Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender & Microsoft Security Essentials - Not Functioning


  • This topic is locked This topic is locked
14 replies to this topic

#1 ChrisPokorny

ChrisPokorny

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 26 July 2013 - 10:26 AM

Hi,

 

The symptoms I have are very similar to the ones that were in this thread:

 

http://www.bleepingcomputer.com/forums/t/496263/access-is-denied-and-disabled-windows-defender-microsoft-security-essentials/

 

Windows Defender/Microsoft Security Essentials/Forefront Protection have not functioned, presumably do to a trojan (which was removed a month or so ago, and I'm just now addressing the effects it had on these programs). The shortcuts to everything in those folders appears as "C:\Windows\system32\config," and I can't uninstall or do anything to the stuff.

 

Per the advice in the thread above, I ran the Farbar Recovery Scan Tool. Listed below is my pasted log from FRST.txt, and attached is my Addition.txt file. From there, I am hoping someone can help me move on to the next step. Thanks!

 

---

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013
Ran by ChrisP (administrator) on 26-07-2013 11:16:36
Running from C:\Users\ChrisP\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe
(http://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Agent\OcsService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\windows\CCM\CcmExec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Users\ChrisP\AppData\Local\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM-x32\...\Run: [NGTray] - C:\Program Files (x86)\Symantec\Ghost\ngtray.exe [206216 2009-12-24] (Symantec Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\janetb\...\Run: [AdobeBridge] -  [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csuohio.edu/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - DefaultScope {8C2FFDE7-8AFE-4134-ADF5-7434C2FC6FCA} URL = http://findgala.com/?&uid=10083&q={searchTerms}
SearchScopes: HKCU - {8C2FFDE7-8AFE-4134-ADF5-7434C2FC6FCA} URL = http://findgala.com/?&uid=10083&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 137.148.49.12 137.148.49.11 137.148.49.10

