07-07 09:47 - 2013-07-07 09:47 - 00000000 ____D C:\Windows\TempB1EBDC00-1BF4-BF92-9D2D-C9A2EAF462DD-Signatures

2013-07-07 03:06 - 2013-07-07 03:06 - 00000000 ____D C:\Windows\Temp5139AEF0-89D1-0FD6-FDA4-C370D5A4A17B-Signatures

2013-07-07 03:00 - 2013-07-07 03:00 - 00000000 ____D C:\Windows\TempE063E419-382F-78B7-9D35-586810F69E92-Signatures

2013-07-07 02:05 - 2011-12-19 08:42 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-07-07 01:15 - 2013-03-23 19:36 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForkathie.job

2013-07-06 22:25 - 2013-07-06 22:25 - 00000000 ____D C:\Windows\Temp16D5096C-39B5-362C-CA08-A1CF0E460AEE-Signatures

2013-07-06 19:49 - 2012-06-17 03:43 - 00003192 ____A C:\Windows\System32\Tasks\HPCeeScheduleForkathie

2013-07-06 19:49 - 2012-01-07 20:14 - 00000000 ____A C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-07-06 19:49 - 2011-12-24 16:52 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-07-06 02:23 - 2013-07-06 02:23 - 00000000 ____D C:\Windows\TempF0798401-1A13-B6F0-9403-94B2A1E98FA6-Signatures

2013-07-06 00:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-07-05 19:00 - 2013-07-05 19:00 - 00000000 ____D C:\Windows\TempF99341F9-4B78-7E48-0701-31A3DCBFA859-Signatures

2013-07-05 11:10 - 2013-07-05 11:10 - 00000000 ____D C:\Windows\Temp6E6EF1CC-375D-B4C8-DBF1-22FE5E364CE1-Signatures

2013-07-05 10:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-07-05 08:31 - 2013-07-05 08:27 - 00007201 ____A C:\Windows\IE10_main.log

2013-07-05 08:29 - 2013-07-05 08:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-05 08:29 - 2013-07-05 08:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-07-05 08:29 - 2013-07-05 08:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-07-05 08:29 - 2013-07-05 08:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-07-05 08:29 - 2013-07-05 08:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\system32\html.iec

2013-07-05 08:29 - 2013-07-05 08:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-07-05 08:29 - 2013-07-05 08:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-07-05 08:29 - 2013-07-05 08:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-07-05 08:29 - 2013-07-05 08:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-07-05 08:29 - 2013-07-05 08:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-07-05 08:29 - 2013-07-05 08:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-07-05 08:27 - 2013-07-05 08:27 - 00000000 ____D C:\Windows\Temp6A5D260D-5D03-60AE-5177-591387BEC493-Signatures

2013-07-05 07:35 - 2011-12-16 11:43 - 00000476 ___SH C:\Users\kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

2013-07-05 07:35 - 2011-12-16 11:43 - 00000174 ___SH C:\Users\kathie\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

2013-07-05 07:35 - 2011-12-16 11:43 - 00000000 ___RD C:\Users\kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-07-05 07:35 - 2011-12-16 11:43 - 00000000 ___RD C:\Users\kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-07-05 07:22 - 2013-07-05 07:22 - 00000000 ____D C:\Windows\TempEFAB7D53-CAA4-9B3D-3D21-0268D5030CB6-Signatures

2013-07-05 07:08 - 2013-07-05 07:07 - 00000000 ____D C:\Windows\Temp41434B5F-D081-ABE6-A2BA-B9B767D72B06-Signatures

2013-07-05 06:57 - 2013-07-05 06:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab

2013-07-05 06:41 - 2013-07-05 06:41 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-07-05 06:41 - 2013-07-05 06:41 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-07-05 06:41 - 2013-01-23 17:35 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-07-05 06:41 - 2013-01-23 17:35 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-07-05 06:41 - 2012-09-06 16:56 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-07-05 06:41 - 2012-04-11 07:49 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-07-05 06:39 - 2013-07-05 06:39 - 00000000 ____D C:\Program Files (x86)\QuickTime

2013-07-05 06:36 - 2013-03-03 17:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-07-05 06:36 - 2013-03-03 17:12 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-07-04 00:07 - 2013-07-04 00:07 - 01030952 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-07-04 00:07 - 2013-07-04 00:07 - 00378944 ____A (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2013-07-04 00:07 - 2013-07-04 00:07 - 00189936 ____A C:\Windows\system32\Drivers\aswVmm.sys

2013-07-04 00:07 - 2013-07-04 00:07 - 00000175 ____A C:\Windows\system32\Drivers\aswVmm.sys.sum

2013-07-04 00:07 - 2013-07-04 00:07 - 00000175 ____A C:\Windows\system32\Drivers\aswSP.sys.sum

2013-07-04 00:07 - 2013-07-04 00:07 - 00000175 ____A C:\Windows\system32\Drivers\aswSnx.sys.sum

2013-07-04 00:06 - 2013-07-04 00:06 - 00000000 ____D C:\Program Files\AVAST Software

2013-07-03 23:25 - 2013-07-03 23:25 - 00003118 ____A C:\Windows\System32\Tasks\{3D72D532-F676-4D5D-86CC-B769E8920F78}

