Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
13 replies to this topic

#1 cindi1972

cindi1972

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 09 August 2013 - 01:11 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:01:01 AM, on 8/9/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Fast Free Converter 4.1 - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Cartwheel - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Users\fam\AppData\Roaming\Cartwheel\Cartwheel.dll
O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKLM\..\Run: [Anvi AD Blocker] "C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" -tray
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8BA6129-A5DB-4A8A-B8F6-21270B830E5D}: NameServer = 75.75.75.75,75.75.76.76
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
O23 - Service: Adblocker Monitor Service (AdblockerSrv) - Unknown owner - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastFreeConverterUpdt - Unknown owner - C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 16686 bytes
 

Thank you!!!



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 10 August 2013 - 09:38 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean! 

  • Please do not run any scans or install/uninstall any applications without being directed to do so.

  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also, please let me know what symptoms your computer has that makes you believe it is infected.

Edited by RPMcMurphy, 10 August 2013 - 09:39 AM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:24 PM

Posted 10 August 2013 - 09:38 AM

Sorry posted after RP.

Edited by nasdaq, 10 August 2013 - 12:15 PM.


#4 cindi1972

cindi1972
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 10 August 2013 - 12:11 PM

RP, Thanks so much and btw, love "One Flew Over the Cuckoo's Nest"

 

The reason I think my computer is infected is that when we type a website into the browser bar or click on something from Google, it redirects us to another site completely.  I have run some scans and it has gotten better, but it is still happening.

 

Anyway, Here are the Addition scan results:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2013
Ran by fam at 2013-08-10 12:48:44
Running from C:\Users\fam\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Amazing Adventures The Lost Tomb (x32 Version: 2.2.0.98)
AntiLogger SDK version 1.5.6.849 (x32 Version: 1.5.6.849)
Anvi AD Blocker 2.1 (x32 Version: 2.1)
Anvi Smart Defender 1.9.1 (x32 Version: 1.9.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Avery Wizard 4.0 (x32 Version: 4.0.201)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82)
Blackhawk Striker 2 (x32 Version: 2.2.0.82)
Blasterball 3 (x32 Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (x32 Version: 2.2.0.82)
Cake Mania (x32 Version: 2.2.0.82)
Canon IJ Network Scan Utility (x32)
Canon IJ Network Tool (x32 Version: 3.1.1)
Canon MX340 series MP Drivers
Cartwheel Shopping (x32 Version: 1.1.0.1405)
Chuzzle Deluxe (x32 Version: 2.2.0.82)
CinemaNow Media Manager (x32 Version: 1.9.1.105)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Constant Guard Protection Suite (x32 Version: 1.13.506.2)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2712)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82)
Dora's Carnival Adventure (x32 Version: 2.2.0.82)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715)
eaner (Version: 4.03)
Escape Rosecliff Island (x32 Version: 2.2.0.82)
Escape Rosecliff Island (x32)
Faerie Solitaire (x32 Version: 2.2.0.82)
Fast Free Converter (x32 Version: 4.1)
FATE (x32 Version: 2.2.0.82)
Google Chrome (x32 Version: 28.0.1500.95)
Google Drive (x32 Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
Hardware Diagnostic Tools (Version: 6.0.5418.39)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hidden Path of Faery (x32 Version: 3.0.2.32)
HiJackThis (x32 Version: 1.0.0)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.0.80)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)
HP MediaSmart DVD (x32 Version: 4.0.3902)
HP MediaSmart Music (x32 Version: 4.0.3910)
HP MediaSmart Photo (x32 Version: 4.0.3911)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (x32 Version: 4.0.3911)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.2.0)
HP Odometer (x32 Version: 2.10.0000)
HP Setup (x32 Version: 1.2.4048.3310)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.002.003.003)
Hulu Desktop (HKCU Version: 0.9.11)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Quest 3 (x32 Version: 2.2.0.82)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82)
Junk Mail filter update (x32 Version: 14.0.8089.726)
LabelPrint (x32 Version: 2.5.2610)
LightScribe System Software (x32 Version: 1.18.11.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.287.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Drivers (Version: 1.10)
NVIDIA ForceWare Network Access Manager (x32 Version: 1.00.7324.0)
Penguins! (x32 Version: 2.2.0.82)
PhotoNow! (x32 Version: 1.1.6904)
PictureMover (x32 Version: 3.3.1.19)
Plants vs. Zombies (x32 Version: 2.2.0.82)
Plants vs. Zombies (x32)
Plants vs. Zombies™ (x32 Version: 32.0.0.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Playtopus (HKCU)
Poker Superstars III (x32 Version: 2.2.0.82)
Polar Bowler (x32 Version: 2.2.0.82)
Polar Golfer (x32 Version: 2.2.0.82)
Power2Go (x32 Version: 6.1.3810)
PowerDirector (x32 Version: 8.0.2704)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6053)
Recovery Manager (x32 Version: 5.5.2719)
Roxio CinemaNow 2.0 (x32 Version: 1.0.262)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Strongvault Online Backup (x32 Version: 2.1.4.0)
TextTwist 2 (x32 Version: 2.2.0.82)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Families (x32 Version: 2.2.0.82)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82)
Wheel of Fortune 2 (x32 Version: 2.2.0.82)
WildTangent Games (x32 Version: 1.0.4.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.20)
WildTangent Games App (x32 Version: 4.0.10.2)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Zuma's Revenge (x32 Version: 2.2.0.82)
 
