Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64bit home edition with trojan.gen2 and zeroaccess virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 miker21468

miker21468

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 13 August 2013 - 10:50 PM

I an running Windows 7 64bit home edition. ILast nigh all the web pages I tried to get to were being redirected. I am not able to log into my email account or facebook. I am not able to download much. sometimes it lets me but usually virus deletes file not sure what to do. Can anyone clue me in. Can someone who has had this problem and gotten rid of it let reply and point me in the right direction. Thanks for your help. 

 

Michael

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 PM

Posted 14 August 2013 - 01:20 AM





Hello Michael

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 miker21468

miker21468
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 14 August 2013 - 01:54 AM

I was not able to turn on my firewall. virus has disabled it and is blocking me from turning it on

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013
Ran by Anne (administrator) on 13-08-2013 23:36:59
Running from C:\Users\Anne\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
() C:\Users\Anne\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\workspaceupdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Dropbox, Inc.) C:\Users\Anne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKCU\...\Run: [CubeDesktop] -  [x]
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Starfield Updater] - C:\Program Files (x86)\Workspace\WorkspaceUpdate.exe [35008 2013-07-17] (Starfield Technologies)
HKCU\...\Run: [wben] - "C:\Users\Anne\AppData\Local\Workspace\wben.exe" [x]
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2013-01-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [97280 2009-07-13] ()
Startup: C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Anne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=e36c14fd-1e48-46fa-b7ff-56c92c1611ea&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutBtD0C0FtAtDyBzztDyCyE0E0DyEyEtCtN0D0Tzu0CtByDzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=178619892
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -  No File
BHO-x32: No Name - {F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} -  No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\jeonnqu2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @starfield.com/off - C:\Users\Anne\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 - C:\Users\Anne\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Users\Anne\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 - C:\Users\Anne\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: gamevenus.com/CertifiedBrowser - C:\Users\Anne\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\npCertifiedBrowser.dll (GVU Technologies)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml
FF Extension: No Name - C:\Users\Anne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [savevalet@savevalet.com] C:\Program Files (x86)\SaveValet\extension.xpi
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe [143928 2012-10-10] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
R2 YouTubeDownloaderConverter; C:\Users\Anne\AppData\Roaming\GVU Technologies\Free YouTube Downloader Converter\CertifiedBrowserService.exe [104448 2013-07-12] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{ee52991a-16b7-dcc5-f1c0-a9a42cad7aa2}\   \...\???\{ee52991a-16b7-dcc5-f1c0-a9a42cad7aa2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-01] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-01] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-12] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-13] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-13] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-07-12] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130813.001\IDSvia64.sys [513184 2013-07-12] (Symantec Corporation)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130813.009\ENG64.SYS [126040 2013-07-13] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130813.009\ENG64.SYS [126040 2013-07-13] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130813.009\EX64.SYS [2098776 2013-07-13] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130813.009\EX64.SYS [2098776 2013-07-13] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS [37496 2012-05-24] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-02-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [432800 2012-07-22] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
S1 sdpiosys; \SystemRoot\system32\drivers\sdpiosys.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-13 23:30 - 2013-08-13 23:30 - 00019752 _____ C:\Users\Anne\Desktop\dds.txt
2013-08-13 23:30 - 2013-08-13 23:30 - 00014591 _____ C:\Users\Anne\Desktop\attach.txt
2013-08-13 23:26 - 2013-08-13 23:23 - 00688992 ____R (Swearware) C:\Users\Anne\Desktop\dds.com
2013-08-13 20:02 - 2013-08-13 20:02 - 00048397 _____ C:\Users\Anne\Downloads\FRST.txt
2013-08-13 20:01 - 2013-08-13 20:02 - 00033368 _____ C:\Users\Anne\Downloads\Addition.txt
2013-08-13 19:05 - 2013-08-13 19:05 - 00000000 ____D C:\FRST
2013-08-13 19:04 - 2013-08-13 19:04 - 01575544 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2013-08-13 07:52 - 2013-08-13 07:52 - 01066648 _____ C:\Users\Anne\Downloads\Firefox_Setup.exe
2013-08-13 07:52 - 2013-08-13 07:52 - 01066648 _____ C:\Users\Anne\Downloads\Firefox_Setup(1).exe
2013-08-13 05:38 - 2013-08-13 05:38 - 00003240 _____ C:\{90938ABB-87DB-4028-AA2B-74411ED12E22}
2013-08-13 05:35 - 2013-08-13 05:35 - 00004360 _____ C:\{401F4424-E32D-49AF-B493-42A8A77D88FB}
2013-08-13 04:48 - 2013-08-13 04:48 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-13 04:16 - 2013-08-13 04:16 - 14563135 _____ C:\Users\Anne\Downloads\AdobeExchange.zxp
2013-08-13 04:12 - 2013-08-13 04:12 - 00000750 _____ C:\Users\Public\Desktop\FlexiLayouts 2 PRO Editor.lnk
2013-08-13 04:12 - 2013-08-13 04:12 - 00000000 ____D C:\Users\Anne\AppData\Roaming\com.extend.csslayoutspro
2013-08-13 04:07 - 2013-08-13 04:07 - 30434257 _____ C:\Users\Anne\Downloads\FlexiLayoutsPro_2.2.42.zip
2013-08-13 04:07 - 2013-06-19 09:31 - 00000000 ____D C:\Users\Anne\Desktop\FlexiLayoutsPro_2.2.42
2013-08-13 01:56 - 2013-08-13 01:56 - 00000083 _____ C:\Users\Anne\Downloads\ftpclient.php
2013-08-12 16:39 - 2013-08-12 16:39 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 4