2013-07-03 23:22 - 2013-07-03 23:22 - 00002978 ____A C:\Windows\System32\Tasks\{57DA1792-70C5-4617-AF62-DAF4BF789E2E}

2013-07-03 23:21 - 2013-07-03 23:21 - 00002978 ____A C:\Windows\System32\Tasks\{B7A762C0-A07F-4A8A-8809-57B13170BC18}

2013-07-03 16:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Resources

2013-07-03 11:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing

2013-06-30 17:54 - 2011-12-28 01:00 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2013-06-29 10:48 - 2012-04-10 17:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-19 15:27 - 2009-07-14 01:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-06-16 02:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

2013-06-11 19:43 - 2013-07-10 02:12 - 14329856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-11 19:43 - 2013-07-10 02:12 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-11 19:43 - 2013-07-10 02:12 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-11 19:43 - 2013-07-10 02:12 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-11 19:43 - 2013-07-10 02:12 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-11 19:43 - 2013-07-10 02:12 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-11 19:43 - 2013-07-10 02:12 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-11 19:42 - 2013-07-10 02:12 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-11 19:42 - 2013-07-10 02:12 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-11 19:42 - 2013-07-10 02:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-11 19:42 - 2013-07-10 02:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-06-11 19:42 - 2013-07-10 02:12 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-06-11 19:42 - 2013-07-10 02:12 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-06-11 19:26 - 2013-07-10 02:12 - 02241024 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-06-11 19:26 - 2013-07-10 02:12 - 01365504 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-06-11 19:26 - 2013-07-10 02:12 - 00051712 ____A (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-06-11 19:25 - 2013-07-10 02:12 - 19238912 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 15404032 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 03958784 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 02648576 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 00855552 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 00603136 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 00136704 ____A (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 00067072 ____A (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 00053248 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-06-11 19:25 - 2013-07-10 02:12 - 00039936 ____A (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-06-11 18:51 - 2013-07-10 02:12 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-06-11 18:50 - 2013-07-10 02:12 - 00089600 ____A (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

 

 

LastRegBack: 2013-07-03 08:47

 

==================== End Of Log ============================

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-07-2013

Ran by kathie at 2013-07-11 20:27:33

Running from C:\Users\kathie\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

  

Able2Extract 7.0 (x32 Version: 7.0)

Ad Muncher v4.93.33707 (x32)

Adobe AIR (x32 Version: 3.7.0.2090)

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)

Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)

Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)

Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)

Apple Application Support (x32 Version: 2.3.4)

Apple Software Update (x32 Version: 2.1.3.127)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.2.43)

ATT-PRT22 (x32)

avast! Internet Security (x32 Version: 8.0.1489.0)

Bejeweled 3 (x32 Version: 2.2.0.97)

BioniCare Express Agent (x32 Version: 1.1.0)

BioniCare Express Agent 1.2.0.0 (x32 Version: 1.2.0.0)

Blackhawk Striker 2 (x32 Version: 2.2.0.95)

Blasterball 3 (x32 Version: 2.2.0.97)

Bounce Symphony (x32 Version: 2.2.0.97)

Cake Mania (x32 Version: 2.2.0.95)

Chronicles of Albian (x32 Version: 2.2.0.95)

Chuzzle Deluxe (x32 Version: 2.2.0.95)

Cisco EAP-FAST Module (x32 Version: 2.2.14)

Cisco LEAP Module (x32 Version: 1.0.19)

Cisco PEAP Module (x32 Version: 1.1.6)

Cradle of Rome 2 (x32 Version: 2.2.0.95)

CyberLink YouCam (x32 Version: 3.5.1.4119)

D3DX10 (x32 Version: 15.4.2368.0902)

DefaultTab (x32 Version: 2.2.8.0)

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Doxillion Document Converter (x32)

Dragon NaturallySpeaking 11 (x32 Version: 11.50.100)

Dropbox (HKCU Version: 2.0.22)

eLecta Live Virtual Room 8.0 (x32 Version: 8.0)

ePDF Writer 2.8

ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)

Evernote v. 4.2.3 (x32 Version: 4.2.3.22)

Express Burn (x32)

Express Dictate (x32)

Express Scribe (x32)

Farm Frenzy (x32 Version: 2.2.0.95)

FATE (x32 Version: 2.2.0.97)

FillPerfect (x32 Version: 4.0.3)

Free Alarm Clock 2.5.0 (x32 Version: 2.5)

Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)

GPL Ghostscript 9.00 (x32)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)

HP 3D DriveGuard (Version: 4.1.16.1)

HP Auto (Version: 1.0.12935.3667)

HP Client Services (Version: 1.1.12938.3539)

HP CoolSense (x32 Version: 2.10.51)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP Documentation (x32 Version: 1.1.0.0)

HP Games (x32 Version: 1.0.2.5)

HP Launch Box (Version: 1.1.5)

HP MovieStore (x32 Version: 1.0.057)

HP MovieStore (x32 Version: 2.0)

HP On Screen Display (x32 Version: 1.3.5)

HP Power Manager (x32 Version: 1.4.7)

HP Product Detection (x32 Version: 11.14.0001)

HP Quick Launch (x32 Version: 2.7.2)