FireFox:
========
FF ProfilePath: C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default
FF Homepage: hxxp://csuohio.edu/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_43 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\searchplugins\search.xml
FF Extension: Print pages to PDF - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\printPages2Pdf@reinhold.ripper
FF Extension: Forecastfox - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: FireShot - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: firebug - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: olddefaultimagestyle - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\olddefaultimagestyle@dagger2-addons.mozilla.org.xpi
FF Extension: testpilot - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF StartMenuInternet: FIREFOX.EXE - C:\Users\ChrisP\AppData\Local\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://csuohio.edu/
CHR RestoreOnStartup: "hxxp://csuohio.edu/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\ChrisP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ChrisP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\ChrisP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 CcmExec; C:\windows\CCM\CcmExec.exe [1684848 2012-02-20] (Microsoft Corporation)
S4 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [605040 2012-02-20] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-08-01] (Intel Corporation)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3315080 2008-12-06] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50472 2011-12-06] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50472 2011-12-06] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
R2 NGCLIENT; C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe [607624 2009-12-24] (Symantec Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R2 OCS Inventory; C:\Program Files (x86)\OCS Agent\OcsService.exe [69632 2009-10-27] (http://www.ocsinventory-ng.org)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-07-01] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 smstsmgr; C:\windows\CCM\TSManager.exe [374640 2012-02-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl564.sys [3035648 2010-03-22] (Broadcom Corporation)
S3 johci; C:\Windows\system32\drivers\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NAL; C:\windows\system32\Drivers\iqvw64e.sys [32936 2012-03-06] (Intel Corporation )
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 prepdrvr; C:\windows\CCM\prepdrv.sys [26992 2012-02-20] (Microsoft Corporation)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2614520 2011-04-03] (Sunplus Technology)
S3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [546080 2011-02-03] ()
S3 STHDA; C:\Windows\System32\drivers\stwrt64.sys [385536 2011-08-26] (SigmaTel, Inc.)
S3 wisdpen; C:\Windows\system32\drivers\wisdpen.sys [44200 2009-08-24] (Wacom Technology)
S1 asfuaepj; \??\C:\windows\system32\drivers\asfuaepj.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CAXHWAZL; system32\DRIVERS\CAXHWAZL.sys [x]
U4 eabfiltr;
S3 HSF_DPV; system32\DRIVERS\CAX_DPV.sys [x]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x]
S3 winachsf; system32\DRIVERS\CAX_CNXT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 11:16 - 2013-07-26 11:16 - 01779893 _____ (Farbar) C:\Users\ChrisP\Downloads\FRST64.exe
2013-07-26 11:16 - 2013-07-26 11:16 - 00000000 ____D C:\FRST
2013-07-26 11:03 - 2013-07-26 11:03 - 00003114 _____ C:\windows\System32\Tasks\{5F9660B0-D6CF-4D40-A904-B2CDA6549BAD}
2013-07-24 10:35 - 2013-07-24 10:35 - 13475464 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\mseinstall.exe
2013-07-24 10:22 - 2013-07-24 10:22 - 00001365 _____ C:\Users\ChrisP\Downloads\Windefend.zip
2013-07-24 10:22 - 2013-05-24 16:30 - 00007650 _____ C:\Users\ChrisP\Downloads\Windefend.reg
2013-07-24 10:21 - 2013-07-24 10:21 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298104706243582.3.1.Run.exe
2013-07-24 09:45 - 2013-07-24 09:45 - 00000000 ____D C:\Users\ChrisP\AppData\Local\Avg2013
2013-07-23 11:44 - 2013-07-23 11:44 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298024012640240.2.1.Run.exe
2013-07-15 15:09 - 2013-07-15 15:09 - 87602968 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\msert.exe
2013-07-15 15:06 - 2013-07-15 15:06 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-15 15:06 - 2013-07-15 15:06 - 00000000 ____D C:\ProgramData\McAfee
2013-07-15 15:05 - 2013-07-15 15:05 - 00903080 _____ (Oracle Corporation) C:\Users\ChrisP\Downloads\jxpiinstall.exe
2013-07-11 08:16 - 2013-07-11 08:16 - 00139480 _____ C:\Users\ChrisP\Downloads\shexview_setup.exe
2013-07-11 08:16 - 2013-07-11 08:16 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2013-07-11 08:16 - 2013-07-11 08:16 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-10 12:04 - 2013-07-10 12:04 - 00042439 _____ C:\Users\ChrisP\Downloads\tweed.zip
2013-07-10 12:04 - 2013-07-10 12:04 - 00000000 ____D C:\Users\ChrisP\Downloads\tweed
2013-07-10 12:04 - 2012-07-20 19:34 - 00000220 ____N C:\Users\ChrisP\Downloads\readme.txt
2013-07-09 23:06 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-09 23:06 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-09 23:05 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-09 23:05 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-09 23:04 - 2013-05-29 02:15 - 17829376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-09 23:04 - 2013-05-29 01:50 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-09 23:04 - 2013-05-29 01:43 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-09 23:04 - 2013-05-29 01:36 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-09 23:04 - 2013-05-29 01:35 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-09 23:04 - 2013-05-29 01:34 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-07-09 23:04 - 2013-05-29 01:33 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-09 23:04 - 2013-05-29 01:31 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-09 23:04 - 2013-05-29 01:29 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-09 23:04 - 2013-05-29 01:29 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-07-09 23:04 - 2013-05-29 01:29 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-07-09 23:04 - 2013-05-29 01:27 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-09 23:04 - 2013-05-29 01:27 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-09 23:04 - 2013-05-29 01:25 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-09 23:04 - 2013-05-29 01:25 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-09 23:04 - 2013-05-29 01:18 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-09 23:04 - 2013-05-28 21:56 - 12333568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-09 23:04 - 2013-05-28 21:50 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-09 23:04 - 2013-05-28 21:48 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-09 23:04 - 2013-05-28 21:41 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-07-09 23:04 - 2013-05-28 21:41 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-09 23:04 - 2013-05-28 21:41 - 01104384 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-09 23:04 - 2013-05-28 21:40 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-09 23:04 - 2013-05-28 21:38 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-09 23:04 - 2013-05-28 21:37 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-07-09 23:04 - 2013-05-28 21:36 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-07-09 23:04 - 2013-05-28 21:35 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-09 23:04 - 2013-05-28 21:35 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-09 23:04 - 2013-05-28 21:33 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-09 23:04 - 2013-05-28 21:33 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-09 23:04 - 2013-05-28 21:33 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-09 23:04 - 2013-05-28 21:29 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-09 23:01 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-09 23:00 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-09 23:00 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-09 18:02 - 2013-07-09 18:02 - 00000000 ____D C:\Program Files (x86)\Hyland
2013-07-09 17:35 - 2013-07-09 17:35 - 00000000 ____D C:\Program Files\Windows Firewall Configuration Provider
2013-07-09 17:33 - 2013-07-24 11:02 - 00000581 _____ C:\windows\SMSCFG.ini
2013-07-09 17:33 - 2013-07-09 23:29 - 00000000 ____D C:\windows\CCM
2013-07-09 17:33 - 2013-07-09 18:02 - 00000000 ____D C:\windows\ccmcache
2013-07-09 17:33 - 2013-07-09 17:33 - 00004764 _____ C:\windows\system32\CcmFramework.ini
2013-07-09 17:33 - 2013-07-09 17:33 - 00000621 _____ C:\windows\system32\CcmFramework.h
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\SysWOW64\CCM
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\ms
2013-07-09 17:32 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files\Microsoft Policy Platform
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00434176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00403248 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00353584 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00123392 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00118784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00078848 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00066048 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00063488 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-07-01 10:31 - 2013-07-01 10:32 - 00003113 _____ C:\windows\IE9_main.log
2013-07-01 10:29 - 2010-02-23 04:16 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\browserchoice.exe
2013-06-27 13:50 - 2013-06-27 13:50 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\FireShot
2013-06-26 09:07 - 2013-06-26 09:07 - 00038442 _____ C:\Users\ChrisP\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-06-26 09:06 - 2013-06-26 09:07 - 00012973 _____ C:\Users\ChrisP\Documents\sample-contacts.CSV