2013-08-12 16:24 - 2013-08-12 16:24 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 3
2013-08-12 13:37 - 2013-08-12 13:43 - 00005895 _____ C:\Users\Anne\Desktop\CSS3 Menu.css3prj
2013-08-12 13:32 - 2013-08-12 13:32 - 00001191 _____ C:\Users\Anne\Documents\CSS3 Menu.html
2013-08-12 13:32 - 2013-08-12 13:32 - 00000000 ____D C:\Users\Anne\Documents\CSS3 Menu_files
2013-08-12 13:31 - 2013-08-12 13:31 - 00000717 _____ C:\Users\Public\Desktop\Css3 Menu.lnk
2013-08-12 13:29 - 2013-08-12 13:30 - 22702316 _____ C:\Users\Anne\Desktop\css3menu-setup.zip
2013-08-12 07:53 - 2013-08-12 07:53 - 317591552 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand (1).wav
2013-08-12 07:53 - 2013-08-12 07:53 - 02836168 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand (1).wav.gpk
2013-08-12 05:59 - 2013-08-12 16:27 - 00000000 ____D C:\Users\Anne\Desktop\flash
2013-08-12 05:51 - 2013-08-12 05:51 - 00000000 ____D C:\Users\Anne\Desktop\Unnamed Site 7
2013-08-12 05:43 - 2013-08-13 05:03 - 00000000 ____D C:\Users\Anne\Desktop\3Dmus3
2013-08-12 05:40 - 2013-08-12 05:40 - 09957462 _____ C:\Users\Anne\Desktop\3Dmus3.zip
2013-08-12 05:36 - 2013-08-13 04:35 - 00000000 ____D C:\Users\Anne\Desktop\caurina
2013-08-12 05:36 - 2011-05-31 16:01 - 00000000 ____D C:\Users\Anne\Desktop\photos
2013-08-12 05:29 - 2013-08-12 05:29 - 03707248 _____ C:\Users\Anne\Desktop\flashmo_247_3d_touch_ring.zip
2013-08-11 07:51 - 2013-08-13 18:21 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-08-06 03:27 - 2013-08-06 03:27 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Utherverse
2013-08-06 03:26 - 2013-08-06 03:26 - 00001335 _____ C:\Users\Anne\Desktop\Red Light Center 3D Client.lnk
2013-08-06 03:26 - 2013-08-06 03:26 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-06 03:26 - 2013-08-06 03:26 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-06 03:26 - 2013-08-06 03:26 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Light Center 3D Client
2013-08-06 03:19 - 2013-08-06 03:19 - 00000000 ____D C:\Program Files (x86)\Utherverse Digital Inc
2013-08-06 03:18 - 2013-08-06 03:18 - 16810608 _____ C:\Users\Anne\Downloads\RedLightCenterSetup.exe
2013-08-05 20:01 - 2013-08-05 20:10 - 00000181 _____ C:\Windows\ODBC.INI
2013-08-05 19:35 - 2013-08-05 19:35 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Subversion
2013-08-05 12:41 - 2013-08-05 12:41 - 00000000 _____ C:\Users\Anne\Downloads\script.sql
2013-08-05 12:32 - 2013-08-05 12:32 - 00000000 ____D C:\Users\Anne\AppData\Roaming\com.adobe.amp
2013-08-05 12:14 - 2013-08-05 12:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-05 12:14 - 2013-08-05 12:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-05 12:13 - 2013-08-05 12:13 - 18066392 _____ (Adobe Systems Inc.) C:\Users\Anne\Downloads\AdobeAIRInstaller.exe
2013-08-05 12:11 - 2013-08-05 12:12 - 37039616 _____ C:\Users\Anne\Downloads\jQuery_XPOSEGallery_PRO_1.1.4.82.zip
2013-08-05 11:55 - 2013-08-05 11:55 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 5
2013-08-05 11:49 - 2013-08-05 11:50 - 00000000 ____D C:\Users\Anne\Desktop\New Folder
2013-08-05 11:49 - 2013-08-05 11:49 - 04476508 _____ C:\Users\Anne\Downloads\wordpress-3.6.zip
2013-08-05 05:32 - 2013-08-09 01:18 - 00000000 ____D C:\Users\Anne\Desktop\Unnamed Site 4
2013-08-05 03:05 - 2013-08-05 03:05 - 00000000 ____D C:\Windows\Sun
2013-08-05 03:05 - 2013-08-05 03:05 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Sun
2013-08-05 03:03 - 2013-08-05 03:03 - 00127075 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-08-05 03:03 - 2013-08-05 03:03 - 00049262 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\jpicpl32.cpl
2013-08-05 03:03 - 2013-08-05 03:03 - 00049247 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-08-05 03:03 - 2013-08-05 03:03 - 00049245 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-08-05 00:46 - 2013-08-05 00:46 - 00001113 _____ C:\Users\Public\Desktop\NETGEAR WNA1100 Genie.lnk
2013-08-05 00:44 - 2013-08-05 00:44 - 00000000 ____D C:\Users\Anne\Downloads\NETGEAR
2013-07-31 16:39 - 2013-07-31 16:40 - 495903544 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand - Side B.wav
2013-07-31 16:38 - 2013-07-31 16:40 - 04428240 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand - Side B.wav.gpk
2013-07-31 15:45 - 2013-08-13 05:05 - 00000000 ____D C:\Users\Anne\Desktop\Unnamed Site 3
2013-07-30 22:28 - 2013-07-30 22:29 - 04993024 _____ C:\Users\Anne\Downloads\standalone.msi
2013-07-30 05:40 - 2013-08-13 17:51 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DDC762DC-AF44-4C24-9414-4178C2A42C87}
2013-07-29 02:37 - 2013-08-13 18:21 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-07-27 22:54 - 2013-07-22 18:58 - 257604504 _____ C:\Users\Anne\Documents\DJ_AIO_NonNet_Full_Win_WW_130_140.exe
2013-07-27 18:02 - 2013-07-27 18:02 - 00002677 _____ C:\Users\Public\Desktop\Free YouTube Downloader Converter.lnk
2013-07-27 18:02 - 2013-07-27 18:02 - 00000000 ____D C:\Users\Anne\AppData\Roaming\GVU Technologies
2013-07-27 18:00 - 2013-07-27 18:23 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-27 17:55 - 2013-07-27 17:55 - 00000000 ____D C:\ProgramData\xml_param
2013-07-27 17:52 - 2013-07-27 17:58 - 00000000 ____D C:\ProgramData\Wondershare Player
2013-07-27 17:52 - 2013-07-27 17:52 - 00000000 ____D C:\Users\Anne\AppData\Local\Wondershare
2013-07-27 17:52 - 2013-07-27 17:52 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-07-27 17:51 - 2013-07-27 17:58 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-07-27 17:51 - 2013-07-27 17:55 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
2013-07-27 17:51 - 2013-07-27 17:51 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
2013-07-27 17:50 - 2013-07-27 17:51 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2013-07-27 17:49 - 2013-07-27 17:50 - 00712480 _____ (Wondershare) C:\Users\Anne\Downloads\Inst_youtube-downloader_full235.exe
2013-07-27 13:33 - 2013-07-31 01:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 15:39 - 2013-08-13 17:47 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-07-26 15:39 - 2013-08-13 17:47 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-07-26 03:13 - 2013-07-26 03:14 - 00284526 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-24 03:00 - 2013-07-24 03:01 - 00285270 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-24 03:00 - 2013-07-24 03:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-22 21:53 - 2013-07-22 21:53 - 00864375 _____ C:\Users\Anne\Downloads\15.zip