HP QuickWeb (x32 Version: 3.1.0.9742)

HP Setup (x32 Version: 8.7.4751.3798)

HP Setup Manager (x32 Version: 1.1.13476.3753)

HP Software Framework (x32 Version: 4.5.12.1)

HP Support Assistant (x32 Version: 7.0.39.15)

IDT Audio (x32 Version: 1.0.6351.0)

Intel® Control Center (x32 Version: 1.2.1.1007)

Intel® Identity Protection Technology 1.2.22.0 (x32 Version: 1.2.22.0)

Intel® Management Engine Components (x32 Version: 7.0.0.1144)

Intel® Processor Graphics (x32 Version: 8.15.10.2372)

Intel® Rapid Storage Technology (x32 Version: 10.6.0.1002)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Java™ 6 Update 31 (x32 Version: 6.0.310)

Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)

JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2)

Junk Mail filter update (x32 Version: 16.4.3503.0728)

LastPass (uninstall only) (x32)

Livescribe Connect (x32 Version: 1.2.0)

Livescribe Connect (x32 Version: 1.2.0.57264)

Livescribe Desktop (x32 Version: 2.8.2)

Mah Jong Medley (x32 Version: 2.2.0.95)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Outlook Hotmail Connector 64-bit (Version: 14.0.5118.5000)

Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (Version: 14.0.5120.5000)

Microsoft Security Client (Version: 4.1.0522.0)

Microsoft Security Essentials (Version: 4.1.522.0)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft SkyDrive (HKCU Version: 16.4.6010.0727)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Store Download Manager (x32 Version: 2.8.4431.2)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Mobile App Sync (x32)

Movie Maker (x32 Version: 16.4.3503.0728)

Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)

Mozilla Maintenance Service (x32 Version: 22.0)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1108.0727)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)

Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)

Penguins! (x32 Version: 2.2.0.95)

Photo Common (x32 Version: 16.4.3503.0728)

Photo Gallery (x32 Version: 16.4.3503.0728)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)

PlayReady PC Runtime x86 (x32 Version: 1.3.0)

Poker Superstars III (x32 Version: 2.2.0.95)

Polar Bowler (x32 Version: 2.2.0.97)

Polar Golfer (x32 Version: 2.2.0.95)

QuickTime (x32 Version: 7.74.80.86)

REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)

Recovery Manager (x32 Version: 2.0.0)

RoxioNow Player (x32 Version: 1.9.5.103)

Sentinel HASP Run-time (x32 Version: 5.10.1.17163)

Skype Click to Call (x32 Version: 6.9.12585)

Skype™ 6.5 (x32 Version: 6.5.158)

Slingo Supreme (x32 Version: 2.2.0.97)

Speex Voice Audio CODEC (x32)

Switch Sound File Converter (x32)

Synaptics Pointing Device Driver (Version: 15.3.29.0)

System Requirements Lab for Intel (x32 Version: 4.5.13.0)

TermPlus (x32 Version: 1.0.0)

Time Clock MTS V3.3.9 (x32)

Total Eclipse v5 (x32 Version: 5.0.0.16)

TypeEasy (x32 Version: 1.0.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

Update Installer for WildTangent Games App (x32)

Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)

VIP Access SDK (1.1.0.1)  (x32 Version: 1.1.0.1)

Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.200)

WildTangent Games App (x32 Version: 4.0.8.7)

Windows Live Communications Platform (x32 Version: 16.4.3503.0728)

Windows Live Essentials (x32 Version: 16.4.3503.0728)

Windows Live Family Safety (Version: 16.4.3503.0728)

Windows Live Family Safety (x32 Version: 16.4.3503.0728)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (x32 Version: 16.4.3503.0728)

Windows Live Mail (x32 Version: 16.4.3503.0728)

Windows Live Messenger (x32 Version: 16.4.3503.0728)

Windows Live MIME IFilter (Version: 16.4.3503.0728)

Windows Live Photo Common (x32 Version: 16.4.3503.0728)

Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)

Windows Live SOXE (x32 Version: 16.4.3503.0728)

Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)

Windows Live UX Platform (x32 Version: 16.4.3503.0728)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)

Windows Live Writer (x32 Version: 16.4.3503.0728)

Windows Live Writer Resources (x32 Version: 16.4.3503.0728)

Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

Zuma Deluxe (x32 Version: 2.2.0.95)

 

==================== Restore Points  =========================

 

07-07-2013 13:47:01 Windows Update

08-07-2013 00:01:00 Windows Update

08-07-2013 02:35:09 Windows Update

08-07-2013 08:24:15 Windows Update

08-07-2013 20:39:35 Windows Update

09-07-2013 12:24:41 Windows Update

10-07-2013 04:01:30 adobe

10-07-2013 06:05:40 Windows Update

10-07-2013 08:11:22 Windows Update

10-07-2013 16:06:23 Windows Update

10-07-2013 17:45:17 before file deletion

10-07-2013 18:48:57 Windows Update

10-07-2013 23:53:23 good 2

11-07-2013 10:12:13 after rootkill before malware 7/11 6 a.m.