==================== Restore Points  =========================
 
30-07-2013 11:12:12 Windows Update
06-08-2013 13:16:25 Windows Update
09-08-2013 05:47:04 Installed HiJackThis
09-08-2013 14:49:35 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2012-12-05 11:12 - 00444933 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0436DD40-2C1A-4524-8E11-A773AFDCD8AC} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.)
Task: {177AC1B2-0136-4C67-8E55-A7CFE4CDC1AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {37928D49-4874-4E31-B9B6-D1AFAE0E4564} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {3DD00004-755F-42DD-AA2D-BC182D8CABB3} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe No File
Task: {432508DD-063F-444C-9B61-929B320488AA} - System32\Tasks\{0915BE85-5992-4749-B339-9275F281FAEB} => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-23] (CANON INC.)
Task: {4BEC2A96-CC8A-4EBF-9733-6B79AC23594A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4C587A9B-AB66-40B6-8341-3C2B7BA1473F} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()
Task: {5777048F-48CC-4977-9ACD-56C7694BB01F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {6525823F-6967-4272-8C84-24A47FF5A788} - System32\Tasks\{EDD81E31-5F6B-4B0C-B308-0BAC80AFF3CF} => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-23] (CANON INC.)
Task: {6BC2F3A9-3DAA-4C97-B611-7BBFC2090F15} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2012-12-17] (Apple Inc.)
Task: {6E878A56-E430-41A8-9F2B-D067AEA72729} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: {78875735-9691-4B92-901C-DF39EF2342A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-07-29] (Hewlett-Packard)
Task: {897F8350-B029-453E-8481-297920695B4A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe No File
Task: {967A71FB-AA0E-4E17-9336-EE26BCE6E7F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-24] (Adobe Systems Incorporated)
Task: {9AD94CBF-6F31-40E4-984C-A19D1A29648D} - System32\Tasks\Playtopus Updater => C:\Windows\SysWOW64\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {A97A7CC9-B292-4A49-AFC4-AFA91AED899A} - System32\Tasks\User_Feed_Synchronization-{01A2AA51-1D0E-4EDF-B14B-74EFB85DA661} => C:\Windows\system32\msfeedssync.exe [2013-05-31] (Microsoft Corporation)
Task: {C180DA23-2035-4DDF-8A46-84CE534D75FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {CE38D9B8-33E6-4C82-B7A8-D747C1E6485A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {D5F3D1B1-5F07-4F56-A876-84529DE08C35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-08-06] (Microsoft)
Task: {DC638330-1D01-4793-9D67-F0AA8D5D464B} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] ()
Task: {E88D7ED2-E00D-4D9B-B7A7-962D7F3A77EF} - System32\Tasks\HPCeeScheduleForfam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {EA6C8493-E258-4C1C-BD5E-9119EBA05517} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EC756A46-CEF7-40EF-A049-FD4EE7A9B861} - System32\Tasks\HPCeeScheduleForFAM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {F71143E0-C68D-45B4-BC01-4A4B6A37F48C} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {FFA12B5C-F60C-4A2A-A332-989187CFABD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFAM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForfam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\Playtopus Updater.job => C:\Users\fam\AppData\Local\PLAYTO~1\Updater.dll
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2013 00:30:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6038
 
Error: (08/10/2013 00:30:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6038
 
Error: (08/10/2013 00:30:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/10/2013 00:30:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039
 
Error: (08/10/2013 00:30:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039
 
Error: (08/10/2013 00:30:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/10/2013 00:30:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4041
 
Error: (08/10/2013 00:30:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4041
 
Error: (08/10/2013 00:30:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/10/2013 00:30:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042
 
 
System errors:
=============
Error: (08/10/2013 00:44:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (08/10/2013 11:17:08 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (08/09/2013 11:45:27 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (08/09/2013 09:32:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (08/09/2013 04:44:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (08/09/2013 01:17:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (08/09/2013 00:18:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (08/09/2013 01:44:46 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (08/08/2013 11:50:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
 
Error: (08/08/2013 05:11:05 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (08/10/2013 00:30:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6038
 
Error: (08/10/2013 00:30:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6038
 
Error: (08/10/2013 00:30:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/10/2013 00:30:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039
 
Error: (08/10/2013 00:30:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039
 
Error: (08/10/2013 00:30:19 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/10/2013 00:30:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4041
 
Error: (08/10/2013 00:30:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4041
 
Error: (08/10/2013 00:30:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/10/2013 00:30:17 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3042
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 3839.3 MB
Available physical RAM: 2345.51 MB
Total Pagefile: 7676.79 MB
Available Pagefile: 4604.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:454.12 GB) (Free:364.85 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.54 GB) (Free:1.41 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3B52F0F3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Here are the first scan results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by fam (administrator) on 10-08-2013 12:48:03
Running from C:\Users\fam\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [SMessaging] -  [x]
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-06] (Google Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59872 2012-12-17] (Apple Inc.)
HKCU\...\Run: [UpdateMyDrivers] - C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe [2390648 2013-07-11] ()
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Anvi Smart Defender] - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe [1603816 2013-07-21] (Anvisoft)
HKLM-x32\...\Run: [Anvi AD Blocker] - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe [1236688 2013-06-05] (Anvisoft)
HKLM-x32\...\Run: [SMessaging] -  [x]
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL [85304 2013-03-07] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL [78136 2013-03-07] (Zemana Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {7E231C2B-5D25-4DC7-A51F-6FE877585ADD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {7E231C2B-5D25-4DC7-A51F-6FE877585ADD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {70D7966E-ACF9-45E2-9036-B7FC79DED182} URL = http://search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {7E231C2B-5D25-4DC7-A51F-6FE877585ADD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {846CF497-9840-42D4-85A4-F05F4C922A08} URL = http://www.mysearchresults.com/search?&c=2653&t=03&q={searchTerms}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Fast Free Converter 4.1 - {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (Fast Free Converter)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Cartwheel - {B50DF051-E1D4-439C-B94E-F4DE82B56542} - C:\Users\fam\AppData\Roaming\Cartwheel\Cartwheel.dll (Cartwheel, Inc.)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky)
BHO-x32: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A8BA6129-A5DB-4A8A-B8F6-21270B830E5D}: [NameServer]75.75.75.75,75.75.76.76
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] C:\Program Files\Updater By SweetPacks\Firefox
 
