Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Delta search


  • Please log in to reply
35 replies to this topic

#1 soule2soule

soule2soule

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 01 September 2013 - 08:35 PM

This is a new post for my issue.  Below is a link to the previous issue so you can see what I have been told to do up to this point and any info I have:

 

http://www.bleepingcomputer.com/forums/t/505263/pup-virus-bprotector/page-2

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by Brenda at 20:22:29 on 2013-09-01
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1790.957 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\WinZipper\winzipersvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\ipmon32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.charter.net/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0409&m=el1300g
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0409&m=el1300g
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - c:\program files\earthlink totalaccess\ElnIE.dll
uURLSearchHooks: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Zynga Toolbar: {7B13EC3E-999A-4B70-B9CB-2617B8323822} -
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\program files\shopathome\tbcore3U.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - c:\program files\shopathome\tbcore3U.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\brenda\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\brenda\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\brenda\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WKCALREM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda4100\WNDA4100.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: earthlink.net
Trusted Zone: eimg.net
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3E6561B4-06BF-427A-9118-965D93BDB928} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{51053F29-1EA1-46D0-B4C4-8ADC46DD9508} : DHCPNameServer = 8.8.8.8 216.252.23.242 209.55.27.13
AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-5 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-5 175176]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [2013-8-19 16208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-31 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-30 369584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [2013-8-19 22864]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\anvisoft\anvi smart defender\ASDSrv.exe [2013-8-12 742120]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [2013-8-19 14160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-30 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-13 46808]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-4-28 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-29 701512]
R2 RalinkRegistryWriter;RalinkRegistryWriter;c:\program files\netgear\wnda4100\service\RaRegistry.exe [2012-4-30 377088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-29 22856]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2012-11-12 1206560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-12 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
.
=============== Created Last 30 ================
.
2013-08-30 07:09:06 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{29ae1905-b027-43d7-a11c-563b01a16e06}\mpengine.dll
2013-08-30 01:36:32 -------- d-----w- c:\users\brenda\appdata\roaming\Malwarebytes
2013-08-30 01:35:45 -------- d-----w- c:\programdata\Malwarebytes
2013-08-30 01:35:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-30 01:35:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-29 15:51:48 -------- d-----w- c:\windows\ERUNT
2013-08-29 01:00:50 -------- d-----w- c:\programdata\Sophos
2013-08-29 00:56:39 73728 ----a-r- c:\users\brenda\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-29 00:56:39 73728 ----a-r- c:\users\brenda\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-29 00:56:39 73728 ----a-r- c:\users\brenda\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-08-29 00:55:58 -------- d-----w- c:\program files\Sophos
2013-08-29 00:28:18 -------- d-----w- c:\program files\ESET
2013-08-27 21:15:19 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-21 15:45:02 -------- d-----w- c:\users\brenda\appdata\roaming\SUPERAntiSpyware.com
2013-08-21 15:40:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-21 15:40:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-19 19:27:43 -------- d-----w- c:\programdata\????0
2013-08-19 19:08:35 -------- d-----w- c:\users\brenda\appdata\roaming\Anvisoft
2013-08-19 19:07:52 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-08-19 19:07:52 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-08-19 19:07:52 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-08-19 19:07:51 -------- d-----w- c:\programdata\Anvisoft
2013-08-19 19:07:44 -------- d-----w- c:\program files\Anvisoft
2013-08-18 19:53:01 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-08-18 14:36:00 -------- d-----w- c:\programdata\????0
2013-08-17 05:26:52 -------- d-sh--w- C:\found.000
2013-08-17 04:47:15 -------- d-----w- c:\users\brenda\appdata\roaming\WinZipper
2013-08-17 04:47:15 -------- d-----w- c:\program files\WinZipper
2013-08-17 03:34:44 -------- d-----w- c:\program files\Uninstaller
2013-08-17 03:32:33 -------- d-----w- c:\program files\common files\337
2013-08-17 03:31:34 773712 ----a-w- c:\windows\system32\msvcr100.dll
2013-08-17 03:31:34 420944 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-17 03:18:07 -------- d-----w- c:\programdata\?¡?¡0
2013-08-16 20:42:01 -------- d-----w- c:\users\brenda\appdata\local\avgchrome
2013-08-16 20:41:50 -------- d-----w- c:\users\brenda\appdata\roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-16 20:41:25 -------- d-----w- c:\windows\system32\Extensions
2013-08-16 20:41:23 -------- d-----w- c:\windows\system32\searchplugins
2013-08-15 01:33:25 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 01:33:25 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-15 01:33:24 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 01:33:10 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 01:33:10 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 01:33:09 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 01:33:06 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 01:33:02 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 01:32:49 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 01:32:48 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 01:32:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 01:32:48 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
==================== Find3M  ====================
.
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-17 14:00:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-17 14:00:31 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-17 14:00:31 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-17 13:55:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-17 13:55:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 23:18:44 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 23:18:44 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:26:23.94 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:01 AM

Posted 06 September 2013 - 06:39 PM

Hi soule2soule

Sorry for the delay in response to your thread.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

I see from your other thread that it was suggested that you may have a 'Zero Access' infection..... let's check for that.

Step 1
Please disable Windows Defender... it is known to interfere with our fixes.
Normally Avast would have disabled this when installed as it may conflict.
  • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings >> Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
Recommendation
I am reading some unfavourable things about Anvi Smart Defender plus it may well conflict with the rest of your security.
I recommend this is uninstalled.


Step 2
For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. <<<< Important
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

BBPP6nz.png


#3 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 07 September 2013 - 01:36 PM

Here are the scan logs...hope you can find something???

Thanks for the effort so far!

Tam & Brenda

 

posted the wrong logs here so I deleted and posted them below.  so sorry


Edited by soule2soule, 07 September 2013 - 01:46 PM.