2013-07-22 21:08 - 2013-07-22 21:08 - 01542057 _____ C:\Users\Anne\Downloads\5.rar
2013-07-22 19:12 - 2013-07-22 19:25 - 00003372 _____ C:\Windows\SysWOW64\TEST.log
2013-07-22 19:08 - 2013-07-22 19:08 - 07210800 _____ C:\Users\Anne\Downloads\1.rar
2013-07-22 19:07 - 2013-07-22 19:07 - 03709144 _____ C:\Users\Anne\Downloads\index.rar
2013-07-22 18:56 - 2013-07-22 19:14 - 00000000 ____D C:\Users\Anne\AppData\Roaming\HP
2013-07-22 18:56 - 2013-07-22 18:56 - 00000000 ____D C:\ProgramData\WEBREG
2013-07-22 18:54 - 2013-07-22 18:54 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-07-22 18:50 - 2013-07-22 18:56 - 00169820 _____ C:\Windows\hpoins14.dat
2013-07-22 18:50 - 2013-07-22 18:56 - 00000821 _____ C:\ProgramData\hpzinstall.log
2013-07-22 18:50 - 2009-10-07 19:00 - 00001498 ____N C:\Windows\hpomdl14.dat
2013-07-22 18:50 - 2009-07-08 03:51 - 00861184 _____ (Hewlett-Packard) C:\Windows\system32\hpowiax3.dll
2013-07-22 18:50 - 2009-07-08 03:51 - 00729600 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpotscl3.dll
2013-07-22 18:50 - 2009-07-08 03:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
2013-07-22 18:50 - 2009-07-08 03:51 - 00540672 _____ (Hewlett-Packard) C:\Windows\system32\hppldcoi.dll
2013-07-22 18:50 - 2009-07-08 03:51 - 00497664 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpovst10.dll
2013-07-22 18:27 - 2013-07-22 18:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-22 06:26 - 2013-07-22 06:27 - 00000608 _____ C:\Users\Anne\Documents\desktoptools.log
2013-07-22 01:55 - 2013-07-22 01:55 - 17617288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-07-22 01:44 - 2013-08-13 22:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 01:44 - 2013-07-22 01:55 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-21 14:20 - 2013-07-21 14:20 - 522753527 _____ C:\Windows\MEMORY.DMP
2013-07-21 14:20 - 2013-07-21 14:20 - 00275832 _____ C:\Windows\Minidump\072113-47642-01.dmp
2013-07-21 14:20 - 2013-07-21 14:20 - 00000000 ____D C:\Windows\Minidump
2013-07-21 01:08 - 2013-08-05 04:56 - 00000000 ____D C:\Users\Anne\Desktop\Digital Dreams
2013-07-21 00:46 - 2013-07-21 00:47 - 00000013 _____ C:\Windows\SysWOW64\WinUser32.crc
2013-07-21 00:46 - 2013-07-21 00:46 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
2013-07-21 00:45 - 2013-07-21 00:45 - 04090504 _____ C:\Users\Anne\Downloads\CoffeeStyleSheet50.exe
2013-07-17 22:39 - 2013-07-17 22:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-17 17:53 - 2013-07-17 17:53 - 03798712 _____ (Cryptic Studios) C:\Users\Anne\Downloads\neverwinter_setup.exe
2013-07-17 17:53 - 2013-07-17 17:53 - 00000877 _____ C:\Users\Anne\Desktop\Neverwinter.lnk
2013-07-17 17:53 - 2013-07-17 17:53 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-17 17:07 - 2013-07-17 17:07 - 00001456 _____ C:\Users\Anne\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-07-17 17:04 - 2013-08-06 07:06 - 00000000 ____D C:\Users\Anne\Desktop\Digital Dreamer
2013-07-17 16:57 - 2013-07-17 16:57 - 00000000 ____D C:\Users\Anne\AppData\Local\offsync
2013-07-17 16:53 - 2013-07-17 22:57 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 2
2013-07-17 16:52 - 2013-08-06 17:22 - 00001056 _____ C:\Users\Anne\Desktop\desktoptools.lnk
2013-07-17 16:52 - 2013-07-17 16:52 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2013-07-17 16:51 - 2013-08-09 01:11 - 00000000 ____D C:\Program Files (x86)\Workspace
2013-07-17 16:51 - 2013-07-17 16:51 - 00000000 ____D C:\Users\Anne\AppData\Local\Workspace
2013-07-17 03:01 - 2013-07-17 03:03 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 10:38 - 2013-07-30 01:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-15 01:09 - 2013-08-13 22:13 - 00005242 _____ C:\Windows\setupact.log
2013-07-15 01:09 - 2013-07-15 01:09 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-08-13 23:33 - 2013-08-13 23:36 - 01575544 _____ (Farbar) C:\Users\Anne\Desktop\FRST64.exe
2013-08-13 23:30 - 2013-08-13 23:30 - 00019752 _____ C:\Users\Anne\Desktop\dds.txt
2013-08-13 23:30 - 2013-08-13 23:30 - 00014591 _____ C:\Users\Anne\Desktop\attach.txt
2013-08-13 23:26 - 2013-01-15 00:30 - 00000000 ___RD C:\Users\Anne\Dropbox
2013-08-13 23:26 - 2013-01-15 00:26 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Dropbox
2013-08-13 23:26 - 2012-09-02 16:27 - 00000000 ___RD C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-13 23:23 - 2013-08-13 23:26 - 00688992 ____R (Swearware) C:\Users\Anne\Desktop\dds.com
2013-08-13 22:55 - 2013-07-22 01:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-13 22:21 - 2009-07-13 21:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-13 22:21 - 2009-07-13 21:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 22:13 - 2013-07-15 01:09 - 00005242 _____ C:\Windows\setupact.log
2013-08-13 22:13 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-13 20:02 - 2013-08-13 20:02 - 00048397 _____ C:\Users\Anne\Downloads\FRST.txt
2013-08-13 20:02 - 2013-08-13 20:01 - 00033368 _____ C:\Users\Anne\Downloads\Addition.txt
2013-08-13 19:09 - 2012-09-02 15:10 - 01772901 _____ C:\Windows\WindowsUpdate.log
2013-08-13 19:05 - 2013-08-13 19:05 - 00000000 ____D C:\FRST
2013-08-13 19:05 - 2009-07-13 22:13 - 00864970 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-13 19:04 - 2013-08-13 19:04 - 01575544 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2013-08-13 19:02 - 2013-01-15 22:51 - 00000000 ____D C:\Users\Anne\Desktop\Mike
2013-08-13 18:21 - 2013-08-11 07:51 - 00003200 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-08-13 18:21 - 2013-07-29 02:37 - 00003336 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-08-13 17:51 - 2013-07-30 05:40 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DDC762DC-AF44-4C24-9414-4178C2A42C87}
2013-08-13 17:47 - 2013-07-26 15:39 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-08-13 17:47 - 2013-07-26 15:39 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1001
2013-08-13 07:52 - 2013-08-13 07:52 - 01066648 _____ C:\Users\Anne\Downloads\Firefox_Setup.exe
2013-08-13 07:52 - 2013-08-13 07:52 - 01066648 _____ C:\Users\Anne\Downloads\Firefox_Setup(1).exe
2013-08-13 05:38 - 2013-08-13 05:38 - 00003240 _____ C:\{90938ABB-87DB-4028-AA2B-74411ED12E22}
2013-08-13 05:35 - 2013-08-13 05:35 - 00004360 _____ C:\{401F4424-E32D-49AF-B493-42A8A77D88FB}
2013-08-13 05:11 - 2013-02-03 02:21 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-13 05:11 - 2012-11-12 14:31 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-13 05:11 - 2012-09-14 23:34 - 00000000 ____D C:\Users\Anne\AppData\Local\Google