 

==================== Hosts content: ==========================

 

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0E67B687-5353-4174-B24D-0F881A655740} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)

Task: {19E3B18E-2748-4AF0-B62D-D7B9E43F44EE} - System32\Tasks\User_Feed_Synchronization-{808877F1-1F09-4C6C-B11B-8A458069D5FD} => C:\Windows\system32\msfeedssync.exe [2013-07-05] (Microsoft Corporation)

Task: {1F73AFAC-F808-446B-BB79-8BD10D94B0D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {273D7AC9-9C25-4D11-A1DB-6998DC49F2B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {2BD7ED9E-D1C5-4711-80CA-6854F797B638} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-10] (Hewlett-Packard)

Task: {3BA63328-6AC0-4C47-89BC-51D16ED4B897} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)

Task: {3DC07389-B418-4EBD-BE93-2203B0BC6C19} - System32\Tasks\NCH Software\switchShakeIcon => C:\Program Files (x86)\NCH Software\Switch\Switch.exe [2012-01-28] (NCH Software)

Task: {3F7ED20E-170D-4193-B60F-4D8D2B635E05} - System32\Tasks\BioniCareExpressAgent => C:\Program Files (x86)\BioniCare Express Agent\BioniCare Express Agent.exe [2012-01-06] (VQ OrthoCare)

Task: {40ED8CC3-CD6D-4AA0-A5B0-416CD72C8E9C} - System32\Tasks\NCH Software\doxillionShakeIcon => C:\Program Files (x86)\NCH Software\Doxillion\Doxillion.exe [2012-03-22] (NCH Software)

Task: {47399DF1-919E-4075-8BB6-7910755638E3} - System32\Tasks\BioniCare Express Agent => C:\Program No File

Task: {5AA25F31-93D6-4043-A33F-E21DBE514167} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {5AB61D2E-C8D5-457F-A01A-823FA13B51EF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)

Task: {6DCB6657-C322-4A40-8271-E567ABC5E074} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {73630F14-86E1-4823-9A79-A811F64F5C59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => C:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2013-06-18] (Hewlett-Packard)

Task: {74DA09BA-505A-4B0F-8C21-51428447134E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2012-09-12] ()

Task: {88A10738-A99A-4CAA-90F2-E2D831864AA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-10] (Hewlett-Packard)

Task: {930D8210-595D-4A3C-8BF1-D74E0618DB2F} - System32\Tasks\{F2C00989-5B0C-450D-B97F-D689DC769644} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE No File

Task: {9EF907D3-3A07-4C58-B1E6-14C94F486F6A} - System32\Tasks\{B7A762C0-A07F-4A8A-8809-57B13170BC18} => C:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12] ()

Task: {D848A5E3-8D95-4DC8-BD26-B9E9CE069821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => C:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2013-06-18] (Hewlett-Packard)

Task: {DCE200CC-3E2D-4F9B-853B-4FB785002647} - System32\Tasks\HPCeeScheduleForkathie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {E5A305A0-986E-4A0F-B8B3-B824A4B64AA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {EF4B10B3-FC27-485C-A312-0A4270A750F0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)

Task: {EFB57B37-3396-4972-B1AD-9729259EC7BA} - System32\Tasks\{57DA1792-70C5-4617-AF62-DAF4BF789E2E} => C:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12] ()

Task: C:\Windows\Tasks\HPCeeScheduleForkathie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Faulty Device Manager Devices =============

 

Name: CyberLink WebCam Virtual Driver

Description: CyberLink WebCam Virtual Driver

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: CyberLink

Service: clwvd

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/11/2013 06:25:36 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 06:20:15 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 01:59:11 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 00:31:14 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 10:45:08 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 07:35:56 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (07/11/2013 05:53:16 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 03:05:24 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/10/2013 11:34:54 PM) (Source: Application Hang) (User: )

Description: The program psi.exe version 3.0.0.7011 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: ba8

 

Start Time: 01ce7de78b18e589

 

Termination Time: 10

 

Application Path: C:\Program Files (x86)\Secunia\PSI\psi.exe

 

Report Id: d4b1df63-e9da-11e2-966c-78e3b56189a7

 

Error: (07/10/2013 08:35:00 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (07/11/2013 08:20:17 PM) (Source: Service Control Manager) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error:

%%-2147024891

 

Error: (07/11/2013 08:20:17 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:

%%-2147024891

 

Error: (07/11/2013 07:06:02 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:

%%-2147024891

 

Error: (07/11/2013 07:06:02 PM) (Source: Service Control Manager) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error:

%%-2147024891

 

Error: (07/11/2013 06:55:16 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:

%%-2147024891

 

Error: (07/11/2013 06:55:16 PM) (Source: Service Control Manager) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error:

%%-2147024891

 

Error: (07/11/2013 06:54:15 PM) (Source: Service Control Manager) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error:

%%-2147024891

 

Error: (07/11/2013 06:54:15 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:

%%-2147024891

 

Error: (07/11/2013 06:48:15 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:

%%-2147024891

 

Error: (07/11/2013 06:48:15 PM) (Source: Service Control Manager) (User: )

Description: The Function Discovery Resource Publication service terminated with the following error:

%%-2147024891

 

 

Microsoft Office Sessions:

=========================

Error: (07/11/2013 06:25:36 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 06:20:15 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 01:59:11 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 00:31:14 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 10:45:08 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 07:35:56 AM) (Source: SideBySide)(User: )

Description: C:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll.ManifestC:\Program Files (x86)\2424 Software\FillPerfect\adxloader.dll.Manifest2

 

Error: (07/11/2013 05:53:16 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/11/2013 03:05:24 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/10/2013 11:34:54 PM) (Source: Application Hang)(User: )

Description: psi.exe3.0.0.7011ba801ce7de78b18e58910C:\Program Files (x86)\Secunia\PSI\psi.exed4b1df63-e9da-11e2-966c-78e3b56189a7

 

Error: (07/10/2013 08:35:00 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-07-10 19:00:01.956

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-07-10 19:00:01.894

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 49%

Total physical RAM: 4043.86 MB

Available physical RAM: 2043.42 MB

Total Pagefile: 8085.9 MB

Available Pagefile: 5865.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:447 GB) (Free:359.52 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

Drive d: (Recovery) (Fixed) (Total:14.6 GB) (Free:1.62 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 (Disk=0 Partition=4)

Drive f: (NIGHT_WRAP) (CDROM) (Total:0.54 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FA459A50)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

 

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 PM

Posted 12 July 2013 - 08:13 AM

Hello knotty panda



I need you to download this script I have made for you --> Attached File  fixlist.txt   359bytes   6 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 July 2013 - 10:08 AM

Its asking me to update the software, is that normal or the virus? 



#6 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 July 2013 - 11:02 AM

Its telling me,

 

No fixlist.txt found.

 

The fixlist.txt should be made and saved in the same directory the tool is located.

 

 

 

 



#7 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 July 2013 - 11:28 AM

Ok, I got it.  Please tell me I was supposed to reboot!  That's what FRST said to do and I just did it!  Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013

Ran by kathie at 2013-07-12 12:18:06 Run:1

Running from C:\Users\kathie\Downloads

Boot Mode: Normal

==============================================

 

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\charheme => Value deleted successfully.

"C:\Windows\system32\dfrgSVCS.exe " => File/Directory not found.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.

"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.

"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.

 

=========  Dir /b /a:l "C:\Program Files" /s =========

 

File Not Found

 

========= End of CMD: =========

 

 

 

The system needs a manual reboot.

 

==== End of Fixlog ====



#8 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 July 2013 - 11:34 AM

YOU ARE AMAZING!  AN ABSOLUTE KING OF THE WORLD!  I had a little test download I used to see if the system was working.  I would go to Lodge Cast Iron and try to download their catalog.  I would get the infected message.  I just tried it again.

 

IT WORKED!!!!!!!!!!!!!!!!!!!!!!!

 

Now, what do I need to do?  I swear, you can cure a rainy day.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 PM

Posted 12 July 2013 - 05:58 PM



Hello knotty panda

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 July 2013 - 07:27 PM

Everything seems to be working fantastically!  I was able to download easily.  Here are the logs:

 

AdwCleaner:

 

# AdwCleaner v2.305 - Logfile created 07/12/2013 at 19:58:22
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : kathie - KATHIE-HP
# Boot Mode : Normal
# Running from : C:\Users\kathie\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\extensions\addon@defaulttab.com.xpi
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\kathie\AppData\Local\getsavin
Folder Deleted : C:\Users\kathie\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\kathie\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\kathie\AppData\Roaming\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\kathie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7609 octets] - [12/07/2013 19:58:22]

########## EOF - C:\AdwCleaner[S1].txt - [7669 octets] ##########

 

 