#4 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 07 September 2013 - 01:38 PM

Sorry, I guess I grabbed one of the wrong logs...here is frst!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2013 03
Ran by Brenda (administrator) on BRENDA-PC on 07-09-2013 12:56:07
Running from C:\Users\Brenda\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
() C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
( ) C:\Windows\system32\lxczcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Ralink Technology, Corp.) C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Visual Networks) C:\Program Files\EarthLink TotalAccess\FastLane2\ipmon32.exe
(Visual Networks) C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(NETGEAR) C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-02] (Google)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6144000 2008-05-20] (Realtek Semiconductor)
HKLM\...\Run: [eRecoveryService] -
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-09] ()
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-09-24] (CyberLink Corp.)
HKLM\...\Run: [IPInSightMonitor 01] - C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks)
HKLM\...\Run: [IPInSightLAN 01] - C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [Propel Accelerator] - "C:\Program Files\EarthLink Accelerator\trayctl.exe" /STARTUPLAUNCH
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [lxczbmgr.exe] - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [74672 2007-04-19] (Lexmark International, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-07-11] (Google Inc.)
HKCU\...\Run: [Google Update*] -  <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-14] (SUPERAntiSpyware)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
ShortcutTarget: WKCALREM.LNK -> C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP52
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0409&m=el1300g
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0409&m=el1300g
URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
SearchScopes: HKCU - DefaultScope {08A15C3C-EE3F-45F6-97F1-03D4ED026B49} URL = http://www.bing.com/search?FORM=UP52DF&PC=UP52&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {08A15C3C-EE3F-45F6-97F1-03D4ED026B49} URL = http://www.bing.com/search?FORM=UP52DF&PC=UP52&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=UhmOvVOR4t9qRmE6rxBJy3dJVy4?q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU -Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
Toolbar: HKCU -No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKCU -ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976"
CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976
CHR DefaultSuggestURL: (Delta Search) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (LessTabs) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.2.0_0
CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 ETService; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
S3 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-07-16] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-02] (Google)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [537520 2007-04-19] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 RalinkRegistryWriter; C:\Program Files\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [272024 2007-05-13] ()
R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [424104 2013-08-16] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-06-11] (Acer, Inc.)
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [68922 2007-02-14] (Windows ® 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1206560 2012-11-12] (Ralink Technology Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U0 IPVNMon; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-07 11:34 - 2013-09-07 11:38 - 01081941 _____ (Farbar) C:\Users\Brenda\Downloads\FRST.exe
2013-09-01 20:28 - 2013-09-01 20:28 - 00017460 _____ C:\Users\Brenda\Desktop\DDS a.txt
2013-09-01 20:28 - 2013-09-01 20:28 - 00008556 _____ C:\Users\Brenda\Desktop\Attach a.txt
2013-09-01 20:27 - 2013-09-01 20:27 - 00008556 _____ C:\Users\Brenda\Desktop\attach.txt
2013-09-01 20:27 - 2013-09-01 20:26 - 00017460 _____ C:\Users\Brenda\Desktop\dds.txt
2013-09-01 20:05 - 2013-09-01 20:05 - 00688992 ____R (Swearware) C:\Users\Brenda\Desktop\dds.com
2013-09-01 08:07 - 2013-09-01 08:07 - 00001934 _____ C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
2013-09-01 08:03 - 2013-09-01 08:03 - 00000000 ____D C:\Users\Brenda\Downloads\NETGEAR
2013-08-30 10:55 - 2013-08-30 10:56 - 00000000 ____D C:\Users\Brenda\Desktop\Computer Scanning Tools
2013-08-29 20:36 - 2013-08-29 20:36 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
2013-08-29 20:35 - 2013-08-29 20:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-29 20:35 - 2013-08-29 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 20:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 20:15 - 2013-08-29 20:15 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Brenda\Downloads\mbam-clean-1.60.2.0003.exe
2013-08-29 11:25 - 2013-08-29 11:25 - 00010174 _____ C:\Users\Brenda\Desktop\JRT.txt
2013-08-29 10:51 - 2013-08-29 10:51 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 20:07 - 2013-08-28 20:08 - 02347384 _____ (ESET) C:\Users\Brenda\Downloads\esetsmartinstaller_enu.exe
2013-08-28 20:00 - 2013-08-28 20:00 - 00000000 ____D C:\ProgramData\Sophos
2013-08-28 19:56 - 2013-08-28 19:56 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-08-28 19:55 - 2013-08-28 19:55 - 00000000 ____D C:\Program Files\Sophos
2013-08-28 19:28 - 2013-08-28 19:28 - 00000000 ____D C:\Program Files\ESET
2013-08-27 16:15 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-21 10:57 - 2013-08-21 11:06 - 00002194 _____ C:\Users\Brenda\Desktop\Rkill.txt
2013-08-21 10:45 - 2013-08-21 10:45 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-08-21 10:40 - 2013-08-21 10:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-21 10:40 - 2013-08-21 10:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-19 14:27 - 2013-08-19 14:27 - 00000000 ____D C:\ProgramData\䇸Ȕ㺨Ȕ0
2013-08-19 14:08 - 2013-09-07 11:13 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Anvisoft
2013-08-19 14:07 - 2013-09-07 11:13 - 00000000 ____D C:\Program Files\Anvisoft
2013-08-19 14:07 - 2013-08-19 14:07 - 00000000 ____D C:\ProgramData\Anvisoft
2013-08-19 12:40 - 2013-08-19 12:41 - 00666633 _____ C:\Users\Brenda\Downloads\adwcleaner.exe
2013-08-18 23:17 - 2013-08-18 23:17 - 00927026 _____ C:\Users\Brenda\AppData\Local\census.cache
2013-08-18 23:11 - 2013-08-18 23:11 - 00185060 _____ C:\Users\Brenda\AppData\Local\ars.cache
2013-08-18 14:53 - 2012-07-26 21:02 - 00257928 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2013-08-18 14:48 - 2013-08-18 14:48 - 00000036 _____ C:\Users\Brenda\AppData\Local\housecall.guid.cache
2013-08-18 14:40 - 2013-08-18 14:41 - 02049128 _____ (Trend Micro Inc.) C:\Users\Brenda\Downloads\HousecallLauncher.exe
2013-08-18 09:36 - 2013-08-18 09:36 - 00000000 ____D C:\ProgramData\䇸ā㺨ā0
2013-08-17 00:26 - 2013-08-17 00:26 - 00000000 __SHD C:\found.000
2013-08-16 23:47 - 2013-09-07 11:26 - 00000000 ____D C:\Program Files\WinZipper
2013-08-16 23:47 - 2013-08-16 23:47 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\WinZipper
2013-08-16 23:25 - 2013-08-16 23:26 - 00641376 _____ C:\Users\Brenda\Downloads\FlvPlayerSetup (1).exe
2013-08-16 23:24 - 2013-08-16 23:25 - 00641376 _____ C:\Users\Brenda\Downloads\FlvPlayerSetup.exe
2013-08-16 22:32 - 2013-08-16 22:32 - 00000000 ____D C:\Program Files\Common Files\337
2013-08-16 22:31 - 2013-08-16 22:31 - 00000539 _____ C:\Windows\KB893803v2.log
2013-08-16 22:31 - 2013-08-16 22:31 - 00000258 __RSH C:\Users\Brenda\ntuser.pol
2013-08-16 22:31 - 2013-08-16 22:30 - 00773712 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-08-16 22:31 - 2013-08-16 22:30 - 00420944 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-08-16 22:18 - 2013-08-16 22:18 - 00000000 ____D C:\ProgramData\䇸¡㺨¡0
2013-08-16 15:42 - 2013-08-16 15:42 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Mozilla
2013-08-16 15:42 - 2013-08-16 15:42 - 00000000 ____D C:\Users\Brenda\AppData\Local\avgchrome
2013-08-16 15:41 - 2013-08-16 22:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-16 15:40 - 2013-08-16 22:14 - 00000418 _____ C:\Windows\Tasks\At1.job
2013-08-15 17:04 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 17:04 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 17:04 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 17:04 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 17:04 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 17:04 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-15 17:04 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-15 17:04 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 17:04 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 17:04 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 17:04 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 17:04 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-15 17:04 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-15 17:04 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 17:04 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 17:04 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 20:33 - 2013-07-17 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 20:33 - 2013-07-10 04:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 20:33 - 2013-07-09 07:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 20:33 - 2013-07-07 23:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 20:33 - 2013-07-07 23:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 20:33 - 2013-07-04 23:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 20:33 - 2013-06-15 08:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-14 20:33 - 2013-06-15 06:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 20:32 - 2013-07-07 23:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 20:32 - 2013-07-07 23:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 20:32 - 2013-07-07 23:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 20:32 - 2013-07-07 23:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-12 13:08 - 2013-08-12 13:08 - 00000240 _____ C:\Users\Brenda\Desktop\Netflix - Watch TV Shows Online, Watch Movies Online.url
2013-08-12 13:04 - 2013-08-12 13:04 - 00000250 _____ C:\Users\Brenda\Desktop\Peoples National Bank.url