Chrome: 
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR HKLM-x32\...\Chrome\Extension: [aaaanpaddaaoffccehffldolecpkgpej] - C:\Users\fam\AppData\Local\APN\GoogleCRXs\aaaanpaddaaoffccehffldolecpkgpej_7.17.6.0.crx
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AdblockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [315600 2013-06-05] ()
R2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [742120 2013-07-21] (Anvisoft)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [502888 2010-01-04] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [234776 2012-09-11] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-04] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-05-24] (Zemana Ltd.)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-05-24] (Zemana Ltd.)
R2 asdnet; C:\Windows\system32\DRIVERS\asdnet.sys [19280 2012-09-07] ()
R2 asdnet; C:\Windows\system32\DRIVERS\asdnet.sys [19280 2012-09-07] ()
R1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
R2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()
R2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [17232 2012-11-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-19] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-19] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25784 2013-03-07] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-10 12:47 - 2013-08-10 12:47 - 00000000 ____D C:\FRST
2013-08-10 12:46 - 2013-08-10 12:46 - 01230570 _____ (Farbar) C:\Users\fam\Downloads\FRST.exe
2013-08-09 11:05 - 2013-08-09 11:05 - 00041713 _____ C:\Users\fam\Desktop\Ness's Crockpot Lasagna Recipe.htm
2013-08-09 11:05 - 2013-08-09 11:05 - 00000000 ____D C:\Users\fam\Desktop\Ness's Crockpot Lasagna Recipe_files
2013-08-09 02:13 - 2013-08-09 02:13 - 00016688 _____ C:\Users\fam\Desktop\hijackthis 2.txt
2013-08-09 02:01 - 2013-08-09 02:01 - 00016688 _____ C:\Users\fam\Desktop\hijackthis.log
2013-08-09 01:47 - 2013-08-09 01:47 - 00002965 _____ C:\Users\fam\Desktop\HiJackThis.lnk
2013-08-09 01:47 - 2013-08-09 01:47 - 00000000 ____D C:\Users\fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-08-09 01:47 - 2013-08-09 01:47 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-09 01:46 - 2013-08-09 01:46 - 01402880 _____ C:\Users\fam\Downloads\HiJackThis.msi
2013-08-08 20:05 - 2013-08-08 20:05 - 00000336 _____ C:\Windows\PFRO.log
2013-08-08 17:06 - 2013-08-08 17:07 - 00010499 _____ C:\AdwCleaner[S1].txt
2013-08-08 17:05 - 2013-08-08 17:05 - 00010460 _____ C:\AdwCleaner[R1].txt
2013-08-08 17:04 - 2013-08-08 17:04 - 00666633 _____ C:\Users\fam\Downloads\AdwCleaner.exe
2013-08-08 17:01 - 2013-08-08 17:02 - 00003792 _____ C:\Users\fam\Desktop\Rkill.txt
2013-08-08 17:01 - 2013-08-08 17:01 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\fam\Downloads\rkill64.com
2013-08-08 17:01 - 2013-08-08 17:01 - 00000000 ____D C:\Users\fam\Desktop\rkill
2013-08-08 17:00 - 2013-08-08 17:00 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\fam\Downloads\rkill.com
2013-08-08 14:54 - 2013-08-10 00:05 - 00000336 _____ C:\Windows\setupact.log
2013-08-08 14:54 - 2013-08-08 14:54 - 00000000 _____ C:\Windows\setuperr.log
2013-08-08 01:50 - 2013-08-08 01:50 - 00001466 _____ C:\Users\Public\Desktop\Anvi AD Blocker.lnk
2013-08-08 01:50 - 2013-08-08 01:50 - 00001150 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-08-08 01:50 - 2013-08-08 01:50 - 00000000 ____D C:\Users\fam\AppData\Roaming\Anvisoft
2013-08-08 01:50 - 2013-08-08 01:50 - 00000000 ____D C:\ProgramData\Anvisoft
2013-08-08 01:50 - 2013-08-08 01:50 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-08-08 01:50 - 2012-11-07 03:16 - 00023376 _____ (Anvisoft) C:\Windows\system32\Drivers\asdrs.sys
2013-08-08 01:50 - 2012-11-07 03:16 - 00018768 _____ (Anvisoft) C:\Windows\system32\Drivers\asdrm.sys
2013-08-08 01:50 - 2012-11-07 03:16 - 00017232 _____ C:\Windows\system32\Drivers\asdws.sys
2013-08-08 01:50 - 2012-09-07 01:52 - 00019280 _____ C:\Windows\system32\Drivers\asdnet.sys
2013-08-08 01:49 - 2013-08-08 01:49 - 25865008 _____ C:\Users\fam\Downloads\asdsetup (1).exe
2013-08-08 01:48 - 2013-08-08 01:49 - 25865008 _____ C:\Users\fam\Downloads\asdsetup.exe
2013-08-06 19:01 - 2013-08-06 19:01 - 00004403 _____ C:\Windows\wininit.ini
2013-08-06 13:48 - 2013-08-06 13:48 - 01192567 _____ C:\Users\fam\Downloads\Unconfirmed 58057.crdownload
2013-07-28 20:48 - 2013-07-28 20:48 - 00039237 _____ C:\Users\fam\Desktop\Fibromyalgia Network » Letter to Normals » Print.mht
2013-07-27 16:57 - 2013-07-27 16:58 - 00000000 ____D C:\ProgramData\PopCap Games
2013-07-27 16:57 - 2013-07-27 16:57 - 42735328 _____ C:\Users\fam\Downloads\PlantsVsZombiesSetup_20120812.exe
2013-07-27 16:57 - 2013-07-27 16:57 - 42735328 _____ C:\Users\fam\Downloads\PlantsVsZombiesSetup_20120812 (1).exe
2013-07-27 16:57 - 2013-07-27 16:57 - 00001279 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2013-07-27 16:57 - 2013-07-27 16:57 - 00000199 _____ C:\Users\Public\Desktop\Play More Great Games!.url
2013-07-27 16:57 - 2013-07-27 16:57 - 00000000 ____D C:\ProgramData\PopCapY
2013-07-27 16:57 - 2013-07-27 16:57 - 00000000 ____D C:\Program Files (x86)\PopCap Games
2013-07-27 16:35 - 2013-07-27 16:35 - 00001861 _____ C:\Users\Public\Desktop\Shockwave Games.lnk
2013-07-27 16:35 - 2013-07-27 16:35 - 00001141 _____ C:\Users\Public\Desktop\Plants vs Zombies.lnk
2013-07-27 16:35 - 2013-07-27 16:35 - 00000000 ____D C:\Program Files (x86)\Shockwave.com
2013-07-27 16:34 - 2013-07-27 16:34 - 38888816 _____ C:\Users\fam\Downloads\InstallPlantsVsZombies.exe
2013-07-27 16:32 - 2013-07-27 16:32 - 00002027 _____ C:\WildTangent Games App - hp.lnk
2013-07-24 09:06 - 2013-07-24 09:06 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\Program Files\iTunes
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\Program Files\iPod