==================== One Month Modified Files and Folders =======

2013-07-26 11:16 - 2013-07-26 11:16 - 01779893 _____ (Farbar) C:\Users\ChrisP\Downloads\FRST64.exe
2013-07-26 11:16 - 2013-07-26 11:16 - 00000000 ____D C:\FRST
2013-07-26 11:14 - 2012-08-21 14:27 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 11:04 - 2011-09-08 14:24 - 00000136 _____ C:\windows\system32\config\netlogon.ftl
2013-07-26 11:03 - 2013-07-26 11:03 - 00003114 _____ C:\windows\System32\Tasks\{5F9660B0-D6CF-4D40-A904-B2CDA6549BAD}
2013-07-26 11:03 - 2013-04-09 23:22 - 00000000 ____D C:\Program Files (x86)\OCS Agent
2013-07-26 10:57 - 2013-02-27 10:20 - 01258594 _____ C:\windows\WindowsUpdate.log
2013-07-26 10:39 - 2012-01-12 10:46 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 08:18 - 2013-04-09 23:01 - 00002311 _____ C:\windows\epplauncher.mif
2013-07-26 02:00 - 2013-03-26 11:55 - 00000000 ____D C:\Users\ChrisP\AppData\Local\Adobe
2013-07-25 20:39 - 2012-01-12 10:46 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 13:19 - 2012-08-21 14:37 - 00047555 _____ C:\windows\setupact.log
2013-07-25 08:13 - 2013-05-08 08:38 - 00000000 ____D C:\Users\ChrisP\Documents\CSU
2013-07-24 12:24 - 2013-04-17 08:11 - 00000132 _____ C:\Users\ChrisP\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-24 11:13 - 2009-07-14 00:45 - 00012272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 11:13 - 2009-07-14 00:45 - 00012272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 11:02 - 2013-07-09 17:33 - 00000581 _____ C:\windows\SMSCFG.ini
2013-07-24 11:00 - 2012-01-28 11:26 - 00054126 _____ C:\windows\PFRO.log
2013-07-24 11:00 - 2011-08-22 16:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-24 11:00 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-24 10:35 - 2013-07-24 10:35 - 13475464 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\mseinstall.exe
2013-07-24 10:22 - 2013-07-24 10:22 - 00001365 _____ C:\Users\ChrisP\Downloads\Windefend.zip
2013-07-24 10:21 - 2013-07-24 10:21 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298104706243582.3.1.Run.exe
2013-07-24 10:11 - 2013-03-26 10:33 - 00016464 __RSH C:\Users\ChrisP\ntuser.pol
2013-07-24 10:11 - 2013-03-26 10:33 - 00000000 ____D C:\Users\ChrisP
2013-07-24 09:47 - 2013-07-24 09:45 - 00000000 ____D C:\Users\ChrisP\AppData\Local\Avg2013
2013-07-24 09:47 - 2013-06-24 08:33 - 00000000 ____D C:\ProgramData\MFAData
2013-07-24 09:37 - 2011-09-09 11:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-23 23:03 - 2013-04-08 14:00 - 00000039 _____ C:\windows\vbaddin.ini
2013-07-23 23:03 - 2011-09-09 09:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 23:03 - 2009-07-13 22:34 - 00000478 _____ C:\windows\win.ini
2013-07-23 11:44 - 2013-07-23 11:44 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298024012640240.2.1.Run.exe
2013-07-22 21:45 - 2013-04-04 11:54 - 00000000 ____D C:\Ampps
2013-07-21 14:47 - 2009-07-14 01:32 - 00000000 ____D C:\windows\system32\FxsTmp
2013-07-19 14:41 - 2013-03-26 16:45 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\FileZilla
2013-07-15 15:09 - 2013-07-15 15:09 - 87602968 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\msert.exe
2013-07-15 15:06 - 2013-07-15 15:06 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-15 15:06 - 2013-07-15 15:06 - 00000000 ____D C:\ProgramData\McAfee
2013-07-15 15:06 - 2013-03-26 16:40 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-15 15:06 - 2011-09-09 11:11 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-15 15:06 - 2011-09-09 11:11 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-15 15:06 - 2011-09-09 11:11 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-15 15:06 - 2011-09-09 11:11 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-15 15:06 - 2011-09-09 11:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-15 15:05 - 2013-07-15 15:05 - 00903080 _____ (Oracle Corporation) C:\Users\ChrisP\Downloads\jxpiinstall.exe
2013-07-15 15:00 - 2012-08-21 14:27 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-15 15:00 - 2012-08-21 14:27 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-15 15:00 - 2011-09-09 10:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-15 14:54 - 2013-03-26 16:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-15 14:50 - 2011-08-22 16:39 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-12 20:34 - 2012-01-12 10:46 - 00003900 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 20:34 - 2012-01-12 10:46 - 00003648 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 08:16 - 2013-07-11 08:16 - 00139480 _____ C:\Users\ChrisP\Downloads\shexview_setup.exe
2013-07-11 08:16 - 2013-07-11 08:16 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2013-07-11 08:16 - 2013-07-11 08:16 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-10 12:04 - 2013-07-10 12:04 - 00042439 _____ C:\Users\ChrisP\Downloads\tweed.zip
2013-07-10 12:04 - 2013-07-10 12:04 - 00000000 ____D C:\Users\ChrisP\Downloads\tweed
2013-07-10 00:49 - 2011-08-22 16:51 - 00000000 ____D C:\windows\ccmsetup
2013-07-09 23:29 - 2013-07-09 17:33 - 00000000 ____D C:\windows\CCM
2013-07-09 23:27 - 2013-03-26 16:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-09 23:27 - 2013-03-26 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 23:27 - 2009-07-14 00:45 - 05034984 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-09 23:25 - 2009-07-14 03:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 23:07 - 2009-07-14 01:13 - 00796228 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-09 18:02 - 2013-07-09 18:02 - 00000000 ____D C:\Program Files (x86)\Hyland
2013-07-09 18:02 - 2013-07-09 17:33 - 00000000 ____D C:\windows\ccmcache
2013-07-09 17:35 - 2013-07-09 17:35 - 00000000 ____D C:\Program Files\Windows Firewall Configuration Provider
2013-07-09 17:35 - 2011-09-08 14:26 - 00037874 __RSH C:\ProgramData\ntuser.pol
2013-07-09 17:33 - 2013-07-09 17:33 - 00004764 _____ C:\windows\system32\CcmFramework.ini
2013-07-09 17:33 - 2013-07-09 17:33 - 00000621 _____ C:\windows\system32\CcmFramework.h
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\SysWOW64\CCM
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\ms
2013-07-09 17:32 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files\Microsoft Policy Platform
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-09 09:32 - 2013-06-24 08:35 - 00000972 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-02 09:43 - 2013-05-08 08:34 - 00000000 ____D C:\Users\ChrisP\Documents\Personal
2013-07-01 12:47 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2013-07-01 10:36 - 2013-04-04 14:51 - 00001420 _____ C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-01 10:36 - 2013-03-26 10:33 - 00001454 _____ C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-01 10:34 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00434176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00403248 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00353584 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00123392 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00118784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00078848 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00066048 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00063488 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-07-01 10:32 - 2013-07-01 10:31 - 00003113 _____ C:\windows\IE9_main.log
2013-06-27 16:33 - 2013-04-01 11:32 - 00000000 ____D C:\Users\ChrisP\Documents\Outlook Files
2013-06-27 13:50 - 2013-06-27 13:50 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\FireShot
2013-06-26 09:07 - 2013-06-26 09:07 - 00038442 _____ C:\Users\ChrisP\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-06-26 09:07 - 2013-06-26 09:06 - 00012973 _____ C:\Users\ChrisP\Documents\sample-contacts.CSV