==================== One Month Modified Files and Folders =======

2013-09-07 12:56 - 2012-04-09 16:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-07 12:43 - 2012-03-11 16:34 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000UA.job
2013-09-07 11:48 - 2009-04-28 22:44 - 02005564 _____ C:\Windows\WindowsUpdate.log
2013-09-07 11:38 - 2013-09-07 11:38 - 00000000 ____D C:\FRST
2013-09-07 11:38 - 2013-09-07 11:34 - 01081941 _____ (Farbar) C:\Users\Brenda\Downloads\FRST.exe
2013-09-07 11:26 - 2013-08-16 23:47 - 00000000 ____D C:\Program Files\WinZipper
2013-09-07 11:25 - 2009-07-11 21:51 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-09-07 11:23 - 2009-04-28 22:49 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2013-09-07 11:23 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 11:23 - 2006-11-02 07:45 - 00005168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 11:23 - 2006-11-02 07:45 - 00005168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-07 11:19 - 2006-11-02 07:58 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-07 11:13 - 2013-08-19 14:08 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Anvisoft
2013-09-07 11:13 - 2013-08-19 14:07 - 00000000 ____D C:\Program Files\Anvisoft
2013-09-05 13:39 - 2012-03-11 16:34 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000Core.job
2013-09-05 02:51 - 2009-08-27 17:56 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\HpUpdate
2013-09-04 20:42 - 2012-03-11 16:35 - 00002049 _____ C:\Users\Brenda\Desktop\Google Chrome.lnk
2013-09-01 20:28 - 2013-09-01 20:28 - 00017460 _____ C:\Users\Brenda\Desktop\DDS a.txt
2013-09-01 20:28 - 2013-09-01 20:28 - 00008556 _____ C:\Users\Brenda\Desktop\Attach a.txt
2013-09-01 20:27 - 2013-09-01 20:27 - 00008556 _____ C:\Users\Brenda\Desktop\attach.txt
2013-09-01 20:26 - 2013-09-01 20:27 - 00017460 _____ C:\Users\Brenda\Desktop\dds.txt
2013-09-01 20:05 - 2013-09-01 20:05 - 00688992 ____R (Swearware) C:\Users\Brenda\Desktop\dds.com
2013-09-01 18:51 - 2012-10-21 13:07 - 00000310 _____ C:\Windows\lexstat.ini
2013-09-01 08:12 - 2006-11-02 05:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-01 08:09 - 2013-04-03 20:32 - 00009683 _____ C:\Windows\system32\RaCoInst.log
2013-09-01 08:08 - 2009-07-11 21:51 - 00000000 ____D C:\Users\Brenda
2013-09-01 08:07 - 2013-09-01 08:07 - 00001934 _____ C:\Users\Public\Desktop\NETGEAR WNDA4100 Genie.lnk
2013-09-01 08:03 - 2013-09-01 08:03 - 00000000 ____D C:\Users\Brenda\Downloads\NETGEAR
2013-08-31 19:13 - 2009-07-12 00:16 - 00030344 _____ C:\Users\Brenda\AppData\Roaming\wklnhst.dat
2013-08-30 10:56 - 2013-08-30 10:55 - 00000000 ____D C:\Users\Brenda\Desktop\Computer Scanning Tools
2013-08-30 10:10 - 2010-11-11 08:35 - 00000000 ____D C:\Windows\Minidump
2013-08-29 20:36 - 2013-08-29 20:36 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Malwarebytes
2013-08-29 20:36 - 2013-08-29 20:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-29 20:35 - 2013-08-29 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 20:24 - 2008-01-20 22:02 - 00742726 _____ C:\Windows\PFRO.log
2013-08-29 20:15 - 2013-08-29 20:15 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Brenda\Downloads\mbam-clean-1.60.2.0003.exe
2013-08-29 12:55 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\system32\spool
2013-08-29 11:25 - 2013-08-29 11:25 - 00010174 _____ C:\Users\Brenda\Desktop\JRT.txt
2013-08-29 10:57 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Web
2013-08-29 10:51 - 2013-08-29 10:51 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 20:08 - 2013-08-28 20:07 - 02347384 _____ (ESET) C:\Users\Brenda\Downloads\esetsmartinstaller_enu.exe
2013-08-28 20:00 - 2013-08-28 20:00 - 00000000 ____D C:\ProgramData\Sophos
2013-08-28 19:56 - 2013-08-28 19:56 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2013-08-28 19:55 - 2013-08-28 19:55 - 00000000 ____D C:\Program Files\Sophos
2013-08-28 19:28 - 2013-08-28 19:28 - 00000000 ____D C:\Program Files\ESET
2013-08-21 21:06 - 2009-03-12 16:49 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-08-21 11:06 - 2013-08-21 10:57 - 00002194 _____ C:\Users\Brenda\Desktop\Rkill.txt
2013-08-21 10:45 - 2013-08-21 10:45 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-08-21 10:44 - 2013-08-21 10:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-21 10:40 - 2013-08-21 10:40 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-19 14:27 - 2013-08-19 14:27 - 00000000 ____D C:\ProgramData\䇸Ȕ㺨Ȕ0
2013-08-19 14:07 - 2013-08-19 14:07 - 00000000 ____D C:\ProgramData\Anvisoft
2013-08-19 14:07 - 2009-07-19 13:23 - 00006144 _____ C:\Users\Brenda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-19 12:41 - 2013-08-19 12:40 - 00666633 _____ C:\Users\Brenda\Downloads\adwcleaner.exe
2013-08-18 23:17 - 2013-08-18 23:17 - 00927026 _____ C:\Users\Brenda\AppData\Local\census.cache
2013-08-18 23:11 - 2013-08-18 23:11 - 00185060 _____ C:\Users\Brenda\AppData\Local\ars.cache
2013-08-18 14:48 - 2013-08-18 14:48 - 00000036 _____ C:\Users\Brenda\AppData\Local\housecall.guid.cache
2013-08-18 14:41 - 2013-08-18 14:40 - 02049128 _____ (Trend Micro Inc.) C:\Users\Brenda\Downloads\HousecallLauncher.exe
2013-08-18 09:36 - 2013-08-18 09:36 - 00000000 ____D C:\ProgramData\䇸ā㺨ā0
2013-08-17 00:26 - 2013-08-17 00:26 - 00000000 __SHD C:\found.000
2013-08-16 23:47 - 2013-08-16 23:47 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\WinZipper
2013-08-16 23:26 - 2013-08-16 23:25 - 00641376 _____ C:\Users\Brenda\Downloads\FlvPlayerSetup (1).exe
2013-08-16 23:25 - 2013-08-16 23:24 - 00641376 _____ C:\Users\Brenda\Downloads\FlvPlayerSetup.exe
2013-08-16 22:32 - 2013-08-16 22:32 - 00000000 ____D C:\Program Files\Common Files\337
2013-08-16 22:31 - 2013-08-16 22:31 - 00000539 _____ C:\Windows\KB893803v2.log
2013-08-16 22:31 - 2013-08-16 22:31 - 00000258 __RSH C:\Users\Brenda\ntuser.pol
2013-08-16 22:30 - 2013-08-16 22:31 - 00773712 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-08-16 22:30 - 2013-08-16 22:31 - 00420944 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-08-16 22:29 - 2013-08-16 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-16 22:29 - 2006-11-02 06:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-08-16 22:18 - 2013-08-16 22:18 - 00000000 ____D C:\ProgramData\䇸¡㺨¡0
2013-08-16 22:14 - 2013-08-16 15:40 - 00000418 _____ C:\Windows\Tasks\At1.job
2013-08-16 15:42 - 2013-08-16 15:42 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Mozilla
2013-08-16 15:42 - 2013-08-16 15:42 - 00000000 ____D C:\Users\Brenda\AppData\Local\avgchrome
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-15 18:10 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2013-08-15 18:08 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-15 17:21 - 2013-07-13 17:01 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 17:16 - 2006-11-02 05:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-15 17:13 - 2009-03-12 16:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-12 13:08 - 2013-08-12 13:08 - 00000240 _____ C:\Users\Brenda\Desktop\Netflix - Watch TV Shows Online, Watch Movies Online.url
2013-08-12 13:04 - 2013-08-12 13:04 - 00000250 _____ C:\Users\Brenda\Desktop\Peoples National Bank.url