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-24 09:00 - 2013-07-24 09:01 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-24 09:00 - 2013-07-24 09:00 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-19 18:09 - 2013-07-19 18:09 - 00001975 _____ C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2013-07-19 18:09 - 2013-07-19 18:09 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2013-07-19 18:09 - 2011-01-06 13:07 - 00102400 _____ (CANON INC.) C:\Windows\SysWOW64\CNC340U.dll
2013-07-19 18:09 - 2009-10-19 16:29 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC340L.dll
2013-07-19 18:09 - 2009-06-23 14:35 - 00014592 _____ C:\Windows\SysWOW64\CNC1741D.TBL
2013-07-19 18:09 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-07-19 18:08 - 2013-07-19 18:08 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-07-19 18:07 - 2013-07-19 18:07 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-19 18:06 - 2013-07-19 18:06 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (8).exe
2013-07-19 18:03 - 2013-08-03 01:58 - 00000000 ____D C:\Users\fam\Desktop\BRIJOBS current
2013-07-19 18:03 - 2013-07-19 18:04 - 00000000 ____D C:\Users\fam\Desktop\fibro pics
2013-07-19 18:02 - 2013-07-19 18:02 - 00003705 _____ C:\Users\fam\Desktop\newfolder.reg
2013-07-19 17:55 - 2013-07-19 17:55 - 01955497 _____ C:\Users\fam\Desktop\Cannot create new folder in Windows 7.htm
2013-07-19 17:55 - 2013-07-19 17:55 - 00000000 ____D C:\Users\fam\Desktop\Cannot create new folder in Windows 7_files
2013-07-19 08:58 - 2013-07-19 08:58 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-19 08:58 - 2013-07-19 08:58 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-19 08:58 - 2013-07-19 08:58 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-19 08:35 - 2013-07-19 08:35 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (7).exe
2013-07-19 08:34 - 2013-07-19 08:34 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (6).exe
2013-07-19 08:34 - 2013-07-19 08:34 - 00495576 _____ C:\Users\fam\Desktop\Canon U.S.A.   Support & Drivers   PIXMA MX340.htm
2013-07-19 08:34 - 2013-07-19 08:34 - 00000000 ____D C:\Users\fam\Desktop\Canon U.S.A.   Support & Drivers   PIXMA MX340_files
2013-07-19 08:29 - 2013-07-19 08:29 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (5).exe
2013-07-19 08:25 - 2013-07-19 08:25 - 00002998 _____ C:\Windows\System32\Tasks\{EDD81E31-5F6B-4B0C-B308-0BAC80AFF3CF}
2013-07-19 08:25 - 2013-07-19 08:25 - 00002998 _____ C:\Windows\System32\Tasks\{0915BE85-5992-4749-B339-9275F281FAEB}
2013-07-19 08:13 - 2013-07-19 08:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-19 08:13 - 2013-07-19 08:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-19 08:13 - 2013-07-19 08:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-19 08:13 - 2013-07-19 08:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-19 08:01 - 2013-07-19 08:01 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (4).exe
2013-07-18 18:26 - 2013-07-18 18:26 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (3).exe
2013-07-18 16:00 - 2013-07-18 16:00 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (2).exe
2013-07-18 16:00 - 2013-07-18 16:00 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (1).exe
2013-07-18 15:04 - 2013-07-19 18:09 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-18 15:02 - 2013-07-18 15:02 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24.exe
2013-07-18 14:59 - 2013-07-18 14:59 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-07-18 14:59 - 2013-07-18 14:59 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-07-18 14:58 - 2013-07-19 07:56 - 00000000 ____D C:\Users\fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2013-07-18 14:58 - 2013-07-18 14:58 - 03459040 _____ C:\Users\fam\Downloads\UpdateMyDrivers (2).exe
2013-07-18 14:58 - 2013-07-18 14:58 - 00000000 ____D C:\Program Files (x86)\SmartTweak
2013-07-18 14:56 - 2013-07-18 14:56 - 03459024 _____ C:\Users\fam\Downloads\UpdateMyDrivers.exe
2013-07-18 14:56 - 2013-07-18 14:56 - 03459024 _____ C:\Users\fam\Downloads\UpdateMyDrivers (1).exe
2013-07-18 14:54 - 2013-07-18 14:54 - 01899088 _____ (InstallX, LLC) C:\Users\fam\Downloads\7zip_bimo_d154539.exe
2013-07-18 14:54 - 2013-07-18 14:54 - 01899088 _____ (InstallX, LLC) C:\Users\fam\Downloads\7zip_bimo_d154539 (1).exe
2013-07-12 19:05 - 2013-07-12 19:05 - 00000000 ____D C:\Program Files (x86)\GUMF076.tmp
2013-07-12 03:09 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 03:09 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 03:09 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 03:09 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 03:09 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 03:09 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 03:09 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 03:09 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 03:09 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 03:09 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 03:09 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 03:09 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 03:09 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 03:09 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 03:09 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 03:09 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 03:09 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 03:09 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 03:09 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 03:09 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 03:08 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 03:08 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 03:08 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 03:08 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 07:32 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:32 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:32 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 07:32 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:32 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 07:32 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 07:32 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
 