Junk removal tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by kathie on Fri 07/12/2013 at 20:07:40.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{4623a8c4-150d-4983-8982-68c01e7d6541}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{365F0755-017E-4463-B69B-D35196DDA078}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{44B9E329-C714-477B-95CC-C30712845D9B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{97EB5CDB-A84A-41F8-8569-167FC929ABFC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{365F0755-017E-4463-B69B-D35196DDA078}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{01E6566E-385C-4275-8BB5-FE8D93A10704}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{0723242E-9C64-4EF5-B0EF-997AA727AC41}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{07D67668-A43A-4888-874C-5CD18B9D4EA9}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{095F071A-06F0-4C01-8A15-A0253EFEFB31}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{0A1D65BD-1E77-44AF-8AF2-3AEDDDE07520}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{0D3991A0-6425-4655-8050-9992F6B463E5}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{0D69FE06-888D-418B-BFA0-2ACDFC979511}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{0DF45434-A77F-436F-B7BB-9C249EEC6A51}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{11C9C625-9224-4663-9DED-A20A8BD97EE6}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{12E9DF5C-5AC3-4BBD-B2DF-4CBA371E8B80}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{1F6423F7-E8A9-408E-B22F-A1564D8C5584}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{1F87F364-7F54-4D74-9525-2CC2D9F67943}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{200CC6EA-1132-4F60-8789-94BD125876D2}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{23C54E4C-3AC1-4B17-9109-0CA93CB2B96D}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{2720E899-FB04-48C0-B8D2-4BEDA9B3E897}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{27DF0D13-7346-4CE9-BAA9-9E3B5BCF2EF3}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{27FBCC11-3C6B-4D1F-B854-82F8EC064E16}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{2853466F-081E-4D82-92BB-CDD9CA195F68}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{2EE2D294-F536-49CE-A767-76677897AE7B}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{32E0E3D3-82DF-47AA-9A18-05B48BEA5B5F}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{33C44CE8-DF8B-44A9-928B-8E9DCABCCF25}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{3508CAEF-0495-40B9-A046-AC475CC9F618}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{41D768EE-9464-417E-9C17-7F7B1DFF79FA}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{442F31CC-1563-46E1-AAA6-D20D20BE8237}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{443FC791-822A-42F9-A3EA-07B70F84D4EF}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{4CD7426C-148D-4A58-8B8C-060D064C9498}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{511FE65D-97EA-45FA-A8AE-8055031007D1}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{54C2CF8F-B923-4AE7-95E9-553881A57940}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{54E95063-5FCD-4B86-A96A-2F429A751F84}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{55877E76-D7B6-4CE1-A320-23C15E7E70C9}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{5A55BBA6-8417-4726-B286-5C10BE979E88}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{5F30666A-81D2-4107-A038-9D526D309D6D}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{5F9DFA5D-07DE-4F94-B669-6C6BC0F3B65D}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{5FE70A4D-A6FA-48A7-A672-F50E6A5FA37F}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{646909CA-11AB-473A-B6AD-E5D9DD4D38F1}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{659CB294-4DE5-4405-8E8B-4B3B82F35A98}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{67556552-E0D9-46EB-9296-2701B87B0201}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{6BE43910-D260-4FA4-AA8C-B0DACF0BBB77}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{76E2693B-312F-43FE-A1CA-CC549AC7B2EE}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{7B8D7D1D-00A3-439D-95DE-87212942FEFF}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{7DE47970-17B1-4FE1-8EDA-AFA3C589CC9A}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{8770EC73-EDE7-432D-B7C2-F1D920529380}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{8A9586FC-A1CB-4A65-9C68-79B5B084C49C}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{8D3D98B9-3CE7-4C4D-AFA6-F5A2889D45A6}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{91B577BA-CE26-4E55-9528-E423413C6564}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{9AD38228-00AC-402E-80DD-306F57D393A1}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{9DC4F0F6-2F42-4EAD-B5BD-E5ECE8001847}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{A44D849B-7901-4DDD-BC5F-DB55EFCF1D31}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{A46CE4AB-CF3B-43AE-8195-E265C03BE8BA}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{A6D3234D-D638-482D-84A8-E489C65DC3C9}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{A93F9A86-685A-402A-80B7-661F17032B4D}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{AB11C1E1-DFAD-411C-B35B-EB2FF10FD285}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{AC67F479-0696-4D67-A2A9-51F067268688}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{AC6F9950-6410-42C9-87C3-F5365A854910}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{B0CD5E3F-C312-4823-8B6B-6D9C62BF4DDD}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{B15CF87C-D9B0-49DC-A464-781A332C4090}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{B5F5EC48-51F9-4367-906C-5A67C1024DB0}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{C09FE33B-857E-4414-B5DE-6A0DE4B967B2}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{C651F952-621E-4D10-9E58-FFB9B713474E}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{C6FB2199-8DEF-430C-9DC0-F0CC0433C98E}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{C852B0B5-9BE2-4F10-920E-C6D98CB40543}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{C893F7E3-DBC6-4FEA-8CA1-807374396160}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{D5D5D6B2-6721-404A-A5FC-4113EEA251C8}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{DB3F7DCB-4E87-4D6C-9F85-5CD637122B9D}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{DD81A2A2-5C03-4752-9E0E-4A670E55A9E8}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{E0DFBF41-10CF-4BDA-BCD0-5D8262DEF5F1}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{E2815825-ACE9-4E15-9165-949F31542CCD}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{E7473AEB-3F0B-4037-85F0-FD420276518F}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{E969DE86-4DD0-4C19-8BDE-2B02C7C8E79E}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{E98C6511-5037-46D8-ACA4-480A9470D7EC}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{EA223709-3354-469E-9FB5-7F01B2B2BED1}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{EA90DD5C-BFE7-4EC3-AA82-9C9CEA7C67A6}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{EFC17AF3-8B19-44BB-B056-6E9AFBB12E5E}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{F7B9FE26-20AE-48E6-BEFC-4B8F7B258AF8}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{F9DD9CDF-33ED-468B-969A-570F8C23C656}
Successfully deleted: [Empty Folder] C:\Users\kathie\appdata\local\{FC873CDF-C839-48B4-B9D8-B63E6EE4DD84}