2013-08-13 05:05 - 2013-07-31 15:45 - 00000000 ____D C:\Users\Anne\Desktop\Unnamed Site 3
2013-08-13 05:03 - 2013-08-12 05:43 - 00000000 ____D C:\Users\Anne\Desktop\3Dmus3
2013-08-13 04:49 - 2012-09-02 18:34 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Adobe
2013-08-13 04:48 - 2013-08-13 04:48 - 00001070 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2013-08-13 04:46 - 2012-09-02 18:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-13 04:45 - 2012-09-02 18:34 - 00000000 ____D C:\Users\Anne\AppData\Local\Adobe
2013-08-13 04:35 - 2013-08-12 05:36 - 00000000 ____D C:\Users\Anne\Desktop\caurina
2013-08-13 04:16 - 2013-08-13 04:16 - 14563135 _____ C:\Users\Anne\Downloads\AdobeExchange.zxp
2013-08-13 04:12 - 2013-08-13 04:12 - 00000750 _____ C:\Users\Public\Desktop\FlexiLayouts 2 PRO Editor.lnk
2013-08-13 04:12 - 2013-08-13 04:12 - 00000000 ____D C:\Users\Anne\AppData\Roaming\com.extend.csslayoutspro
2013-08-13 04:07 - 2013-08-13 04:07 - 30434257 _____ C:\Users\Anne\Downloads\FlexiLayoutsPro_2.2.42.zip
2013-08-13 01:56 - 2013-08-13 01:56 - 00000083 _____ C:\Users\Anne\Downloads\ftpclient.php
2013-08-12 16:39 - 2013-08-12 16:39 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 4
2013-08-12 16:27 - 2013-08-12 05:59 - 00000000 ____D C:\Users\Anne\Desktop\flash
2013-08-12 16:24 - 2013-08-12 16:24 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 3
2013-08-12 16:24 - 2012-11-25 19:49 - 00000000 ____D C:\Users\Anne\AppData\Local\CrashDumps
2013-08-12 13:43 - 2013-08-12 13:37 - 00005895 _____ C:\Users\Anne\Desktop\CSS3 Menu.css3prj
2013-08-12 13:32 - 2013-08-12 13:32 - 00001191 _____ C:\Users\Anne\Documents\CSS3 Menu.html
2013-08-12 13:32 - 2013-08-12 13:32 - 00000000 ____D C:\Users\Anne\Documents\CSS3 Menu_files
2013-08-12 13:31 - 2013-08-12 13:31 - 00000717 _____ C:\Users\Public\Desktop\Css3 Menu.lnk
2013-08-12 13:30 - 2013-08-12 13:29 - 22702316 _____ C:\Users\Anne\Desktop\css3menu-setup.zip
2013-08-12 07:53 - 2013-08-12 07:53 - 317591552 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand (1).wav
2013-08-12 07:53 - 2013-08-12 07:53 - 02836168 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand (1).wav.gpk
2013-08-12 05:51 - 2013-08-12 05:51 - 00000000 ____D C:\Users\Anne\Desktop\Unnamed Site 7
2013-08-12 05:40 - 2013-08-12 05:40 - 09957462 _____ C:\Users\Anne\Desktop\3Dmus3.zip
2013-08-12 05:29 - 2013-08-12 05:29 - 03707248 _____ C:\Users\Anne\Desktop\flashmo_247_3d_touch_ring.zip
2013-08-09 12:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-09 01:18 - 2013-08-05 05:32 - 00000000 ____D C:\Users\Anne\Desktop\Unnamed Site 4
2013-08-09 01:11 - 2013-07-17 16:51 - 00000000 ____D C:\Program Files (x86)\Workspace
2013-08-07 02:06 - 2013-02-02 11:44 - 02016256 ___SH C:\Users\Anne\Desktop\Thumbs.db
2013-08-06 17:22 - 2013-07-17 16:52 - 00001056 _____ C:\Users\Anne\Desktop\desktoptools.lnk
2013-08-06 07:06 - 2013-07-17 17:04 - 00000000 ____D C:\Users\Anne\Desktop\Digital Dreamer
2013-08-06 03:27 - 2013-08-06 03:27 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Utherverse
2013-08-06 03:26 - 2013-08-06 03:26 - 00001335 _____ C:\Users\Anne\Desktop\Red Light Center 3D Client.lnk
2013-08-06 03:26 - 2013-08-06 03:26 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-08-06 03:26 - 2013-08-06 03:26 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-06 03:26 - 2013-08-06 03:26 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Light Center 3D Client
2013-08-06 03:19 - 2013-08-06 03:19 - 00000000 ____D C:\Program Files (x86)\Utherverse Digital Inc
2013-08-06 03:18 - 2013-08-06 03:18 - 16810608 _____ C:\Users\Anne\Downloads\RedLightCenterSetup.exe
2013-08-05 20:10 - 2013-08-05 20:01 - 00000181 _____ C:\Windows\ODBC.INI
2013-08-05 20:10 - 2012-11-13 01:38 - 00880752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-08-05 19:35 - 2013-08-05 19:35 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Subversion
2013-08-05 12:41 - 2013-08-05 12:41 - 00000000 _____ C:\Users\Anne\Downloads\script.sql
2013-08-05 12:32 - 2013-08-05 12:32 - 00000000 ____D C:\Users\Anne\AppData\Roaming\com.adobe.amp
2013-08-05 12:14 - 2013-08-05 12:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-08-05 12:14 - 2013-08-05 12:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-08-05 12:13 - 2013-08-05 12:13 - 18066392 _____ (Adobe Systems Inc.) C:\Users\Anne\Downloads\AdobeAIRInstaller.exe
2013-08-05 12:12 - 2013-08-05 12:11 - 37039616 _____ C:\Users\Anne\Downloads\jQuery_XPOSEGallery_PRO_1.1.4.82.zip
2013-08-05 12:12 - 2012-09-02 18:32 - 00000000 ____D C:\ProgramData\Adobe
2013-08-05 11:55 - 2013-08-05 11:55 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 5
2013-08-05 11:50 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Anne\Desktop\New Folder
2013-08-05 11:49 - 2013-08-05 11:49 - 04476508 _____ C:\Users\Anne\Downloads\wordpress-3.6.zip
2013-08-05 11:22 - 2013-01-25 02:46 - 00000000 ____D C:\Windows\pss
2013-08-05 04:56 - 2013-07-21 01:08 - 00000000 ____D C:\Users\Anne\Desktop\Digital Dreams
2013-08-05 03:05 - 2013-08-05 03:05 - 00000000 ____D C:\Windows\Sun
2013-08-05 03:05 - 2013-08-05 03:05 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Sun
2013-08-05 03:03 - 2013-08-05 03:03 - 00127075 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-08-05 03:03 - 2013-08-05 03:03 - 00049262 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\jpicpl32.cpl
2013-08-05 03:03 - 2013-08-05 03:03 - 00049247 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-08-05 03:03 - 2013-08-05 03:03 - 00049245 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-08-05 03:03 - 2013-02-11 02:13 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-05 00:46 - 2013-08-05 00:46 - 00001113 _____ C:\Users\Public\Desktop\NETGEAR WNA1100 Genie.lnk
2013-08-05 00:44 - 2013-08-05 00:44 - 00000000 ____D C:\Users\Anne\Downloads\NETGEAR
2013-07-31 16:40 - 2013-07-31 16:39 - 495903544 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand - Side B.wav
2013-07-31 16:40 - 2013-07-31 16:38 - 04428240 _____ C:\Users\Anne\Desktop\Robert Oleysyck - 16 Grains of Sand - Side B.wav.gpk
2013-07-31 01:08 - 2013-07-27 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-30 22:29 - 2013-07-30 22:28 - 04993024 _____ C:\Users\Anne\Downloads\standalone.msi
2013-07-30 01:28 - 2013-07-15 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-30 01:28 - 2010-11-20 20:47 - 00641966 _____ C:\Windows\PFRO.log