Files to move or delete:
====================
C:\Users\Brenda\AppData\Local\Temp\rtdrvmon.exe
C:\Windows\Tasks\At1.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-07 11:30

==================== End Of Log ============================



#5 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 07 September 2013 - 01:43 PM

Here is the other one...sorry about the wrong scans.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2013 03
Ran by Brenda at 2013-09-07 12:57:20
Running from C:\Users\Brenda\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 3.8.0.870)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Agere Systems PCI-SV92EX Soft Modem
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
Bing Bar (Version: 7.0.614.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BufferChm (Version: 82.0.173.000)
Choice Guard (Version: 1.2.87.0)
Cisco Connect (Version: 1.4.11266.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.1)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink DVD Suite (Version: 6.0.2110)
CyberLink LabelPrint (Version: 2.0.3111)
CyberLink Power2Go (Version: 6.0.2115)
CyberLink PowerDVD (Version: 7.0.3409.a)
D1400 (Version: 82.0.201.000)
D1400_Help (Version: 82.0.201.000)
Deal Info (Version: 2008.1.22.0)
DefaultTab (Version: 2.2.16.0)
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.24.5)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
dj_sf_ProductContext (Version: 82.0.201.000)
dj_sf_software (Version: 82.0.201.000)
dj_sf_software_req (Version: 82.0.201.000)
DownloadTerms (HKCU Version: 1.0)
EarthLink FastLane (Version: 5.8.0.13)
EarthLink Software (Version: 2008.1.22.0)
eMachines Games (Version: 1.0.0.52)
eMachines Recovery Management (Version: 3.1.3003)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet 8.0 Software (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Junk Mail filter update (Version: 14.0.8050.1202)
Lexmark 1200 Series
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 82.0.174.000)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft UI Engine (Version: 6.3.2380.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
NETGEAR WNDA4100 Genie (Version: 1.2.0.10)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Drivers
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice.org 3.1 (Version: 3.1.9420)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5628)
Redistributed Files (Version: 2.0.46.0)
ShopAtHome.com Toolbar
SolutionCenter (Version: 82.0.188.000)
Sophos Virus Removal Tool (Version: 2.4)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 110.0.180.000)
StoryBuilder 2.0
SUPERAntiSpyware (Version: 5.6.1032)
Toolbox (Version: 82.0.173.000)
TopArcadeHits
TotalAccess Core Applications (Version: 2008.1.22.0)
TrayApp (Version: 110.0.180.000)
Uninstall Dual Mode Camera
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Zip Opener
WebReg (Version: 82.0.173.000)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
WinZipper (Version: 1.4.8)
Zip Opener Packages
Zynga Toolbar (Version: )
 