 

~~~ FireFox

Emptied folder: C:\Users\kathie\AppData\Roaming\mozilla\firefox\profiles\xscp0x38.default\minidumps [124 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/12/2013 at 20:12:34.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:40 PM

Posted 12 July 2013 - 10:09 PM


Hello knotty panda

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 12 July 2013 - 11:13 PM

It gets to stage 50 then stalls.  I've run it twice.  It stalls at the same place.



#13 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 13 July 2013 - 04:21 AM

Now nothing is working!  I downloaded Link 3.  I'm getting security alerts wherever I click.  I can't find the Combofix log.  I'm getting a message with each click that I am trying to access a registry key that has been or is marked for deletion.  Now what?

 



#14 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 13 July 2013 - 04:27 AM

I found the log.

 

ComboFix 13-07-12.01 - kathie 07/13/2013   4:36.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2554 [GMT -4:00]
Running from: c:\users\kathie\Desktop\ComboFix2.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-13 to 2013-07-13  )))))))))))))))))))))))))))))))
.
.
2013-07-13 08:41 . 2013-07-13 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-13 00:07 . 2013-07-13 00:07 -------- d-----w- c:\windows\ERUNT
2013-07-12 19:27 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-12 19:27 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-12 19:27 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-12 19:27 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 19:27 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-12 19:27 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-12 19:27 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 16:26 . 2013-06-19 09:02 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C1AB020-7054-4533-B5A7-9516D0EEBC08}\gapaengine.dll
2013-07-12 16:26 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08AF4E5A-CAAB-4979-8D82-BFC0BF833B2D}\mpengine.dll
2013-07-12 00:25 . 2013-07-12 16:18 -------- d-----w- C:\FRST
2013-07-11 14:36 . 2013-05-09 08:59 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-07-11 14:36 . 2013-05-09 08:59 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-07-11 14:36 . 2013-05-09 08:59 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-07-11 14:36 . 2013-03-13 18:01 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2013-07-11 03:30 . 2013-07-11 03:30 -------- d-----w- c:\users\kathie\AppData\Local\Secunia PSI
2013-07-11 03:30 . 2013-07-11 03:30 -------- d-----w- c:\program files (x86)\Secunia
2013-07-10 18:49 . 2013-07-10 18:49 -------- d-----w- C:\fe6f421d9a5716aa71e8395b66dcda
2013-07-10 16:07 . 2013-07-10 16:07 -------- d-----w- c:\windows\Temp9E907599-BC93-FE91-3A6A-4F5CDA14A5F7-Signatures
2013-07-10 08:11 . 2013-07-10 08:11 -------- d-----w- c:\windows\TempA8CE28B1-5936-CE6F-B222-C1DE7F5F06D4-Signatures
2013-07-10 06:11 . 2013-07-10 06:11 -------- d-----w- c:\windows\Temp3398654C-F88B-2FAB-8DD2-924AC2F2BD6F-Signatures
2013-07-09 23:04 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-09 23:04 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-09 23:04 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-09 23:04 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-09 23:04 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-09 23:04 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-09 23:04 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-09 23:04 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 23:04 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-09 12:25 . 2013-07-09 12:25 -------- d-----w- c:\windows\Temp7EDB85BC-E750-0B22-F5C6-96ABC4B441BA-Signatures
2013-07-08 20:40 . 2013-07-08 20:40 -------- d-----w- c:\windows\TempB01BB421-1B1F-BB20-252A-FF823594D9AB-Signatures
2013-07-08 08:24 . 2013-07-08 08:24 -------- d-----w- c:\windows\TempA195AE90-7CED-66F7-3DFF-284A72EF236D-Signatures
2013-07-08 02:35 . 2013-07-08 02:35 -------- d-----w- c:\windows\Temp11657FA4-2A14-C949-4D60-E81BCA7C12E1-Signatures
2013-07-08 00:01 . 2013-07-08 00:01 -------- d-----w- c:\windows\Temp83534F2E-52EA-37FA-93E9-14C0B899ABD0-Signatures
2013-07-07 13:47 . 2013-07-07 13:47 -------- d-----w- c:\windows\TempB1EBDC00-1BF4-BF92-9D2D-C9A2EAF462DD-Signatures
2013-07-07 07:06 . 2013-07-07 07:06 -------- d-----w- c:\windows\Temp5139AEF0-89D1-0FD6-FDA4-C370D5A4A17B-Signatures
2013-07-07 07:00 . 2013-07-07 07:00 -------- d-----w- c:\windows\TempE063E419-382F-78B7-9D35-586810F69E92-Signatures
2013-07-07 02:25 . 2013-07-07 02:25 -------- d-----w- c:\windows\Temp16D5096C-39B5-362C-CA08-A1CF0E460AEE-Signatures
2013-07-06 06:23 . 2013-07-06 06:23 -------- d-----w- c:\windows\TempF0798401-1A13-B6F0-9403-94B2A1E98FA6-Signatures
2013-07-05 23:00 . 2013-07-05 23:00 -------- d-----w- c:\windows\TempF99341F9-4B78-7E48-0701-31A3DCBFA859-Signatures
2013-07-05 15:10 . 2013-07-05 15:10 -------- d-----w- c:\windows\Temp6E6EF1CC-375D-B4C8-DBF1-22FE5E364CE1-Signatures
2013-07-05 12:27 . 2013-07-05 12:27 -------- d-----w- c:\windows\Temp6A5D260D-5D03-60AE-5177-591387BEC493-Signatures
2013-07-05 11:22 . 2013-07-05 11:22 -------- d-----w- c:\windows\TempEFAB7D53-CAA4-9B3D-3D21-0268D5030CB6-Signatures
2013-07-05 11:18 . 2013-07-10 06:57 -------- d-----w- c:\program files\Microsoft Silverlight
2013-07-05 11:18 . 2013-07-10 06:56 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-07-05 11:13 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-07-05 11:11 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-07-05 11:11 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-07-05 11:07 . 2013-07-05 11:08 -------- d-----w- c:\windows\Temp41434B5F-D081-ABE6-A2BA-B9B767D72B06-Signatures