==================== One Month Modified Files and Folders =======
 
2013-08-10 12:47 - 2013-08-10 12:47 - 01790633 _____ (Farbar) C:\Users\fam\Downloads\FRST64.exe
2013-08-10 12:47 - 2013-08-10 12:47 - 00000000 ____D C:\FRST
2013-08-10 12:47 - 2012-11-06 22:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-08-10 12:46 - 2013-08-10 12:46 - 01230570 _____ (Farbar) C:\Users\fam\Downloads\FRST.exe
2013-08-10 12:44 - 2012-12-21 07:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-10 12:22 - 2012-11-06 22:37 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-10 12:10 - 2013-02-22 18:46 - 00000342 _____ C:\Windows\Tasks\Playtopus Updater.job
2013-08-10 11:46 - 2013-01-12 03:29 - 00000000 ____D C:\Users\fam\AppData\Roaming\ID Vault
2013-08-10 11:18 - 2012-11-06 22:25 - 01837566 _____ C:\Windows\WindowsUpdate.log
2013-08-10 00:05 - 2013-08-08 14:54 - 00000336 _____ C:\Windows\setupact.log
2013-08-09 17:33 - 2012-11-10 19:32 - 00000000 ____D C:\Users\fam\AppData\Roaming\.minecraft
2013-08-09 17:22 - 2012-11-06 22:37 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 11:05 - 2013-08-09 11:05 - 00041713 _____ C:\Users\fam\Desktop\Ness's Crockpot Lasagna Recipe.htm
2013-08-09 11:05 - 2013-08-09 11:05 - 00000000 ____D C:\Users\fam\Desktop\Ness's Crockpot Lasagna Recipe_files
2013-08-09 10:43 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 10:43 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 10:38 - 2012-11-06 22:31 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForfam
2013-08-09 10:38 - 2012-11-06 22:31 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForfam.job
2013-08-09 02:13 - 2013-08-09 02:13 - 00016688 _____ C:\Users\fam\Desktop\hijackthis 2.txt
2013-08-09 02:01 - 2013-08-09 02:01 - 00016688 _____ C:\Users\fam\Desktop\hijackthis.log
2013-08-09 01:47 - 2013-08-09 01:47 - 00002965 _____ C:\Users\fam\Desktop\HiJackThis.lnk
2013-08-09 01:47 - 2013-08-09 01:47 - 00000000 ____D C:\Users\fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-08-09 01:47 - 2013-08-09 01:47 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-08-09 01:46 - 2013-08-09 01:46 - 01402880 _____ C:\Users\fam\Downloads\HiJackThis.msi
2013-08-08 23:50 - 2012-11-16 16:32 - 00000000 ___SD C:\Users\fam\Google Drive
2013-08-08 20:05 - 2013-08-08 20:05 - 00000336 _____ C:\Windows\PFRO.log
2013-08-08 20:05 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 17:18 - 2012-12-14 09:05 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{01A2AA51-1D0E-4EDF-B14B-74EFB85DA661}
2013-08-08 17:07 - 2013-08-08 17:06 - 00010499 _____ C:\AdwCleaner[S1].txt
2013-08-08 17:05 - 2013-08-08 17:05 - 00010460 _____ C:\AdwCleaner[R1].txt
2013-08-08 17:04 - 2013-08-08 17:04 - 00666633 _____ C:\Users\fam\Downloads\AdwCleaner.exe
2013-08-08 17:02 - 2013-08-08 17:01 - 00003792 _____ C:\Users\fam\Desktop\Rkill.txt
2013-08-08 17:01 - 2013-08-08 17:01 - 01036416 _____ (Bleeping Computer, LLC) C:\Users\fam\Downloads\rkill64.com
2013-08-08 17:01 - 2013-08-08 17:01 - 00000000 ____D C:\Users\fam\Desktop\rkill
2013-08-08 17:00 - 2013-08-08 17:00 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\fam\Downloads\rkill.com
2013-08-08 14:54 - 2013-08-08 14:54 - 00000000 _____ C:\Windows\setuperr.log
2013-08-08 14:52 - 2012-11-06 22:25 - 00000000 ____D C:\Users\fam
2013-08-08 14:51 - 2013-04-30 11:39 - 00000000 ____D C:\Users\fam\AppData\Local\Strongvault Online Backup
2013-08-08 01:50 - 2013-08-08 01:50 - 00001466 _____ C:\Users\Public\Desktop\Anvi AD Blocker.lnk
2013-08-08 01:50 - 2013-08-08 01:50 - 00001150 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-08-08 01:50 - 2013-08-08 01:50 - 00000000 ____D C:\Users\fam\AppData\Roaming\Anvisoft
2013-08-08 01:50 - 2013-08-08 01:50 - 00000000 ____D C:\ProgramData\Anvisoft
2013-08-08 01:50 - 2013-08-08 01:50 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-08-08 01:49 - 2013-08-08 01:49 - 25865008 _____ C:\Users\fam\Downloads\asdsetup (1).exe
2013-08-08 01:49 - 2013-08-08 01:48 - 25865008 _____ C:\Users\fam\Downloads\asdsetup.exe
2013-08-08 01:47 - 2012-11-07 09:29 - 00000000 ____D C:\Users\fam\AppData\Local\CrashDumps
2013-08-07 15:31 - 2012-12-05 15:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-07 15:31 - 2012-11-12 13:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-07 15:31 - 2012-11-06 22:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-07 15:30 - 2012-11-12 13:27 - 00000000 ____D C:\Users\fam\AppData\Roaming\HP Support Assistant
2013-08-07 15:30 - 2012-11-07 23:54 - 00000000 ____D C:\Users\fam\AppData\Roaming\HpUpdate
2013-08-06 19:01 - 2013-08-06 19:01 - 00004403 _____ C:\Windows\wininit.ini
2013-08-06 13:48 - 2013-08-06 13:48 - 01192567 _____ C:\Users\fam\Downloads\Unconfirmed 58057.crdownload
2013-08-04 15:53 - 2012-11-07 08:50 - 00015110 _____ C:\Users\fam\AppData\Roaming\wklnhst.dat
2013-08-04 15:52 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-04 10:09 - 2012-11-28 15:18 - 00003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFAM-HP$
2013-08-04 10:09 - 2012-11-28 15:18 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForFAM-HP$.job
2013-08-03 01:58 - 2013-07-19 18:03 - 00000000 ____D C:\Users\fam\Desktop\BRIJOBS current
2013-08-01 12:15 - 2012-11-06 22:39 - 00002064 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-01 00:54 - 2012-11-06 22:26 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-07-28 20:48 - 2013-07-28 20:48 - 00039237 _____ C:\Users\fam\Desktop\Fibromyalgia Network » Letter to Normals » Print.mht
2013-07-27 16:58 - 2013-07-27 16:57 - 00000000 ____D C:\ProgramData\PopCap Games
2013-07-27 16:57 - 2013-07-27 16:57 - 42735328 _____ C:\Users\fam\Downloads\PlantsVsZombiesSetup_20120812.exe
2013-07-27 16:57 - 2013-07-27 16:57 - 42735328 _____ C:\Users\fam\Downloads\PlantsVsZombiesSetup_20120812 (1).exe
2013-07-27 16:57 - 2013-07-27 16:57 - 00001279 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2013-07-27 16:57 - 2013-07-27 16:57 - 00000199 _____ C:\Users\Public\Desktop\Play More Great Games!.url
2013-07-27 16:57 - 2013-07-27 16:57 - 00000000 ____D C:\ProgramData\PopCapY
2013-07-27 16:57 - 2013-07-27 16:57 - 00000000 ____D C:\Program Files (x86)\PopCap Games
2013-07-27 16:35 - 2013-07-27 16:35 - 00001861 _____ C:\Users\Public\Desktop\Shockwave Games.lnk
2013-07-27 16:35 - 2013-07-27 16:35 - 00001141 _____ C:\Users\Public\Desktop\Plants vs Zombies.lnk
2013-07-27 16:35 - 2013-07-27 16:35 - 00000000 ____D C:\Program Files (x86)\Shockwave.com