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-07-23 00:13

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 27 July 2013 - 04:20 PM

Hello ChrisPokorny, and welcome to Bleeping Computer! :)

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:
  • Please do not make any changes (installing/uninstalling programs) to the machine without my instruction!
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
==========
 
Your log is similar to the link you gave above, but it is not the same exact issue. It looks like the same infection, just a different, and newer variant.

Let's get another log so I can pinpoint the issue:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
bloopie

Edited by bloopie, 27 July 2013 - 04:28 PM.


#3 ChrisPokorny

ChrisPokorny
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 29 July 2013 - 02:03 PM

I do not have the original Windows CD/DVD. Here is my FRST log, and then the attachment log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 01
Ran by ChrisP (administrator) on 29-07-2013 14:59:05
Running from C:\Users\ChrisP\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Andrea Electronics Corporation) C:\windows\system32\AEADISRV.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(http://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Agent\OcsService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Users\ChrisP\AppData\Local\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\CCM\CcmExec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\windows\CCM\SCNotification.exe
(Adobe Systems, Inc.) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Mozilla Corporation) C:\Users\ChrisP\AppData\Local\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems

Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM-x32\...\Run: [NGTray] - C:\Program Files (x86)\Symantec\Ghost\ngtray.exe [206216 2009-12-24] (Symantec Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27]

(Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe

Systems Incorporated)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems

Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\janetb\...\Run: [AdobeBridge] -  [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://csuohio.edu/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe

Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe

Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 137.148.49.12 137.148.49.11 137.148.49.10

FireFox:
========
FF ProfilePath: C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default
FF SelectedSearchEngine: Twitter
FF Homepage: hxxp://csuohio.edu/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_43 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT

\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

(Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF SearchPlugin: C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\searchplugins\search.xml
FF Extension: Print pages to PDF - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\printPages2Pdf@reinhold.ripper
FF Extension: Forecastfox - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: FireShot - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: firebug - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: olddefaultimagestyle - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\olddefaultimagestyle@dagger2-

addons.mozilla.org.xpi
FF Extension: testpilot - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF StartMenuInternet: FIREFOX.EXE - C:\Users\ChrisP\AppData\Local\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://csuohio.edu/
CHR RestoreOnStartup: "hxxp://csuohio.edu/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}