2013-07-05 10:57 . 2013-07-05 10:57 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-07-05 10:41 . 2013-07-05 10:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-05 10:41 . 2013-07-05 10:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-05 10:39 . 2013-07-05 10:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-05 10:39 . 2013-07-05 10:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-05 10:39 . 2013-07-05 10:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-05 10:39 . 2013-07-05 10:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-05 10:39 . 2013-07-05 10:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-07-05 10:39 . 2013-07-05 10:39 -------- d-----w- c:\program files (x86)\QuickTime
2013-07-05 10:39 . 2013-07-05 10:39 -------- d-----w- c:\programdata\Apple Computer
2013-07-04 04:07 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-07-04 04:07 . 2013-07-04 04:07 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-04 04:07 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-07-04 04:07 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-07-04 04:07 . 2013-07-04 04:07 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-04 04:07 . 2013-07-04 04:07 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-04 04:07 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-07-04 04:07 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-07-04 04:07 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-07-04 04:06 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-07-04 04:06 . 2013-07-04 04:06 -------- d-----w- c:\program files\AVAST Software
2013-07-04 04:00 . 2013-07-04 04:06 -------- d-----w- c:\programdata\AVAST Software
2013-07-03 18:42 . 2013-07-11 10:09 -------- d-----w- c:\program files (x86)\safemodemalware
2013-07-03 17:17 . 2013-07-03 17:24 -------- d-----w- c:\programdata\CCDCD5022F902E570000CCDC082C3464
2013-06-16 16:45 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-12 20:57 . 2013-03-03 21:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 20:57 . 2013-03-03 21:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-10 06:13 . 2011-12-19 12:58 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-05 10:41 . 2012-09-06 20:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-05 10:41 . 2012-04-11 11:49 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-17 14:19 . 2011-12-19 11:48 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-10 02:49 . 2012-07-17 18:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{86c67927-26bc-4919-82e1-cda7eeb6864f}]
2012-08-18 17:02 483184 ----a-w- c:\program files (x86)\2424 Software\FillPerfect\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c3510135-b15c-40b2-956f-8dd8f9363ce5}"= "c:\program files (x86)\2424 Software\FillPerfect\adxloader.dll" [2012-08-18 483184]
.
[HKEY_CLASSES_ROOT\clsid\{c3510135-b15c-40b2-956f-8dd8f9363ce5}]
[HKEY_CLASSES_ROOT\FillPerfect.FPToolBar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-13 09:54 220608 ----a-w- c:\users\kathie\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-13 09:54 220608 ----a-w- c:\users\kathie\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-13 09:54 220608 ----a-w- c:\users\kathie\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"Ad Muncher"="c:\program files (x86)\Ad Muncher\AdMunch.exe" [2012-07-29 595144]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\kathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\kathie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 246368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys;c:\windows\SYSNATIVE\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys;c:\windows\SYSNATIVE\drivers\aswFW.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 20:57]
.
2013-07-07 c:\windows\Tasks\HPCeeScheduleForkathie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86c67927-26bc-4919-82e1-cda7eeb6864f}]
2012-08-18 17:02 681328 ----a-w- c:\program files (x86)\2424 Software\FillPerfect\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c3510135-b15c-40b2-956f-8dd8f9363ce5}"= "c:\program files (x86)\2424 Software\FillPerfect\adxloader64.dll" [2012-08-18 681328]
.
[HKEY_CLASSES_ROOT\CLSID\{c3510135-b15c-40b2-956f-8dd8f9363ce5}]
[HKEY_CLASSES_ROOT\FillPerfect.FPToolBar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-13 09:54 244672 ----a-w- c:\users\kathie\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-13 09:54 244672 ----a-w- c:\users\kathie\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-13 09:54 244672 ----a-w- c:\users\kathie\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-24 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\kathie\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\kathie\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: cinemanow.com
Trusted Zone: hp.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\
FF - ExtSQL: 2013-07-04 00:06; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-07-07 02:05; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-10 19:22; addon@defaulttab.com; c:\users\kathie\AppData\Roaming\Mozilla\Firefox\Profiles\xscp0x38.default\extensions\addon@defaulttab.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileAppSync - c:\program files (x86)\Mobile App Sync\D2MClient.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\-b*È;y*]
@="?b?y"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\=^*¤è^*]
@="?^?^"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\G0*èF0*]
@="?0?0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\BioniCare Express Agent\BioniCare Express Agent.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-07-13  04:56:48 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-13 08:56
.
Pre-Run: 385,277,992,960 bytes free
Post-Run: 391,289,180,160 bytes free
.
- - End Of File - - 25091C6496866FB456E9A53D98293D04
D41D8CD98F00B204E9800998ECF8427E
 

 



#15 knotty panda

knotty panda
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:40 PM

Posted 13 July 2013 - 04:37 AM

This is the security alert I am receiving:

 

You are about to leave a secure internet connection.  It will be possible for others to view information you send.  Do you want to continue?

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users