2013-07-27 18:23 - 2013-07-27 18:00 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-27 18:02 - 2013-07-27 18:02 - 00002677 _____ C:\Users\Public\Desktop\Free YouTube Downloader Converter.lnk
2013-07-27 18:02 - 2013-07-27 18:02 - 00000000 ____D C:\Users\Anne\AppData\Roaming\GVU Technologies
2013-07-27 17:58 - 2013-07-27 17:52 - 00000000 ____D C:\ProgramData\Wondershare Player
2013-07-27 17:58 - 2013-07-27 17:51 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-07-27 17:55 - 2013-07-27 17:55 - 00000000 ____D C:\ProgramData\xml_param
2013-07-27 17:55 - 2013-07-27 17:51 - 00000000 ____D C:\ProgramData\Wondershare AllMyTube
2013-07-27 17:52 - 2013-07-27 17:52 - 00000000 ____D C:\Users\Anne\AppData\Local\Wondershare
2013-07-27 17:52 - 2013-07-27 17:52 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-07-27 17:51 - 2013-07-27 17:51 - 00000000 ____D C:\ProgramData\Wondershare Application Common Data
2013-07-27 17:51 - 2013-07-27 17:50 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2013-07-27 17:50 - 2013-07-27 17:49 - 00712480 _____ (Wondershare) C:\Users\Anne\Downloads\Inst_youtube-downloader_full235.exe
2013-07-27 05:06 - 2012-11-12 22:56 - 00000000 ____D C:\Users\Anne\AppData\Roaming\DAEMON Tools Lite
2013-07-26 15:36 - 2009-07-13 21:45 - 04975048 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-26 03:14 - 2013-07-26 03:13 - 00284526 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-24 03:01 - 2013-07-24 03:00 - 00285270 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-24 03:00 - 2013-07-24 03:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-07-23 01:35 - 2012-11-12 14:59 - 00000000 ____D C:\Users\Anne\AppData\Local\ID Vault
2013-07-23 01:35 - 2012-11-12 14:58 - 00000000 ____D C:\Users\Anne\AppData\Roaming\ID Vault
2013-07-23 01:35 - 2012-11-12 14:57 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-07-22 21:53 - 2013-07-22 21:53 - 00864375 _____ C:\Users\Anne\Downloads\15.zip
2013-07-22 21:08 - 2013-07-22 21:08 - 01542057 _____ C:\Users\Anne\Downloads\5.rar
2013-07-22 19:33 - 2012-09-02 17:34 - 00089920 _____ C:\Users\Anne\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-22 19:25 - 2013-07-22 19:12 - 00003372 _____ C:\Windows\SysWOW64\TEST.log
2013-07-22 19:14 - 2013-07-22 18:56 - 00000000 ____D C:\Users\Anne\AppData\Roaming\HP
2013-07-22 19:08 - 2013-07-22 19:08 - 07210800 _____ C:\Users\Anne\Downloads\1.rar
2013-07-22 19:07 - 2013-07-22 19:07 - 03709144 _____ C:\Users\Anne\Downloads\index.rar
2013-07-22 18:58 - 2013-07-27 22:54 - 257604504 _____ C:\Users\Anne\Documents\DJ_AIO_NonNet_Full_Win_WW_130_140.exe
2013-07-22 18:57 - 2012-09-02 17:43 - 00000000 ____D C:\Users\Anne\AppData\Local\HP
2013-07-22 18:56 - 2013-07-22 18:56 - 00000000 ____D C:\ProgramData\WEBREG
2013-07-22 18:56 - 2013-07-22 18:50 - 00169820 _____ C:\Windows\hpoins14.dat
2013-07-22 18:56 - 2013-07-22 18:50 - 00000821 _____ C:\ProgramData\hpzinstall.log
2013-07-22 18:56 - 2012-09-02 17:44 - 00000000 ____D C:\ProgramData\HP
2013-07-22 18:55 - 2009-07-13 19:34 - 00000470 _____ C:\Windows\win.ini
2013-07-22 18:54 - 2013-07-22 18:54 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-07-22 18:54 - 2012-09-02 17:44 - 00000000 ____D C:\Program Files (x86)\HP
2013-07-22 18:27 - 2013-07-22 18:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-07-22 18:27 - 2012-11-12 14:59 - 00000000 ____D C:\Users\Anne\AppData\Local\White_Sky,_Inc
2013-07-22 06:27 - 2013-07-22 06:26 - 00000608 _____ C:\Users\Anne\Documents\desktoptools.log
2013-07-22 01:55 - 2013-07-22 01:55 - 17617288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-07-22 01:55 - 2013-07-22 01:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-22 01:55 - 2012-09-02 19:47 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-22 01:55 - 2012-09-02 19:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 14:20 - 2013-07-21 14:20 - 522753527 _____ C:\Windows\MEMORY.DMP
2013-07-21 14:20 - 2013-07-21 14:20 - 00275832 _____ C:\Windows\Minidump\072113-47642-01.dmp
2013-07-21 14:20 - 2013-07-21 14:20 - 00000000 ____D C:\Windows\Minidump
2013-07-21 00:47 - 2013-07-21 00:46 - 00000013 _____ C:\Windows\SysWOW64\WinUser32.crc
2013-07-21 00:46 - 2013-07-21 00:46 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
2013-07-21 00:45 - 2013-07-21 00:45 - 04090504 _____ C:\Users\Anne\Downloads\CoffeeStyleSheet50.exe
2013-07-18 00:02 - 2013-01-24 22:25 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-17 22:57 - 2013-07-17 16:53 - 00000000 ____D C:\Users\Anne\Documents\Unnamed Site 2
2013-07-17 22:39 - 2013-07-17 22:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2013-07-17 17:53 - 2013-07-17 17:53 - 03798712 _____ (Cryptic Studios) C:\Users\Anne\Downloads\neverwinter_setup.exe
2013-07-17 17:53 - 2013-07-17 17:53 - 00000877 _____ C:\Users\Anne\Desktop\Neverwinter.lnk
2013-07-17 17:53 - 2013-07-17 17:53 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-17 17:07 - 2013-07-17 17:07 - 00001456 _____ C:\Users\Anne\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-07-17 16:57 - 2013-07-17 16:57 - 00000000 ____D C:\Users\Anne\AppData\Local\offsync
2013-07-17 16:52 - 2013-07-17 16:52 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2013-07-17 16:51 - 2013-07-17 16:51 - 00000000 ____D C:\Users\Anne\AppData\Local\Workspace
2013-07-17 16:51 - 2012-09-02 17:45 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Mozilla
2013-07-17 03:03 - 2013-07-17 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 02:49 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-07-15 01:09 - 2013-07-15 01:09 - 00000000 _____ C:\Windows\setuperr.log
2013-07-14 01:58 - 2013-05-04 11:59 - 00000000 ____D C:\Users\Anne\AppData\Roaming\Notepad++
2013-07-14 01:57 - 2012-11-26 22:10 - 00000000 ____D C:\Windows\system32\oodag
2013-07-14 01:42 - 2012-09-02 16:27 - 00001413 _____ C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-14 01:42 - 2012-09-02 16:27 - 00000000 ___RD C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-14 01:39 - 2012-11-27 04:17 - 00139290 _____ C:\Windows\system32\oodbs.lor
2013-07-14 01:36 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 01:36 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 01:36 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-14 01:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Anne\AppData\Local\Google\Desktop\Install\{ee52991a-16b7-dcc5-f1c0-a9a42cad7aa2}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{ee52991a-16b7-dcc5-f1c0-a9a42cad7aa2}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-08-12 00:00