{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}

{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\ChrisP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ChrisP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\ChrisP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 CcmExec; C:\windows\CCM\CcmExec.exe [1684848 2012-02-20] (Microsoft Corporation)
S4 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [605040 2012-02-20] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-08-01] (Intel Corporation)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3315080 2008-12-06] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50472 2011-12-06] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50472 2011-12-06] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
R2 NGCLIENT; C:\Program Files (x86)\Symantec\Ghost\ngctw32.exe [607624 2009-12-24] (Symantec Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R2 OCS Inventory; C:\Program Files (x86)\OCS Agent\OcsService.exe [69632 2009-10-27] (http://www.ocsinventory-ng.org)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-07-01] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 smstsmgr; C:\windows\CCM\TSManager.exe [374640 2012-02-20] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl564.sys [3035648 2010-03-22] (Broadcom Corporation)
S3 johci; C:\Windows\system32\drivers\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NAL; C:\windows\system32\Drivers\iqvw64e.sys [32936 2012-03-06] (Intel Corporation )
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 prepdrvr; C:\windows\CCM\prepdrv.sys [26992 2012-02-20] (Microsoft Corporation)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2614520 2011-04-03] (Sunplus Technology)
S3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [546080 2011-02-03] ()
S3 STHDA; C:\Windows\System32\drivers\stwrt64.sys [385536 2011-08-26] (SigmaTel, Inc.)
S3 wisdpen; C:\Windows\system32\drivers\wisdpen.sys [44200 2009-08-24] (Wacom Technology)
S1 asfuaepj; \??\C:\windows\system32\drivers\asfuaepj.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CAXHWAZL; system32\DRIVERS\CAXHWAZL.sys [x]
U4 eabfiltr;
S3 HSF_DPV; system32\DRIVERS\CAX_DPV.sys [x]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [x]
S3 winachsf; system32\DRIVERS\CAX_CNXT.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 14:58 - 2013-07-29 14:58 - 00032111 _____ C:\Users\ChrisP\Downloads\Addition.txt
2013-07-29 14:58 - 2013-07-29 14:57 - 01780715 _____ (Farbar) C:\Users\ChrisP\Desktop\FRST64.exe
2013-07-26 11:40 - 2013-07-26 11:40 - 00134512 _____ C:\Users\ChrisP\Downloads\regscanner_setup.exe
2013-07-26 11:40 - 2013-07-26 11:40 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft RegScanner
2013-07-26 11:16 - 2013-07-29 14:57 - 01780715 _____ (Farbar) C:\Users\ChrisP\Downloads\FRST64.exe
2013-07-26 11:16 - 2013-07-26 11:16 - 00000000 ____D C:\FRST
2013-07-26 11:03 - 2013-07-26 11:03 - 00003114 _____ C:\windows\System32\Tasks\{5F9660B0-D6CF-4D40-A904-B2CDA6549BAD}
2013-07-24 10:35 - 2013-07-24 10:35 - 13475464 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\mseinstall.exe
2013-07-24 10:22 - 2013-07-24 10:22 - 00001365 _____ C:\Users\ChrisP\Downloads\Windefend.zip
2013-07-24 10:22 - 2013-05-24 16:30 - 00007650 _____ C:\Users\ChrisP\Downloads\Windefend.reg
2013-07-24 10:21 - 2013-07-24 10:21 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298104706243582.3.1.Run.exe
2013-07-24 09:45 - 2013-07-24 09:47 - 00000000 ____D C:\Users\ChrisP\AppData\Local\Avg2013
2013-07-23 11:44 - 2013-07-23 11:44 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298024012640240.2.1.Run.exe
2013-07-15 15:09 - 2013-07-15 15:09 - 87602968 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\msert.exe
2013-07-15 15:06 - 2013-07-15 15:06 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-15 15:06 - 2013-07-15 15:06 - 00000000 ____D C:\ProgramData\McAfee
2013-07-15 15:05 - 2013-07-15 15:05 - 00903080 _____ (Oracle Corporation) C:\Users\ChrisP\Downloads\jxpiinstall.exe
2013-07-11 08:16 - 2013-07-26 11:40 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-11 08:16 - 2013-07-11 08:16 - 00139480 _____ C:\Users\ChrisP\Downloads\shexview_setup.exe
2013-07-11 08:16 - 2013-07-11 08:16 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2013-07-10 12:04 - 2013-07-10 12:04 - 00042439 _____ C:\Users\ChrisP\Downloads\tweed.zip
2013-07-10 12:04 - 2013-07-10 12:04 - 00000000 ____D C:\Users\ChrisP\Downloads\tweed
2013-07-10 12:04 - 2012-07-20 19:34 - 00000220 ____N C:\Users\ChrisP\Downloads\readme.txt
2013-07-09 23:06 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-09 23:06 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-09 23:05 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-09 23:05 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-09 23:04 - 2013-05-29 02:15 - 17829376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-09 23:04 - 2013-05-29 01:50 - 10926080 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-09 23:04 - 2013-05-29 01:43 - 02312704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-09 23:04 - 2013-05-29 01:36 - 01346560 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-09 23:04 - 2013-05-29 01:35 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-09 23:04 - 2013-05-29 01:34 - 01494528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-07-09 23:04 - 2013-05-29 01:33 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-09 23:04 - 2013-05-29 01:31 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-09 23:04 - 2013-05-29 01:29 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-09 23:04 - 2013-05-29 01:29 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-07-09 23:04 - 2013-05-29 01:29 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-07-09 23:04 - 2013-05-29 01:27 - 02147840 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-09 23:04 - 2013-05-29 01:27 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-09 23:04 - 2013-05-29 01:25 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-09 23:04 - 2013-05-29 01:25 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-09 23:04 - 2013-05-29 01:18 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-09 23:04 - 2013-05-28 21:56 - 12333568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-09 23:04 - 2013-05-28 21:50 - 01800704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-09 23:04 - 2013-05-28 21:48 - 09738752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-09 23:04 - 2013-05-28 21:41 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-07-09 23:04 - 2013-05-28 21:41 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-09 23:04 - 2013-05-28 21:41 - 01104384 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-09 23:04 - 2013-05-28 21:40 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-09 23:04 - 2013-05-28 21:38 - 00065024 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-09 23:04 - 2013-05-28 21:37 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-07-09 23:04 - 2013-05-28 21:36 - 00420864 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-07-09 23:04 - 2013-05-28 21:35 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-09 23:04 - 2013-05-28 21:35 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-09 23:04 - 2013-05-28 21:33 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-09 23:04 - 2013-05-28 21:33 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-09 23:04 - 2013-05-28 21:33 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-09 23:04 - 2013-05-28 21:29 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-09 23:01 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-09 23:00 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-09 23:00 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-09 18:02 - 2013-07-09 18:02 - 00000000 ____D C:\Program Files (x86)\Hyland
2013-07-09 17:35 - 2013-07-09 17:35 - 00000000 ____D C:\Program Files\Windows Firewall Configuration Provider
2013-07-09 17:33 - 2013-07-29 08:24 - 00000581 _____ C:\windows\SMSCFG.ini
2013-07-09 17:33 - 2013-07-09 23:29 - 00000000 ____D C:\windows\CCM
2013-07-09 17:33 - 2013-07-09 18:02 - 00000000 ____D C:\windows\ccmcache
2013-07-09 17:33 - 2013-07-09 17:33 - 00004764 _____ C:\windows\system32\CcmFramework.ini
2013-07-09 17:33 - 2013-07-09 17:33 - 00000621 _____ C:\windows\system32\CcmFramework.h
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\SysWOW64\CCM
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\ms
2013-07-09 17:32 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files\Microsoft Policy Platform
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00434176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00403248 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00353584 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00123392 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00118784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00078848 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00066048 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00063488 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-07-01 10:31 - 2013-07-01 10:32 - 00003113 _____ C:\windows\IE9_main.log
2013-07-01 10:29 - 2010-02-23 04:16 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\browserchoice.exe
160