2013-07-27 16:34 - 2013-07-27 16:34 - 38888816 _____ C:\Users\fam\Downloads\InstallPlantsVsZombies.exe
2013-07-27 16:32 - 2013-07-27 16:32 - 00002027 _____ C:\WildTangent Games App - hp.lnk
2013-07-27 16:32 - 2012-11-10 21:49 - 00002526 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2013-07-27 16:32 - 2012-11-10 21:48 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-07-24 09:06 - 2013-07-24 09:06 - 00001745 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\Program Files\iTunes
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\Program Files\iPod
2013-07-24 09:06 - 2013-07-24 09:06 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-24 09:01 - 2013-07-24 09:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-24 09:00 - 2013-07-24 09:00 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-24 08:57 - 2012-12-21 07:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 08:57 - 2012-12-21 07:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 08:57 - 2012-12-21 07:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-19 18:09 - 2013-07-19 18:09 - 00001975 _____ C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2013-07-19 18:09 - 2013-07-19 18:09 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2013-07-19 18:09 - 2013-07-18 15:04 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-19 18:09 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2013-07-19 18:08 - 2013-07-19 18:08 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-07-19 18:07 - 2013-07-19 18:07 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-19 18:06 - 2013-07-19 18:06 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (8).exe
2013-07-19 18:04 - 2013-07-19 18:03 - 00000000 ____D C:\Users\fam\Desktop\fibro pics
2013-07-19 18:02 - 2013-07-19 18:02 - 00003705 _____ C:\Users\fam\Desktop\newfolder.reg
2013-07-19 17:55 - 2013-07-19 17:55 - 01955497 _____ C:\Users\fam\Desktop\Cannot create new folder in Windows 7.htm
2013-07-19 17:55 - 2013-07-19 17:55 - 00000000 ____D C:\Users\fam\Desktop\Cannot create new folder in Windows 7_files
2013-07-19 08:58 - 2013-07-19 08:58 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-19 08:58 - 2013-07-19 08:58 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-19 08:58 - 2013-07-19 08:58 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-19 08:58 - 2013-03-23 12:33 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-19 08:58 - 2012-11-06 22:37 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-19 08:58 - 2012-11-06 22:37 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-19 08:57 - 2012-11-06 22:37 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-19 08:53 - 2009-07-24 15:22 - 00000000 ____D C:\Windows\Panther
2013-07-19 08:51 - 2013-04-04 17:26 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-19 08:51 - 2013-04-04 17:26 - 00000000 ____D C:\Program Files\CCleaner
2013-07-19 08:35 - 2013-07-19 08:35 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (7).exe
2013-07-19 08:34 - 2013-07-19 08:34 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (6).exe
2013-07-19 08:34 - 2013-07-19 08:34 - 00495576 _____ C:\Users\fam\Desktop\Canon U.S.A.   Support & Drivers   PIXMA MX340.htm
2013-07-19 08:34 - 2013-07-19 08:34 - 00000000 ____D C:\Users\fam\Desktop\Canon U.S.A.   Support & Drivers   PIXMA MX340_files
2013-07-19 08:29 - 2013-07-19 08:29 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (5).exe
2013-07-19 08:25 - 2013-07-19 08:25 - 00002998 _____ C:\Windows\System32\Tasks\{EDD81E31-5F6B-4B0C-B308-0BAC80AFF3CF}
2013-07-19 08:25 - 2013-07-19 08:25 - 00002998 _____ C:\Windows\System32\Tasks\{0915BE85-5992-4749-B339-9275F281FAEB}
2013-07-19 08:13 - 2013-07-19 08:13 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-19 08:13 - 2013-07-19 08:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-19 08:13 - 2013-07-19 08:13 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-19 08:13 - 2013-07-19 08:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-19 08:13 - 2012-11-10 19:31 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-19 08:13 - 2012-11-10 19:31 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-19 08:01 - 2013-07-19 08:01 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (4).exe
2013-07-19 07:58 - 2012-11-06 22:32 - 00000000 ___RD C:\Users\fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-19 07:56 - 2013-07-18 14:58 - 00000000 ____D C:\Users\fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2013-07-18 18:26 - 2013-07-18 18:26 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (3).exe
2013-07-18 16:00 - 2013-07-18 16:00 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (2).exe
2013-07-18 16:00 - 2013-07-18 16:00 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24 (1).exe
2013-07-18 15:02 - 2013-07-18 15:02 - 32902288 _____ C:\Users\fam\Downloads\mp68-win-mx340-1_05-ea24.exe
2013-07-18 14:59 - 2013-07-18 14:59 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-07-18 14:59 - 2013-07-18 14:59 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-07-18 14:58 - 2013-07-18 14:58 - 03459040 _____ C:\Users\fam\Downloads\UpdateMyDrivers (2).exe
2013-07-18 14:58 - 2013-07-18 14:58 - 00000000 ____D C:\Program Files (x86)\SmartTweak
2013-07-18 14:56 - 2013-07-18 14:56 - 03459024 _____ C:\Users\fam\Downloads\UpdateMyDrivers.exe
2013-07-18 14:56 - 2013-07-18 14:56 - 03459024 _____ C:\Users\fam\Downloads\UpdateMyDrivers (1).exe
2013-07-18 14:54 - 2013-07-18 14:54 - 01899088 _____ (InstallX, LLC) C:\Users\fam\Downloads\7zip_bimo_d154539.exe
2013-07-18 14:54 - 2013-07-18 14:54 - 01899088 _____ (InstallX, LLC) C:\Users\fam\Downloads\7zip_bimo_d154539 (1).exe
2013-07-12 19:05 - 2013-07-12 19:05 - 00000000 ____D C:\Program Files (x86)\GUMF076.tmp
2013-07-12 17:17 - 2012-11-06 22:37 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 17:17 - 2012-11-06 22:37 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 03:32 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 03:32 - 2013-03-13 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 03:32 - 2009-07-14 00:45 - 00446944 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 03:30 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 03:30 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 03:30 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 03:14 - 2012-11-07 10:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 03:12 - 2009-07-14 01:13 - 00739906 _____ C:\Windows\system32\PerfStringBackup.INI
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-23 18:25
 