==================== Restore Points  =========================

16-08-2013 13:00:55 Scheduled Checkpoint
17-08-2013 07:03:32 Scheduled Checkpoint
18-08-2013 15:55:25 Scheduled Checkpoint
19-08-2013 20:08:33 Windows Backup
20-08-2013 08:33:28 Windows Update
23-08-2013 13:42:40 Windows Update
27-08-2013 21:15:19 Windows Update
27-08-2013 22:00:13 Windows Update
29-08-2013 00:53:18 Installed Sophos Virus Removal Tool.
29-08-2013 16:07:13 Windows Defender Checkpoint
01-09-2013 13:06:10 Configured NETGEAR WNDA4100 Genie
07-09-2013 16:44:46 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {014AF69B-3B0E-4339-B485-88B65D153E35} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000Core => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11] (Google Inc.)
Task: {12051567-C9C8-48B1-A031-3426FAE0ACD9} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2545DF16-F9ED-4733-BD02-B9E8FC4905A7} - System32\Tasks\User_Feed_Synchronization-{C9054F44-DBA9-4E9D-A941-223EBC0B289E} => C:\Windows\system32\msfeedssync.exe [2012-03-04] (Microsoft Corporation)
Task: {39924D0C-86BB-4F3F-AE1A-35E5C637A05C} - System32\Tasks\At1 => C:\Users\Brenda\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: {4389A176-27F7-447C-952E-14675E7099C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {6FE8C69F-F3C8-4581-BF48-ECB308077A9D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17] (Adobe Systems Incorporated)
Task: {73E93328-E75E-4697-9E8C-F07B89CE9FE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000UA => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11] (Google Inc.)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8DFA0577-D578-45CE-88CA-412719E11BFE} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {8ED30BC3-F64E-4E12-8475-4E644B15677D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2008-01-20] (Microsoft Corporation)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {B4957CEF-7910-49D2-86E7-986B78D6D4EA} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Brenda => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {CE522337-DB00-4B7E-95E9-20B844458E4D} - \BrowserDefendert No Task File
Task: {CFBFD921-A718-4E45-AFCF-029D9C1B540C} - \EPUpdater No Task File
Task: {D1BAEEF7-F7E6-4CFC-9E30-AAA014EE2E71} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {E5739C00-619C-4666-96CC-0FE3392A5AF3} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-20] (Microsoft Corp.)
Task: {EA7F8103-EA22-40AA-BF2F-B36ECAAA697D} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe
Task: {EF71D55F-AECE-48DC-993E-B66245CFC63A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\Users\Brenda\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000Core.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000UA.job => C:\Users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{C9054F44-DBA9-4E9D-A941-223EBC0B289E}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-01-20 21:32 - 2013-02-19 21:32 - 15413704 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2009-03-12 16:32 - 2008-05-14 02:54 - 02159616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2008-03-25 20:40 - 2008-03-25 20:40 - 00159744 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
2008-03-25 20:40 - 2008-03-25 20:40 - 00047104 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
2008-03-25 20:40 - 2008-03-25 20:40 - 00098304 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
2007-01-18 02:35 - 2007-01-18 02:35 - 00077824 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
2007-01-18 02:35 - 2007-01-18 02:35 - 00253952 _____ (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\Bin\hphtra09.dll
2008-03-25 20:40 - 2008-03-25 20:40 - 00139264 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
2008-03-25 20:49 - 2008-03-25 20:49 - 01015808 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
2006-12-10 21:52 - 2006-12-10 21:52 - 00290816 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll
2006-12-11 23:45 - 2006-12-11 23:45 - 00299008 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
2008-03-25 21:27 - 2008-03-25 21:27 - 00061440 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqddusr.dll
2008-03-25 21:27 - 2008-03-25 21:27 - 00188416 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
2006-12-11 23:45 - 2006-12-11 23:45 - 00401408 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
2013-01-09 10:09 - 2013-01-09 10:09 - 00118784 _____ () C:\Program Files\NETGEAR\WNDA4100\Ralink.dll
2012-09-04 13:34 - 2012-09-04 13:34 - 01066856 _____ () C:\Program Files\NETGEAR\WNDA4100\RaWLAPI.dll
2013-04-03 20:30 - 2012-09-04 13:34 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2012-09-04 13:34 - 2012-09-04 13:34 - 00503808 _____ (Ralink Technology, Inc.) C:\Program Files\NETGEAR\WNDA4100\ICSDHCP.dll
2012-04-30 17:18 - 2012-04-30 17:18 - 00235008 _____ (Nicomsoft Ltd.) C:\Windows\system32\WiFiMan.dll
2009-04-16 14:05 - 2009-04-16 14:05 - 01732608 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll
2009-04-16 14:03 - 2009-04-16 14:03 - 00086016 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll
2009-08-18 19:27 - 2009-08-18 19:27 - 00326144 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sofficeapp.dll
2009-08-05 17:05 - 2009-08-05 17:05 - 00949248 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\comphelp4MSC.dll
2009-04-16 14:32 - 2009-04-16 14:32 - 00431104 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
2009-04-16 14:07 - 2009-04-16 14:07 - 00013824 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
2009-04-16 14:29 - 2009-04-16 14:29 - 00143872 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll
2009-04-16 13:57 - 2009-04-16 13:57 - 00597504 _____ (STLport Consulting, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
2009-04-16 14:35 - 2009-04-16 14:35 - 00356864 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\ucbhelper4MSC.dll
2009-04-16 14:08 - 2009-04-16 14:08 - 00094208 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\vos3MSC.dll
2009-04-16 14:45 - 2009-04-16 14:45 - 00024576 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\i18nisolang1MSC.dll
2009-07-17 12:12 - 2009-07-17 12:12 - 03121664 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sfxmi.dll
2009-04-16 16:11 - 2009-04-16 16:11 - 00849408 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwemi.dll
2009-04-16 16:09 - 2009-04-16 16:09 - 00299008 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwimi.dll
2009-04-16 14:59 - 2009-04-16 14:59 - 00465920 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\utlmi.dll