==================== One Month Modified Files and Folders =======

2013-07-29 14:58 - 2013-07-29 14:58 - 00050542 _____ C:\Users\ChrisP\Downloads\FRST.txt
2013-07-29 14:58 - 2013-07-29 14:58 - 00032111 _____ C:\Users\ChrisP\Downloads\Addition.txt
2013-07-29 14:57 - 2013-07-29 14:58 - 01780715 _____ (Farbar) C:\Users\ChrisP\Desktop\FRST64.exe
2013-07-29 14:57 - 2013-07-26 11:16 - 01780715 _____ (Farbar) C:\Users\ChrisP\Downloads\FRST64.exe
2013-07-29 14:49 - 2013-02-27 10:20 - 01292636 _____ C:\windows\WindowsUpdate.log
2013-07-29 14:39 - 2012-01-12 10:46 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-29 14:14 - 2012-08-21 14:27 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 13:50 - 2013-04-09 23:01 - 00002311 _____ C:\windows\epplauncher.mif
2013-07-29 13:36 - 2011-09-08 14:24 - 00000136 _____ C:\windows\system32\config\netlogon.ftl
2013-07-29 11:55 - 2013-04-01 14:36 - 00002328 ____H C:\Users\ChrisP\Documents\Default.rdp
2013-07-29 08:37 - 2009-07-14 00:45 - 00012272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 08:37 - 2009-07-14 00:45 - 00012272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 08:24 - 2013-07-09 17:33 - 00000581 _____ C:\windows\SMSCFG.ini
2013-07-29 08:22 - 2013-04-09 23:22 - 00000000 ____D C:\Program Files (x86)\OCS Agent
2013-07-29 08:22 - 2012-08-21 14:37 - 00047611 _____ C:\windows\setupact.log
2013-07-29 08:22 - 2012-01-12 10:46 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-29 08:22 - 2011-08-22 16:51 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-29 08:22 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-29 08:21 - 2012-01-28 11:26 - 00068520 _____ C:\windows\PFRO.log
2013-07-29 02:00 - 2013-03-26 11:55 - 00000000 ____D C:\Users\ChrisP\AppData\Local\Adobe
2013-07-26 11:40 - 2013-07-26 11:40 - 00134512 _____ C:\Users\ChrisP\Downloads\regscanner_setup.exe
2013-07-26 11:40 - 2013-07-26 11:40 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft RegScanner
2013-07-26 11:40 - 2013-07-11 08:16 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-07-26 11:16 - 2013-07-26 11:16 - 00000000 ____D C:\FRST
2013-07-26 11:03 - 2013-07-26 11:03 - 00003114 _____ C:\windows\System32\Tasks\{5F9660B0-D6CF-4D40-A904-B2CDA6549BAD}
2013-07-25 08:13 - 2013-05-08 08:38 - 00000000 ____D C:\Users\ChrisP\Documents\CSU
2013-07-24 12:24 - 2013-04-17 08:11 - 00000132 _____ C:\Users\ChrisP\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-24 10:35 - 2013-07-24 10:35 - 13475464 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\mseinstall.exe
2013-07-24 10:22 - 2013-07-24 10:22 - 00001365 _____ C:\Users\ChrisP\Downloads\Windefend.zip
2013-07-24 10:21 - 2013-07-24 10:21 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298104706243582.3.1.Run.exe
2013-07-24 10:11 - 2013-03-26 10:33 - 00016464 __RSH C:\Users\ChrisP\ntuser.pol
2013-07-24 10:11 - 2013-03-26 10:33 - 00000000 ____D C:\Users\ChrisP
2013-07-24 09:47 - 2013-07-24 09:45 - 00000000 ____D C:\Users\ChrisP\AppData\Local\Avg2013
2013-07-24 09:47 - 2013-06-24 08:33 - 00000000 ____D C:\ProgramData\MFAData
2013-07-24 09:37 - 2011-09-09 11:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-23 23:03 - 2013-04-08 14:00 - 00000039 _____ C:\windows\vbaddin.ini
2013-07-23 23:03 - 2011-09-09 09:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-23 23:03 - 2009-07-13 22:34 - 00000478 _____ C:\windows\win.ini
2013-07-23 11:44 - 2013-07-23 11:44 - 00347424 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\MicrosoftFixit.wu.LB.149298024012640240.2.1.Run.exe
2013-07-22 21:45 - 2013-04-04 11:54 - 00000000 ____D C:\Ampps
2013-07-21 14:47 - 2009-07-14 01:32 - 00000000 ____D C:\windows\system32\FxsTmp
2013-07-19 14:41 - 2013-03-26 16:45 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\FileZilla
2013-07-15 15:09 - 2013-07-15 15:09 - 87602968 _____ (Microsoft Corporation) C:\Users\ChrisP\Downloads\msert.exe
2013-07-15 15:06 - 2013-07-15 15:06 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-15 15:06 - 2013-07-15 15:06 - 00000000 ____D C:\ProgramData\McAfee
2013-07-15 15:06 - 2013-03-26 16:40 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-15 15:06 - 2011-09-09 11:11 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-15 15:06 - 2011-09-09 11:11 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-15 15:06 - 2011-09-09 11:11 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-15 15:06 - 2011-09-09 11:11 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-15 15:06 - 2011-09-09 11:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-15 15:05 - 2013-07-15 15:05 - 00903080 _____ (Oracle Corporation) C:\Users\ChrisP\Downloads\jxpiinstall.exe
2013-07-15 15:00 - 2012-08-21 14:27 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-07-15 15:00 - 2012-08-21 14:27 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-07-15 15:00 - 2011-09-09 10:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-15 14:54 - 2013-03-26 16:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-15 14:50 - 2011-08-22 16:39 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-12 20:34 - 2012-01-12 10:46 - 00003900 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 20:34 - 2012-01-12 10:46 - 00003648 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-11 08:16 - 2013-07-11 08:16 - 00139480 _____ C:\Users\ChrisP\Downloads\shexview_setup.exe
2013-07-11 08:16 - 2013-07-11 08:16 - 00000000 ____D C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
2013-07-10 12:04 - 2013-07-10 12:04 - 00042439 _____ C:\Users\ChrisP\Downloads\tweed.zip
2013-07-10 12:04 - 2013-07-10 12:04 - 00000000 ____D C:\Users\ChrisP\Downloads\tweed
2013-07-10 00:49 - 2011-08-22 16:51 - 00000000 ____D C:\windows\ccmsetup
2013-07-09 23:29 - 2013-07-09 17:33 - 00000000 ____D C:\windows\CCM
2013-07-09 23:27 - 2013-03-26 16:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-09 23:27 - 2013-03-26 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 23:27 - 2009-07-14 00:45 - 05034984 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-09 23:25 - 2009-07-14 03:12 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 23:07 - 2009-07-14 01:13 - 00796228 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-09 18:02 - 2013-07-09 18:02 - 00000000 ____D C:\Program Files (x86)\Hyland
2013-07-09 18:02 - 2013-07-09 17:33 - 00000000 ____D C:\windows\ccmcache
2013-07-09 17:35 - 2013-07-09 17:35 - 00000000 ____D C:\Program Files\Windows Firewall Configuration Provider
2013-07-09 17:35 - 2011-09-08 14:26 - 00037874 __RSH C:\ProgramData\ntuser.pol
2013-07-09 17:33 - 2013-07-09 17:33 - 00004764 _____ C:\windows\system32\CcmFramework.ini
2013-07-09 17:33 - 2013-07-09 17:33 - 00000621 _____ C:\windows\system32\CcmFramework.h
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\SysWOW64\CCM
2013-07-09 17:33 - 2013-07-09 17:33 - 00000000 ____D C:\windows\ms
2013-07-09 17:32 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files\Microsoft Policy Platform
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-07-09 09:32 - 2013-07-09 09:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-07-09 09:32 - 2013-06-24 08:35 - 00000972 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-02 09:43 - 2013-05-08 08:34 - 00000000 ____D C:\Users\ChrisP\Documents\Personal
2013-07-01 12:47 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2013-07-01 10:36 - 2013-04-04 14:51 - 00001420 _____ C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-01 10:36 - 2013-03-26 10:33 - 00001454 _____ C:\Users\ChrisP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-01 10:34 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 03695416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-07-01 10:32 - 2013-07-01 10:32 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00434176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00403248 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-07-01 10:32 - 2013-07-01 10:32 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00353584 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00267776 _____ (Microsoft Corporation) C:\windows\system32\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieaksie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00203776 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\ieakui.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00152064 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00130560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieakeng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00123392 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00118784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00101888 _____ (Microsoft Corporation) C:\windows\SysWOW64\admparse.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00078848 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00074752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ie4uinit.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00066048 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00063488 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-07-01 10:32 - 2013-07-01 10:32 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00031744 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-07-01 10:32 - 2013-07-01 10:32 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-07-01 10:32 - 2013-07-01 10:32 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-07-01 10:32 - 2013-07-01 10:31 - 00003113 _____ C:\windows\IE9_main.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-07-23 00:13