==================== End Of Log ============================


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 11 August 2013 - 08:55 AM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

icon11.gif   Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please include the following in your next post:
  • MBAR log(s)
  • JRT log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 cindi1972

cindi1972
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 11 August 2013 - 09:38 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16635
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.812000 GHz
Memory total: 4025802752, free: 2498539520
 
Downloaded database version: v2013.08.11.06
Initializing...
------------ Kernel report ------------
     08/11/2013 17:41:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\asdrm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\??\C:\Windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\DRIVERS\asdnet.sys
\??\C:\Windows\system32\DRIVERS\asdrs.sys
\??\C:\Windows\system32\DRIVERS\asdws.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004bc4790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8004bc3060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80045f4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000057\
Lower Device Object: 0xfffffa80041b2060
Lower Device Driver Name: \Driver\nvstor64\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80045f4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80045f4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80045f4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003687e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80041b2060, DeviceName: \Device\00000057\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3B52F0F3
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206911  Numsec = 952367041
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 952573952  Numsec = 24197120
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004bc4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004bb8470, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004bc4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004bc3060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16635
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.812000 GHz
Memory total: 4025802752, free: 2972348416
 
Initializing...
------------ Kernel report ------------
     08/11/2013 20:49:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\asdrm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\??\C:\Windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\DRIVERS\asdnet.sys
\??\C:\Windows\system32\DRIVERS\asdrs.sys
\??\C:\Windows\system32\DRIVERS\asdws.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\normaliz.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004bc4790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8004bc3060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80045f4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000057\
Lower Device Object: 0xfffffa80041b2060
Lower Device Driver Name: \Driver\nvstor64\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80045f4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80045f4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80045f4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003687e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80041b2060, DeviceName: \Device\00000057\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3B52F0F3
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206911  Numsec = 952367041
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 952573952  Numsec = 24197120
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004bc4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004bb8470, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004bc4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004bc3060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.3 (08.11.2013:2)
OS: Windows 7 Home Premium x64
Ran by fam on Sun 08/11/2013 at 21:38:27.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70D7966E-ACF9-45E2-9036-B7FC79DED182}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7E231C2B-5D25-4DC7-A51F-6FE877585ADD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{846CF497-9840-42D4-85A4-F05F4C922A08}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D99917A5-FB04-4215-82C3-A2C0AF575490}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7E231C2B-5D25-4DC7-A51F-6FE877585ADD}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Public\Desktop\play more great games!.url"
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\fam\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\fam\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\fam\appdata\locallow\fast free converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter"
Successfully deleted: [Folder] "C:\Users\fam\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/11/2013 at 21:50:10.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 12 August 2013 - 08:35 AM

Are you still having issues with redirects?  Please do this next:

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • MBAM log(s)
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 cindi1972

cindi1972
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 14 August 2013 - 03:07 AM

RP,

Thank you so much.  It SEEMS to be fixed since the MBAR and JRT round.  Seems like the hijacking is done.  Should I continue?