2009-04-16 14:56 - 2009-04-16 14:56 - 00510464 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\tlmi.dll
2009-07-17 11:06 - 2009-07-17 11:06 - 00574464 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\basegfxmi.dll
2009-07-28 04:43 - 2009-07-28 04:43 - 03073024 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\vclmi.dll
2009-04-16 15:03 - 2009-04-16 15:03 - 00257024 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sotmi.dll
2009-04-22 19:03 - 2009-04-22 19:03 - 00067072 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\i18nutilMSC.dll
2009-04-16 14:30 - 2009-04-16 14:30 - 00949760 _____ (IBM Corporation and others) C:\Program Files\OpenOffice.org 3\Basis\program\icuuc40.dll
2009-04-16 14:30 - 2009-04-16 14:30 - 13912064 _____ (IBM Corporation and others) C:\Program Files\OpenOffice.org 3\Basis\program\icudt40.dll
2009-04-16 15:35 - 2009-04-16 15:35 - 00730624 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\svlmi.dll
2009-07-17 11:38 - 2009-07-17 11:38 - 02886656 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\svtmi.dll
2009-07-28 05:06 - 2009-07-28 05:06 - 01870336 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\tkmi.dll
2009-06-10 11:28 - 2009-06-10 11:28 - 00089600 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-04-16 17:02 - 2009-04-16 17:02 - 01310720 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sbmi.dll
2009-04-16 14:59 - 2009-04-16 14:59 - 00529920 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\xcrmi.dll
2009-04-16 14:39 - 2009-04-16 14:39 - 00080384 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\saxmi.dll
2009-04-16 15:43 - 2009-04-16 15:43 - 00032768 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\jmi_g.dll
2009-04-16 14:31 - 2009-04-16 14:31 - 00024064 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\jvmaccess3MSC.dll
2009-06-26 10:34 - 2009-06-26 10:34 - 00052224 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll
2009-04-16 14:44 - 2009-04-16 14:44 - 00453632 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
2009-04-16 14:11 - 2009-04-16 14:11 - 00093184 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll
2009-04-16 14:09 - 2009-04-16 14:09 - 00078336 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll
2009-04-16 14:29 - 2009-04-16 14:29 - 00012800 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\unsafe_uno_uno.dll
2009-04-16 14:29 - 2009-04-16 14:29 - 00018432 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\purpenvhelper3MSC.dll
2009-04-16 15:03 - 2009-04-16 15:03 - 01432064 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\configmgr2.uno.dll
2009-04-16 14:44 - 2009-04-16 14:44 - 00092672 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll
2009-04-16 15:01 - 2009-04-16 15:01 - 00037888 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sysmgr1.uno.dll
2009-04-16 14:40 - 2009-04-16 14:40 - 00135680 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\sax.uno.dll
2009-04-16 15:17 - 2009-04-16 15:17 - 00030208 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\localebe1.uno.dll
2009-04-16 15:01 - 2009-04-16 15:01 - 00031232 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\behelper.uno.dll
2009-07-02 16:06 - 2009-07-02 16:06 - 00197632 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\ucb1.dll
2009-04-16 16:11 - 2009-04-16 16:11 - 00106496 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwlmi.dll
2009-07-02 16:10 - 2009-07-02 16:10 - 00243712 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\ucpfile1.dll
2009-04-16 16:14 - 2009-04-16 16:14 - 01880064 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\fwkmi.dll
2009-07-17 16:14 - 2009-07-17 16:14 - 00089088 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\oooimprovementmi.dll
2009-07-17 17:24 - 2009-07-17 17:24 - 00280576 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\oleautobridge.uno.dll
2009-04-16 14:39 - 2009-04-16 14:39 - 00148992 _____ (Sun Microsystems, Inc.) C:\Program Files\OpenOffice.org 3\Basis\program\emsermi.dll
2008-03-25 20:49 - 2008-03-25 20:49 - 00466944 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll
2008-03-25 20:49 - 2008-03-25 20:49 - 00266240 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
2008-03-25 20:49 - 2008-03-25 20:49 - 00212992 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll
2008-03-25 20:49 - 2008-03-25 20:49 - 00011264 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqstv08.rsc
2008-03-25 20:49 - 2008-03-25 20:49 - 00925696 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
2007-01-18 02:35 - 2007-01-18 02:35 - 00065536 _____ (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll
2013-07-17 09:00 - 2013-07-17 09:00 - 00463272 _____ (Oracle Corporation) C:\Program Files\Java\jre7\bin\ssv.dll
2013-07-17 09:00 - 2013-07-17 09:00 - 00171944 _____ (Oracle Corporation) C:\Program Files\Java\jre7\bin\jp2ssv.dll
2013-07-17 08:55 - 2013-07-17 08:55 - 16230792 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash32_11_8_800_94.ocx
2009-03-12 16:41 - 2010-09-02 10:25 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2013-07-17 08:55 - 2013-07-17 08:55 - 00479112 _____ (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Brenda\Desktop\Bing.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Genealogy, Family Trees and Family History Records online - Ancestry.com.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\MSN Games - Free Online Games.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Netflix - Watch TV Shows Online, Watch Movies Online.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\NOAA's National Weather Service.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Peoples National Bank.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Recipes - All Recipes.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\The Official Site of the PGA TOUR - PGATOUR.com.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\TV Listings - Find Local TV Shows and Movie Schedules - Listings Grid  TVGuide.com.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Walmart.com - Save money. Live better..url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Welcome to Facebook!  Facebook.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Welcome to First Bank of Carmi.url:favicon
AlternateDataStreams: C:\Users\Brenda\Desktop\Yahoo! Games - Games and Online Games.url:favicon
AlternateDataStreams: C:\Users\Brenda\Documents\Re_ What I need to enter your order (qualitylogoproducts).eml:OECustomProperty