==================== End Of Log ============================

 

Attached Files



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 29 July 2013 - 03:40 PM

Hello again,

That's interesting...I see the effects of the ZeroAccess rootkit on your machine, but I do not see it as an active infection. So let's just remove the symbolic links created by the malware, then let me know how things are running afterwards.

Note: Windows Defender is disabled by MSE by default so just let me know if MSE is running after the below instructions:

Step :step1:

Download attached Attached File  fixlist.txt   133bytes   6 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warned you about the outdated version please download and run the updated version.

==========

Step :step2:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

==========

Please post both requested logs in your next reply and let me know if MSE is running now!

bloopie



#5 ChrisPokorny

ChrisPokorny
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 30 July 2013 - 07:36 AM

Regarding the ZeroAccess thing, yes, I was pretty sure that I had cleaned it off the machine over a month ago. I just had never even recognized that there were side effects from it on MSE until a couple of days ago. I ran your fix log and MSE started as soon as I rebooted. Looks great! Here are the two logs you requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by ChrisP at 2013-07-30 08:19:34 Run:1
Running from C:\Users\ChrisP\Desktop
Boot Mode: Normal
==============================================

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\AMEventConsumer_Cleanup.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\AmMonitoringInstall.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\AMMonitoringProvider.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\AmStatusInstall.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\CleanUpPolicy.xml" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\ClientWMIInstall.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DcmNotifier.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FepUnregister.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FirewallConfigurationNamespace.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FirewallConfigurationProfile.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FirewallConfigurationProvider.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FirewallConfigurationRule.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FirewallConfigurationUninstall.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FirewallStateInstall.mof" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\FirewallStateProvider.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpProvider.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Failed to delete reparsepoint.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\WindowsFirewallConfigurationProvider.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.