Cindi



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 14 August 2013 - 09:55 PM

Yes, please continue with the last instructions I posted.  I want to make sure we have it all cleaned up before I let you go.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 cindi1972

cindi1972
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 16 August 2013 - 05:09 PM

Thanks, RP.  Here are the scans:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.16.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

fam :: FAM-HP [administrator]

 

8/16/2013 9:03:58 AM

mbam-log-2013-08-16 (09-03-58).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 704336

Time elapsed: 1 hour(s), 24 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

C:\ProgramData\Spybot - Search & Destroy\Recovery\InstallDomaIQ12.zip         Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\InstallDomaIQ2.zip           Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\InstallDomaIQ3.zip           Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\InstallDomaIQ7.zip           Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\InstallDomaIQ8.zip           Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro10.zip      Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro11.zip      Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro5.zip        Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro6.zip        Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro7.zip        Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro8.zip        Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro9.zip        Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip             Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM11.zip   Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM12.zip   Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM14.zip   Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM149.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM150.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM18.zip   Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM23.zip   Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM235.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM26.zip   Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM9.zip     Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\InstallDomaIQ12.zip    Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\InstallDomaIQ2.zip       Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\InstallDomaIQ3.zip       Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\InstallDomaIQ7.zip       Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\InstallDomaIQ8.zip       Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro10.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro11.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro5.zip    Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro6.zip    Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro7.zip    Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro8.zip    Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro9.zip    Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip        Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM11.zip              Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM12.zip              Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM14.zip              Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM149.zip            Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM150.zip            Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM18.zip              Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM23.zip              Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM235.zip            Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM26.zip              Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM9.zip Win32/Bagle.gen.zip worm

C:\Users\fam\AppData\Local\Playtopus\Uninstaller.dll probably a variant of Win32/Adware.GPMXMRD application

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\392218c0-3c80a644          multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\3c5c990a-25688c8f         multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\35b1f4b-5c72deda         a variant of Java/Exploit.Agent.OFX trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\25da6a50-7ef278d4       multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\34628090-1262e45d       a variant of Java/Exploit.CVE-2013-0422.CF trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\756bd1d0-3d768c53      multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\76c02fd1-42fe9952        Java/Exploit.Agent.OXM trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1f3752d2-1f2d56ef        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1dd87c53-7862fdfc        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3d63eb02-50258c5f          multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5a9bfa82-13398155          multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\9aa1fd4-101f24cc           multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\64baec97-778f9cb3        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5c5dae18-2a758de8      multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\3a32b919-28d39b8b      Java/Exploit.Agent.NTW trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6a1e2e5a-7545166d      multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\303c125b-5f745915        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\34cfb79c-6ed3753a        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\78060820-68abdc2e       multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\21619721-1767eebd      multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7be41ae1-1b0354f6       multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\617e1d64-79a70915       multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\12ceabe6-43f0aeba       multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5bdc8f2a-643f6247        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1399ca2d-6b9faf8b        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\8744d6d-16499920         a variant of Java/Exploit.Agent.OFX trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\3fca1a6e-412d6ab7       a variant of Java/Exploit.CVE-2013-0422.CF trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c9512ae-4ab60463       multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\478c4e6f-50539bc0        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5fcc186f-62e63b87         Java/Exploit.Agent.ODM trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6ea8baaf-4ca778c4        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\43f2c70-7a432b2e          Java/Exploit.CVE-2012-1723.GE trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4ee95af1-42549a0f        multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\14570df9-32862583        a variant of Java/Exploit.Agent.OLK trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\23e0147a-7b501f78       multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5944fe06-7a739c93          a variant of Java/Exploit.Agent.OLK trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\12d94ebd-101c7b4e      multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\10fe86ff-460725d6         multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\325ed9c7-616a0e2f          Java/Exploit.Agent.NME trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\508dae48-7e8af33a         multiple threats

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\5d5438c9-509014db         Java/Exploit.Agent.NMB trojan

C:\Users\fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\75966249-50581ee3         multiple threats

C:\Users\fam\Documents\ApnStub.exe              a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\fam\Downloads\7zip_bimo_d154539 (1).exe  a variant of Win32/InstallIQ.A application

C:\Users\fam\Downloads\7zip_bimo_d154539.exe        a variant of Win32/InstallIQ.A application

C:\Users\fam\Downloads\Fishdom_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 16 August 2013 - 07:43 PM

Most of those ESET detections are already in Spybot Search & Destroy's quarantine, this will remove the remaining,active threats:

icon11.gif  Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Delete the following tools along with any other logs you saved from our work:
  • FRST (You may also delete the c:\FRST folder)
  • MBAR
  • JRT

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 cindi1972

cindi1972
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 August 2013 - 12:50 AM

RP,

I gave it a few days to make sure.  Other than one page loading SEVERAL times the first day, everything has been great.  Thank you so very much for all of your help!

Cindi



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 21 August 2013 - 08:33 PM

You're welcome, Cindi.  Take care.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 24 August 2013 - 11:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users