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2013 11:25:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:25:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:25:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:25:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:24:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2013 11:05:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:05:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:05:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:05:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2013 11:04:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/07/2013 11:25:16 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/07/2013 11:05:18 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/05/2013 10:24:46 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/05/2013 10:23:06 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:21:34 PM on 9/5/2013 was unexpected.

Error: (09/05/2013 07:11:43 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name.  The server could not start.

Error: (09/02/2013 08:51:56 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (09/01/2013 05:59:00 PM) (Source: i8042prt) (User: )
Description: An error occurred while enabling the mouse to transmit information.  The device has been reset in an attempt to make the device functional.

Error: (09/01/2013 07:40:22 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name.  The server could not start.

Error: (08/31/2013 03:54:22 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (08/30/2013 10:55:04 AM) (Source: Service Control Manager) (User: )
Description: Windows Font Cache Service%%1053

Microsoft Office Sessions:
=========================
Error: (01/26/2013 11:01:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 208 seconds with 180 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-08-30 10:20:49.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:20:48.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:20:47.417
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:20:46.232
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:20:45.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:20:43.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:16:38.270
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:16:37.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:16:36.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-30 10:16:35.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asdrs.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 1789.76 MB
Available physical RAM: 844.5 MB
Total Pagefile: 3829.93 MB
Available Pagefile: 2398.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:136.05 GB) (Free:70.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 15265156)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=136 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:01 AM

Posted 07 September 2013 - 03:55 PM

Hi soule2soule
 

Sorry, I guess I grabbed one of the wrong logs...here is frst!

You had me going then. :)
I get the notifications on my phone if i'm not online..... i saw the original post and thought, why have they posted a DDS log??
But, panic over.

Yes, the FRST report does confirm that Zero Access was present.
Nice one to boopme for picking that up.

Let's get rid of it for you then.

Step 1
Please download the attached fixlist.txt file ( bottom of this post) and save it to the Download folder. (that's where FRST is stored on your system)
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop [in your case... the Download folder] (Fixlog.txt). Please post this in your next reply.


Step 2
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Step 3
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    In your next reply, please submit:
    FRST fix report
    Combofix.txt

    Attached File  fixlist.txt   2.92KB   5 downloads


    Thanks.

BBPP6nz.png


#7 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 07 September 2013 - 09:50 PM

Ok, here they are!

 

  ComboFix 13-09-06.01 - Brenda 09/07/2013  20:28:52.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1790.943 [GMT -5:00]
Running from: c:\users\Brenda\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\337
c:\program files\Common Files\337\libcef\1.1364.1123\icudt.dll
c:\program files\Common Files\337\libcef\1.1364.1123\libcef.dll
c:\program files\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
.
.
2013-09-07 16:46 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C27E98A2-B5D3-4801-950D-8E8914862D92}\mpengine.dll
2013-09-07 16:38 . 2013-09-08 01:07 -------- d-----w- C:\FRST
2013-08-30 01:36 . 2013-08-30 01:36 -------- d-----w- c:\users\Brenda\AppData\Roaming\Malwarebytes
2013-08-30 01:35 . 2013-08-30 01:35 -------- d-----w- c:\programdata\Malwarebytes
2013-08-30 01:35 . 2013-08-30 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-30 01:35 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-29 15:51 . 2013-08-29 15:51 -------- d-----w- c:\windows\ERUNT
2013-08-29 01:00 . 2013-08-29 01:00 -------- d-----w- c:\programdata\Sophos
2013-08-29 00:56 . 2013-08-29 00:56 73728 ----a-r- c:\users\Brenda\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-29 00:56 . 2013-08-29 00:56 73728 ----a-r- c:\users\Brenda\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-08-29 00:56 . 2013-08-29 00:56 73728 ----a-r- c:\users\Brenda\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-08-29 00:55 . 2013-08-29 00:55 -------- d-----w- c:\program files\Sophos
2013-08-29 00:28 . 2013-08-29 00:28 -------- d-----w- c:\program files\ESET
2013-08-27 21:15 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-21 15:45 . 2013-08-21 15:45 -------- d-----w- c:\users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
2013-08-21 15:40 . 2013-08-21 15:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-21 15:40 . 2013-08-21 15:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-19 19:27 . 2013-08-19 19:27 -------- d-----w- c:\progra~2\0F834~1
2013-08-18 19:53 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-08-18 14:36 . 2013-08-18 14:36 -------- d-----w- c:\progra~2\00C20~1
2013-08-17 05:26 . 2013-08-17 05:26 -------- d-----w- C:\found.000
2013-08-17 04:47 . 2013-09-08 01:42 -------- d-----w- c:\program files\WinZipper
2013-08-17 04:47 . 2013-08-17 04:47 -------- d-----w- c:\users\Brenda\AppData\Roaming\WinZipper
2013-08-17 03:34 . 2013-08-17 03:34 -------- d-----w- c:\program files\Uninstaller
2013-08-17 03:31 . 2013-08-17 03:30 773712 ----a-w- c:\windows\system32\msvcr100.dll
2013-08-17 03:31 . 2013-08-17 03:30 420944 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-17 03:18 . 2013-08-17 03:18 -------- d-----w-0 c:\progra~2\08720~1
2013-08-16 20:42 . 2013-08-16 20:42 -------- d-----w- c:\users\Brenda\AppData\Local\avgchrome
2013-08-16 20:41 . 2013-08-16 20:41 -------- d-----w- c:\windows\system32\Extensions
2013-08-16 20:41 . 2013-08-16 20:41 -------- d-----w- c:\windows\system32\searchplugins
2013-08-15 01:33 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-15 01:33 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 01:33 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-15 01:33 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-15 01:33 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 01:33 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 01:33 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 01:33 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 01:32 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 01:32 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 01:32 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 01:32 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-17 14:00 . 2013-07-17 14:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-17 14:00 . 2012-07-08 03:08 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-17 14:00 . 2010-05-08 03:06 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-17 13:55 . 2012-04-09 21:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-17 13:55 . 2011-06-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-27 23:18 . 2013-04-05 12:31 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 23:18 . 2011-08-01 01:51 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 23:18 . 2009-07-30 23:10 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-02 30192]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"IPInSightMonitor 01"="c:\program files\EarthLink TotalAccess\FastLane2\IPMon32.exe" [2005-08-11 122880]
"IPInSightLAN 01"="c:\program files\EarthLink TotalAccess\FastLane2\IPClient.exe" [2005-08-11 380928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
.
c:\users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
NETGEAR WNDA4100 Genie.lnk - c:\program files\NETGEAR\WNDA4100\WNDA4100.EXE [2013-1-9 4989656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:55]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000Core.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 21:33]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4133376244-1933610931-1277079814-1000UA.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-11 21:33]
.
2011-09-17 c:\windows\Tasks\User_Feed_Synchronization-{C9054F44-DBA9-4E9D-A941-223EBC0B289E}.job
- c:\windows\system32\msfeedssync.exe [2012-03-04 09:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0409&m=el1300g
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: earthlink.net
Trusted Zone: eimg.net
TCP: DhcpNameServer = 192.168.1.1
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Propel Accelerator - c:\program files\EarthLink Accelerator\trayctl.exe
c:\users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK - c:\program files\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
AddRemove-DefaultTab - c:\users\Brenda\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-delta - c:\program files\Delta\delta\1.8.24.5\GUninstaller.exe
AddRemove-Delta Chrome Toolbar - c:\users\Brenda\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
AddRemove-Zynga Toolbar - c:\progra~1\Zynga\UNWISE.EXE
AddRemove-DownloadTerms - c:\users\Brenda\AppData\Local\DownloadTerms\uninst.exe
AddRemove-DSite - c:\users\Brenda\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
AddRemove-Zip Opener Packages - c:\users\Brenda\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\users\Brenda\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-07 21:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-09-07  21:06:12
ComboFix-quarantined-files.txt  2013-09-08 02:05
.
Pre-Run: 76,051,714,048 bytes free
Post-Run: 76,566,511,616 bytes free
.
- - End Of File - - FD964C25B3763A0FDA79A1130C8922A1
EF932EAA6EF4C94E66A7F6CEEC7EB422
 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2013 03
Ran by Brenda at 2013-09-07 20:02:09 Run:1
Running from C:\Users\Brenda\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] -  <===== ATTENTION (ZeroAccess rootkit hidden path)
ShortcutTarget: WKCALREM.LNK -> C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE (No File)
URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
Toolbar: HKLM - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU -Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn0.dll No File
Toolbar: HKCU -No Name - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} -  No File
Toolbar: HKCU -ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976"
CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976
CHR DefaultSuggestURL: (Delta Search) -       "suggest_url": ""
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Update) - C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
U0 IPVNMon; No ImagePath
2013-08-19 14:27 - 2013-08-19 14:27 - 00000000 ____D C:\ProgramData\????0
2013-08-19 14:08 - 2013-09-07 11:13 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Anvisoft
2013-08-19 14:07 - 2013-09-07 11:13 - 00000000 ____D C:\Program Files\Anvisoft
2013-08-19 14:07 - 2013-08-19 14:07 - 00000000 ____D C:\ProgramData\Anvisoft
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-16 15:41 - 2013-08-16 15:41 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-09-07 11:13 - 2013-08-19 14:08 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Anvisoft
2013-08-16 22:18 - 2013-08-16 22:18 - 00000000 ____D C:\ProgramData\?¡?¡0
2013-08-18 09:36 - 2013-08-18 09:36 - 00000000 ____D C:\ProgramData\?a?a0
C:\Users\Brenda\AppData\Local\Temp\rtdrvmon.exe
C:\Windows\Tasks\At1.job
Task: {CE522337-DB00-4B7E-95E9-20B844458E4D} - \BrowserDefendert No Task File
Task: {CFBFD921-A718-4E45-AFCF-029D9C1B540C} - \EPUpdater No Task File