The system needs a manual reboot.

==== End of Fixlog ====

 

Farbar Service Scanner Version: 26-07-2013
Ran by ChrisP (administrator) on 30-07-2013 at 08:31:14
Running from "C:\Users\ChrisP\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

 



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 30 July 2013 - 12:54 PM

Hello again,
 
I see, okay. Let's see if we can't get your services back up to speed.==========

Once that's done, run a fresh scan with FSS and post the new log in your reply.

bloopie

Edited by bloopie, 30 July 2013 - 12:58 PM.
Fixed Link


#7 ChrisPokorny

ChrisPokorny
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 30 July 2013 - 02:01 PM

FYI, your link didn't work, but I believe I found the correct link here. I downloaded and ran that, and it gave a message that services were repaired (or something to that effect), and then rebooted. I ran FSS again after the reboot. Nothing in the log seemed to change, but here it is:

 

Farbar Service Scanner Version: 26-07-2013
Ran by ChrisP (administrator) on 30-07-2013 at 14:53:07
Running from "C:\Users\ChrisP\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 30 July 2013 - 02:59 PM

Hello again,

Sorry about the link...instead of fixing it, I broke it. You ran the correct link, and also correct there is no change to the log.

Could you double check for me that your System Restore is not on...if it is indeed not on, please turn it on and let me know if that was successful.

Now we'll run a couple of more scans below to check for leftovers:

==========

Step :step1:

I see you have Malwarebytes Antimalware (AKA MBAM) installed. Could you please update that, then run a Full System Scan and post the resultant log for me in your next reply.

==========

Step :step2:

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

==========

Please post both requested logs in your next reply, let me know if you had any problems, and let me know if there are any remaining issues with your machine!

bloopie



#9 ChrisPokorny

ChrisPokorny
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 31 July 2013 - 10:23 AM

System restore was not on. I went in and turned it on, which it seemed to do fine. Everything has been running smoothly. Here are the logs:

 

-----------------

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.30.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ChrisP :: CP-8000 [administrator]

7/30/2013 4:12:11 PM
mbam-log-2013-07-30 (16-12-11).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 523353
Time elapsed: 45 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

---------------

From ESET:

 

C:\Users\ChrisP\Downloads\FreemakeVideoConverterSetup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
E:\Websites\Archives\SP\secured\default.php    PHP/Obfuscated.F application    cleaned by deleting - quarantined

 



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 31 July 2013 - 02:00 PM

Hello again,

Looking pretty good! Let's just do some final scans for adware/junkwares:

Step :step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========
 
Step :step2:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

==========

Please post both requested logs in your next reply!

bloopie



#11 ChrisPokorny

ChrisPokorny
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 31 July 2013 - 02:22 PM

Here are the two log files:

 

# AdwCleaner v2.306 - Logfile created 07/31/2013 at 15:10:27
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : ChrisP - CP-8000
# Boot Mode : Normal
# Running from : C:\Users\ChrisP\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\searchplugins\search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

File : C:\Users\ChrisP\AppData\Roaming\Mozilla\Firefox\Profiles\jgtyp64u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\ChrisP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1783 octets] - [31/07/2013 15:10:27]

########## EOF - C:\AdwCleaner[S1].txt - [1843 octets] ##########
 

---------------------

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Professional x64
Ran by ChrisP on Wed 07/31/2013 at 15:16:57.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ChrisP\AppData\Roaming\mozilla\firefox\profiles\jgtyp64u.default\minidumps [61 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/31/2013 at 15:19:59.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 31 July 2013 - 05:43 PM

Hello again,

Excellent! :) Now for some updates and then we'll finish up!!

Step :step1:

Please go to your Add/Remove programs list under "Programs and Features", and uninstall the following two:

Java™ 6 Update 27 (x32 Version: 6.0.270)
Java™ 6 Update 43 (64-bit) (Version: 6.0.430)


Then reboot the computer!

==========

Step :step2:

Your version of Internet Explorer is outdated.

==========

Step :step3:

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

==============================

Your machine appears to be clean! :thumbsup:

Let's do some housekeeping now:



The following steps will implement some cleanup procedures. This will also remove some of the tools we have used during the cleanup process:

Step :step4:

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

==========


Step :step5:

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg
  • Then Click the big CleanUp.jpg
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

==========

Step :step6:

Download and Run TFC:

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
Double-click on TFC.exe to run it. If you are using Vista/7, right-click on the file and choose Run as Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
    Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

==============================

Any programs and logs that are left over you can just delete from the desktop.

 

Also, at this point please make sure you have at least one restore point in System Restore...if there are none, please create one now. Name it something you can remember, like "Bleeping Computer Cleanup" or other.


Are you having any additional problems at this point? If so, please let me know. Otherwise feel free to enjoy use of your repaired machine :thumbup2:


Useful information!
Below is some more information and useful tools and tips about how to keep your computer safe in the future.



The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. you can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

Please respond to this post so I can close the thread unless you have any other questions.


Best of regards, and happy surfing!! :wink:

bloopie



#13 ChrisPokorny

ChrisPokorny
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 02 August 2013 - 03:57 PM

Thanks for all of the assistance. I won't have a chance to do this stuff on the computer until next week, but you can close this thread, as I'm sure I can walk through the rest of your step-by-step guide fine!



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 02 August 2013 - 04:14 PM

Hello again,
 
It was my pleasure! Thank you for visiting Bleeping Computer!
 
If you have any problems with the instructions, feel free to shoot me a PM informing me of such. :)

 

Best Regards,

 

bloopie



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:31 AM

Posted 02 August 2013 - 04:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users