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013
Ran by Anne at 2013-08-13 20:01:41
Running from C:\Users\Anne\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

  
64 Bit HP CIO Components Installer (Version: 6.2.1)
7-zip v9.20 (x32 Version: v9.20)
Adobe AIR (x32 Version: 3.8.0.870)
Adobe Creative Cloud (x32 Version: 2.1.0.213)
Adobe Dreamweaver CS6 (x32 Version: 12)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Illustrator CS5.1 (x32 Version: 15.1)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
AIO_Scan (x32 Version: 130.0.365.000)
Akamai NetSession Interface (HKCU)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
Apple Application Support (x32 Version: 1.2.1)
Apple Software Update (x32 Version: 2.1.1.116)
ASUSUpdate (x32 Version: 7.18.03)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
BufferChm (x32 Version: 130.0.331.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CoffeeCup StyleSheet Maker (x32)
Copy (x32 Version: 130.0.428.000)
CSS3 Menu (x32)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
Diablo III (x32 Version: 1.0.7.14633)
DJ_AIO_ProductContext (x32 Version: 130.0.365.000)
DJ_AIO_Software (x32 Version: 130.0.365.000)
DJ_AIO_Software_min (x32 Version: 130.0.365.000)
Dropbox (HKCU Version: 2.0.22)
Extensis Suitcase Fusion 4 (x32 Version: 15.0.0)
F4100 (x32 Version: 130.0.365.000)
F4100_Help (x32 Version: 90.0.222.000)
Flash Player Pro V5.4 (x32)
FlexiLayouts 2 PRO Editor (x32 Version: 2.1.140)
Free YouTube Downloader Converter (x32 Version: 1.0.0)
GPBaseService2 (x32 Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 4.000.011.006)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Imaging Device Functions 13.0 (Version: 13.0)
Intel® Integrated Performance Primitives RTI 4.0 (x32 Version: 4.0.23)
J2SE Runtime Environment 5.0 (x32 Version: 1.5.0)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0)
Netflix in Windows Media Center (x32 Version: 3.3.101.0)
NETGEAR WNA1100 N150 Wireless USB Adapter (x32 Version: 1.0.0.133)
Neverwinter (x32)
Next Generation Visualisations (x32 Version: 1.0.0)
Norton Security Suite (x32 Version: 20.2.0.19)
PDF Settings CS5 (x32 Version: 10.0)
Platform (x32 Version: 1.34)
PlayReady PC Runtime amd64 (Version: 1.3.0)
QuickTime (x32 Version: 7.66.71.0)
RealDownloader (x32 Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Reason 5.0 (x32 Version: 5.0)
ReCycle 2.1.2 (x32 Version: 2.1.2)
Red Light Center 3D Client (x32 Version: 1.9.4745)
Scan (x32 Version: 140.0.80.000)
Shared C Run-time for x64 (Version: 10.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.469.000)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VIA Platform Device Manager (x32 Version: 1.34)
WaveLab 6 (x32 Version: 6.1.1.353)
WebReg (x32 Version: 130.0.132.017)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Workspace Desktop (HKCU)