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Value deleted successfully.
HKCR\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key deleted successfully.
HKCR\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Value deleted successfully.
HKCR\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully.
HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => Value deleted successfully.
HKCR\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => Value deleted successfully.
HKCR\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Value deleted successfully.
HKCR\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} => Key not found.
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (Delta Search) - http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D07F28C68E137B91&affID=119351&tsp=4976 ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Delta Search) -       "suggest_url": "" ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll not found.
C:\Users\Brenda\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
IPVNMon => Service deleted successfully.

"C:\ProgramData\????0" directory move:

Could not move "C:\ProgramData\????0" directory. => Scheduled to move on reboot.

C:\Users\Brenda\AppData\Roaming\Anvisoft => Moved successfully.
C:\Program Files\Anvisoft => Moved successfully.
C:\ProgramData\Anvisoft => Moved successfully.
C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender => Moved successfully.
C:\Users\Brenda\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z => Moved successfully.
"C:\Users\Brenda\AppData\Roaming\Anvisoft" => File/Directory not found.

"C:\ProgramData\?¡?¡0" directory move:

Could not move "C:\ProgramData\?¡?¡0" directory. => Scheduled to move on reboot.

"C:\ProgramData\?a?a0" => File/Directory not found.
C:\Users\Brenda\AppData\Local\Temp\rtdrvmon.exe => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE522337-DB00-4B7E-95E9-20B844458E4D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE522337-DB00-4B7E-95E9-20B844458E4D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFBFD921-A718-4E45-AFCF-029D9C1B540C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFBFD921-A718-4E45-AFCF-029D9C1B540C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.

=========== Result of Scheduled Files to move ===========

"C:\ProgramData\????0" => Directory could not move.
"C:\ProgramData\?¡?¡0" => Directory could not move.

==== End of Fixlog ====



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:01 AM

Posted 08 September 2013 - 04:53 AM

Hi soule2soule


Step 1
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
Folder::
c:\progra~2\0F834~1
c:\progra~2\00C20~1
c:\progra~2\08720~1

RegLock:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Or just save the attachment at the end of this post (to your desktop) and use that.
It's exactly the same file ( no need to name it as it's already named)


The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
cf.gif

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash



Step 2
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
It won't save a report, only tell you on the screen how much has been removed.
As long as it runs.... that's good enough.



In your next reply, please submit:
new Combofix.txt
also let me know how the system is running.... any problems?


Attached File  CFScript.txt   372bytes   1 downloads


Thanks.

BBPP6nz.png


#9 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 08 September 2013 - 12:32 PM

Just to be sure I understand.  Am I supposed to just drag and drop the file and it will run combofix on its' own or do I have to click on combofix and run it again?



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:01 AM

Posted 08 September 2013 - 01:26 PM

just drag and drop the file and it will run combofix on its' own

Yes, once the file has been dropped on top of the Combofix icon, Combofix will run automatically.

BBPP6nz.png


#11 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 08 September 2013 - 04:20 PM

Folder::
c:\progra~2\0F834~1
c:\progra~2\00C20~1
c:\progra~2\08720~1

RegLock:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

 

 

had to reboot after each process.  seemed to lock up after tfc so had to shut down and reboot on that one.  After reboot seems to be running ok.



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:01 AM

Posted 09 September 2013 - 12:23 AM

Hi soule2soule

Could you please post the combofix report from after running the fix.
There should be a copy saved at .......C:\ComboFix.txt

Thanks

BBPP6nz.png


#13 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 09 September 2013 - 02:00 PM

Thought that is what I sent.  I will double check...



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:01 AM

Posted 09 September 2013 - 02:03 PM

The combofix.txt should look similar to the first one you posted.

BBPP6nz.png


#15 soule2soule

soule2soule
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:01 PM

Posted 09 September 2013 - 03:03 PM

could not find any such txt file.  tried to open the program and see if there was a log for the txt files and it ran the scan again.  was advised to turn off avast so I disabled that and am posting this to let you know what is happening.  I am proceeding with the scan as the window has already closed and will update in a few.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users