==================== Restore Points  =========================

23-07-2013 02:13:47 Removed Scan
23-07-2013 02:14:33 Removed Destinations
23-07-2013 02:15:10 Installed Scan
23-07-2013 08:22:03 Norton Security Suite Registry
24-07-2013 10:00:11 Windows Update
26-07-2013 10:12:24 Windows Update
28-07-2013 01:00:44 Installed Free YouTube Downloader Converter
05-08-2013 07:45:44 Installed NETGEAR WNA1100 N150 Wireless USB Adapter
05-08-2013 10:02:08 Installed J2SE Runtime Environment 5.0
13-08-2013 07:01:02 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-03-03 23:50 - 2013-03-03 23:50 - 00000992 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 ood.opsource.net ereg.wip4.adobe.com ereg.wip.adobe.com activate-sjc0.adobe.com practivate.adobe.ipp activate.wip4.adobe.com 3dns-1.adobe.com activate.wip1.adobe.com 3dns.adobe.com practivate.adobe.ntp activate.wip.adobe.com wip1.adobe.com 3dns-4.adobe.com activate.wip2.adobe.com practivate.adobe
127.0.0.1 3dns-2.adobe.com www.wip4.adobe.com 3dns-3.adobe.com lm.licenses.adobe.com adobe-dns-4.adobe.com adobe-dns-1.adobe.com adobe-dns.adobe.com ereg.adobe.com wip4.adobe.com hl2rcv.adobe.com wip3.adobe.com na2m-pr.licenses.adobe.com www.wip1.adobe.com adobeereg.com lmlicenses.wip4.adobe.com
127.0.0.1 www.wip2.adobe.com ereg.wip2.adobe.com www.wip.adobe.com wip2.adobe.com practivate.adobe.newoa wwis-dubc1-vip60.adobe.com wip.adobe.com adobe-dns-3.adobe.com www.adobeereg.com activate.wip3.adobe.com activate-sea.adobe.com activate.adobe.com adobe-dns-2.adobe.com ereg.wip1.adobe.com www.wip3.adobe.com
127.0.0.1 practivate.adobe.com ereg.wip3.adobe.com crl.verisign.net

==================== Scheduled Tasks (whitelisted) =============

Task: {030ECF29-4842-4AC2-A28A-5CE3A4ABE5A2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {22BEB3D6-5079-4577-92CB-2DED68C6D2CC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {363FBDA0-7C47-48DA-BF9B-823F08F22C77} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\WSCStub.exe [2012-10-19] (Symantec Corporation)
Task: {44D984E8-F4D8-4FBC-9F72-C65AEF327F09} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {5C34682D-F925-4433-BFC1-B829CA7722AB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22] (Adobe Systems Incorporated)
Task: {5C995FE9-0892-4150-B7AA-800A98133C1B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {64943486-F905-4F75-A39E-4AA43138AD7C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {7ACE9081-94EE-4543-A544-E5CB72A58E55} - System32\Tasks\User_Feed_Synchronization-{DDC762DC-AF44-4C24-9414-4178C2A42C87} => C:\Windows\system32\msfeedssync.exe [2013-07-13] (Microsoft Corporation)
Task: {A0F2269A-418C-4A0C-9FA6-CE08115107A4} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {B11C35A9-4E01-47E0-87F1-72EE51860A4E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {C2AFB8C0-DECE-4BE7-9AFD-6DC70DD2C086} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {CA8C2D6D-B721-4CF4-A59C-E5EC2706B37A} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe No File
Task: {CDB9FE0D-C06E-41B6-9A3C-7175D14E1761} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {D674DAD6-D2BD-4FE3-B10E-46341471C00D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {DE7ADB2F-6810-4E75-8D27-DD342C066E2D} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {F43FE9BF-0F80-4944-8B28-7E5D5CD0DC43} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-200405289-3131803362-2751125550-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {F4599144-CE8C-4B5F-846B-01CAB2235E34} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-200405289-3131803362-2751125550-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {F76A081D-B4F8-425F-8A2D-52FE69FE7928} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {FE9771A2-2F48-4025-B061-3DBC0A974A43} - System32\Tasks\hpUrlLauncher.exe_{2C5C46C9-7706-42CC-8522-94EACE9E095D} => C:\Program Files\HP\HP Photosmart 5510 series\Bin\utils\hpUrlLauncher.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2013 07:35:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x26d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/13/2013 06:20:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 05:48:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 10:49:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x24c8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/13/2013 09:19:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0xd40
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/13/2013 08:25:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 07:58:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 10.0.9200.16635, time stamp: 0x51b7b287
Exception code: 0xc0000005
Fault offset: 0x0029287a
Faulting process id: 0x1420
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/13/2013 07:33:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 03:16:00 AM) (Source: Application Hang) (User: )
Description: The program Dreamweaver.exe version 12.0.0.5808 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 159fc

Start Time: 01ce980c64fcafe4

Termination Time: 20

Application Path: C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe

Report Id: 538fde84-0401-11e3-a8b9-fc9ea38cf839

Error: (08/13/2013 02:47:06 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16635 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2998

Start Time: 01ce97faefa06c94

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (08/13/2013 06:21:23 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/13/2013 06:21:23 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/13/2013 06:19:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sdpiosys

Error: (08/13/2013 06:19:50 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/13/2013 06:19:40 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/13/2013 06:19:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/13/2013 06:19:38 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/13/2013 06:19:10 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\sdpiosys.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/13/2013 05:48:14 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/13/2013 05:48:14 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Microsoft Office Sessions:
=========================
Error: (08/13/2013 07:35:51 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a26d401ce9895acad00d9C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll3b7e1c17-048a-11e3-bb60-941cacb9a83a

Error: (08/13/2013 06:20:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 05:48:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 10:49:14 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a24c801ce984c7956bbefC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dllaab42e72-0440-11e3-8f44-ecdd8c0e8638

Error: (08/13/2013 09:19:47 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287ad4001ce983faa8657caC:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dll2b38159c-0434-11e3-8f44-ecdd8c0e8638

Error: (08/13/2013 08:25:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 07:58:34 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mshtml.dll10.0.9200.1663551b7b287c00000050029287a142001ce983554073ae8C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\mshtml.dlld2e916c7-0428-11e3-97a9-993955262e33

Error: (08/13/2013 07:33:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/13/2013 03:16:00 AM) (Source: Application Hang)(User: )
Description: Dreamweaver.exe12.0.0.5808159fc01ce980c64fcafe420C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe538fde84-0401-11e3-a8b9-fc9ea38cf839

Error: (08/13/2013 02:47:06 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16635299801ce97faefa06c940C:\Program Files\Internet Explorer\iexplore.exe

CodeIntegrity Errors:
===================================
  Date: 2012-11-13 08:40:45.988
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:45.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:44.266
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:44.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:43.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:43.226
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:42.211
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:42.199
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:29.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-11-13 08:40:29.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 73%
Total physical RAM: 3070.05 MB
Available physical RAM: 810.7 MB
Total Pagefile: 6138.29 MB
Available Pagefile: 2875.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:233.66 GB) (Free:65.12 GB) NTFS (Disk=1 Partition=2)
Drive d: () (Fixed) (Total:114.48 GB) (Free:97.51 GB) NTFS
Drive h: (MROBERTSON) (Removable) (Total:30.44 GB) (Free:29.28 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 114 GB) (Disk ID: 293F2941)
Partition 1: (Active) - (Size=114 GB) - (Type=42)
Partition 2: (Not Active) - (Size=14 MB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 234 GB) (Disk ID: 29F1B502)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=234 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 PM

Posted 14 August 2013 - 01:28 PM

Hello miker21468



I need you to download this script I have made for you --> Attached File  fixlist.txt   998bytes   4 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 miker21468

miker21468
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 14 August 2013 - 04:20 PM

Farbar wants to update to new version I hit no, I hit fix. and it says "no fixlist.txt found". it was saved to my desktop.



#6 miker21468

miker21468
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 14 August 2013 - 04:31 PM

ok nevermind was a problem with flashdrive, here is the log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2013
Ran by Anne at 2013-08-14 14:27:33 Run:1
Running from C:\Users\Anne\Desktop
Boot Mode: Normal
==============================================

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Users\Anne\AppData\Local\Google\Desktop\Install\{ee52991a-16b7-dcc5-f1c0-a9a42cad7aa2} => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found
"C:\Windows\system64" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 PM

Posted 14 August 2013 - 09:20 PM



Hello miker21468

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 miker21468

miker21468
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 14 August 2013 - 10:46 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anne on Wed 08/14/2013 at 20:33:59.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wondershare
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wondershare
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lucky savings-internalinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lucky savings-internalinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lucky savings_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\lucky savings_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_mcafee-internet-security-suite_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_mcafee-internet-security-suite_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271159}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_mcafee-internet-security-suite_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_mcafee-internet-security-suite_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF}

 

~~~ Files

Successfully deleted: [File] "C:\Users\Anne\appdata\local\funmoods-speeddial.crx"
Successfully deleted: [File] "C:\Users\Anne\appdata\local\funmoods.crx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Anne\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Anne\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Anne\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Anne\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\local\wondershare"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\locallow\comcasttb"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\locallow\funmoods"
Successfully deleted: [Folder] "C:\Program Files (x86)\goforfiles"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Anne\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

 

~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Emptied folder: C:\Users\Anne\AppData\Roaming\mozilla\firefox\profiles\jeonnqu2.default\minidumps [7 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/14/2013 at 20:38:49.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v2.306 - Logfile created 08/14/2013 at 20:32:14
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Anne - ANNE-PC
# Boot Mode : Normal
# Running from : H:\virus\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Anne\AppData\Local\funmoods.crx
File Found : C:\Users\Anne\AppData\Local\funmoods-speeddial.crx
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\Program Files (x86)\Wondershare
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Anne\AppData\Local\APN
Folder Found : C:\Users\Anne\AppData\Local\SwvUpdater
Folder Found : C:\Users\Anne\AppData\Local\Wajam
Folder Found : C:\Users\Anne\AppData\Local\Wondershare
Folder Found : C:\Users\Anne\AppData\Local\Zoom_Downloader
Folder Found : C:\Users\Anne\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Anne\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Anne\AppData\LocalLow\comcasttb
Folder Found : C:\Users\Anne\AppData\LocalLow\Funmoods
Folder Found : C:\Users\Anne\AppData\Roaming\Babylon
Folder Found : C:\Users\Anne\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Anne\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SocialBit
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKCU\Software\feda8ce038e840
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Lucky Savings-InternalInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\feda8ce038e840
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=e36c14fd-1e48-46fa-b7ff-56c92c1611ea&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=e36c14fd-1e48-46fa-b7ff-56c92c1611ea&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=e36c14fd-1e48-46fa-b7ff-56c92c1611ea&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=e36c14fd-1e48-46fa-b7ff-56c92c1611ea&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=e36c14fd-1e48-46fa-b7ff-56c92c1611ea&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\jeonnqu2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12825 octets] - [14/08/2013 20:32:14]

########## EOF - C:\AdwCleaner[R1].txt - [12886 octets] ##########



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 PM

Posted 14 August 2013 - 11:00 PM


Hello miker21468

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 miker21468

miker21468
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 August 2013 - 01:41 AM

ok it keeps freezing at the same spot every time at stage 50. tried 3 times and no luck. am trying one more time now.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 PM

Posted 15 August 2013 - 01:47 AM


Hello miker21468

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 PM

Posted 20 August 2013 - 10:28 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 PM

Posted 23 August 2013 - 09:03 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users