Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICSPA Scam (FBI CyberCrime Division virus)


  • This topic is locked This topic is locked
16 replies to this topic

#1 joesus

joesus

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 04 September 2013 - 12:53 AM

Hello, I was looking for some help regarding the FBI CyberCrime Division virus from my computer. 

 

The virus first appeared on my computer this past Thursday and I was able to force shut down on my computer and restart the system entering safe mode. From there I ran a system restore and following that I was given information from friends for how to supposedly remove the virus from my computer.

 

The link suggested I download and run scans from Malware Bytes and Hitman Pro so I did. I also ran a Norton scan while I was at it since it's the main virus protection I use on my computer. 

 

None of the scans turned up anything malicious and I was able to use my computer still, but I am not entirely convinced that the virus is gone from my system. 

 

It seems to be operating slower than it normally would. I had to uninstall and then reinstall Chrome and had difficulties with it to the point where I had to create a new account to be logged in as. 

 

Lately I'll have my broswer just freeze for no reason. I'll get the "not responding" message at the top of the window and I have to give it about a minute before it starts working properly again. Things just seem to really lag and I continue to run Norton scans which seem to turn up something every day now, but it says it's nothing more than tracking cookies. 

 

I'd appreciate any further tips or suggestions for how to make sure I've gotten rid of the virus from my computer. I've talked to others who have encountered it and said that even after an initial sweep the virus reappeared at a later time and was harder the second time around to do anything about, so I would like to avoid it coming to that especially since I rely on my computer for my college classes and such. 

 

Thank you. 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 09 September 2013 - 12:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506644 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 PM

Posted 11 September 2013 - 09:49 AM

Greetings joesus and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 joesus

joesus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 11 September 2013 - 05:02 PM

Thank you for your reply, Gary. You can call me Anna and I will do my best to follow all of your instructions and reply in a timely fashion so that we can work on this problem together. Below I have copy and pasted the results of the logs as you instructed: 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 01
Ran by Anna (administrator) on ANNA-HP on 11-09-2013 17:54:10
Running from C:\Users\Anna\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-07-21] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Policies\Explorer: [NofolderOptions] 0
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {185A4F9B-A435-46C2-9767-FC8DD2FD52B5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -  No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 16 C:\Windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{640E2870-B4F2-4D51-A3D2-916027A51253}: [NameServer]205.152.37.23
 
FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3ty6ck20.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: jid0-0PGffAcVvhUBieFYkRVVc5w6lIU - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3ty6ck20.default\Extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3ty6ck20.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3ty6ck20.default\Extensions\{4de46b94-1b91-474a-9ae5-6074f86ef7e9}.xpi
FF Extension: No Name - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3ty6ck20.default\Extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-29] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
 
==================== Drivers (Whitelisted) ====================
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-29] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-29] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130910.001\IDSvia64.sys [520280 2013-08-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130910.001\IDSvia64.sys [520280 2013-08-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130911.004\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130911.004\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130911.004\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130911.004\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-11 17:53 - 2013-09-11 17:53 - 01949288 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-09-11 14:37 - 2013-09-11 14:37 - 00844288 _____ C:\Users\Anna\Downloads\ECON1100_Chapter 1_lecture.ppt
2013-09-11 14:21 - 2013-09-11 14:23 - 00000000 ____D C:\Users\Anna\Downloads\Economics
2013-09-10 23:16 - 2013-09-10 23:16 - 09430408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-09 16:00 - 2013-09-09 16:00 - 00000000 ____D C:\Users\Anna\AppData\Local\{94866C27-7829-4EFA-807E-A502D540D55F}
2013-09-08 13:50 - 2013-09-11 09:32 - 00000000 ___RD C:\Users\Anna\Google Drive
2013-09-08 13:50 - 2013-09-08 13:50 - 00001693 _____ C:\Users\Anna\Desktop\Google Drive.lnk
2013-09-08 13:47 - 2013-09-08 13:47 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-09-08 13:47 - 2013-09-08 13:47 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-09-08 13:47 - 2013-09-08 13:47 - 00002028 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-09-08 13:35 - 2013-09-08 13:35 - 00784832 _____ (Google Inc.) C:\Users\Anna\Downloads\googledrivesync.exe
2013-09-08 12:55 - 2013-09-08 12:55 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-08 12:54 - 2013-09-08 12:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-08 12:54 - 2013-09-08 12:55 - 00000000 ____D C:\Program Files\iTunes
2013-09-08 12:54 - 2013-09-08 12:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-08 12:54 - 2013-09-08 12:54 - 00000000 ____D C:\Program Files\iPod
2013-08-31 12:19 - 2013-09-10 10:12 - 00000000 ____D C:\Users\Anna\Downloads\Research Methods
2013-08-29 23:09 - 2013-09-04 13:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-29 23:05 - 2013-09-11 17:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 23:05 - 2013-09-11 09:32 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 23:05 - 2013-09-08 13:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-29 23:05 - 2013-08-29 23:05 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-29 23:05 - 2013-08-29 23:05 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-29 16:56 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-29 16:56 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-29 16:56 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-29 16:56 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-29 16:56 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-29 16:56 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-29 16:56 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-29 16:56 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-29 16:56 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-29 16:56 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-29 16:56 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-29 16:56 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-29 16:56 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-29 16:56 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-29 16:56 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-29 16:56 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-29 16:56 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-29 16:56 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-29 16:56 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-29 16:56 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-29 16:55 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-29 16:55 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-29 16:55 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-29 16:55 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-29 16:55 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-29 16:55 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-29 16:55 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-29 16:55 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-29 16:55 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-29 16:55 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-29 16:55 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-29 12:16 - 2013-08-29 12:16 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-29 12:16 - 2013-08-29 12:16 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-29 12:16 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-29 12:16 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-29 12:16 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-29 12:16 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-29 12:16 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-29 12:16 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-29 12:16 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-29 12:16 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-29 12:10 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-29 12:10 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-29 12:06 - 2013-08-29 12:34 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 12:05 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-29 12:05 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-29 12:04 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-29 12:04 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-29 12:04 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-29 12:04 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-29 11:49 - 2013-08-29 11:49 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 11:49 - 2013-08-29 11:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 11:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 09:28 - 2013-08-29 09:31 - 00000000 ____D C:\ProgramData\vqan
2013-08-17 16:13 - 2013-08-25 22:10 - 00000000 ____D C:\Users\Anna\Downloads\Perspectives in Psychology
 
==================== One Month Modified Files and Folders =======
 
2013-09-11 17:54 - 2013-09-11 17:54 - 00000000 ____D C:\FRST
2013-09-11 17:53 - 2013-09-11 17:53 - 01949288 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-09-11 17:15 - 2013-04-17 13:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 17:10 - 2013-08-29 23:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 16:36 - 2012-01-20 02:42 - 01171166 _____ C:\Windows\WindowsUpdate.log
2013-09-11 15:23 - 2012-08-06 16:07 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6015309E-A8FE-4D64-B1D2-6400A3A08A6C}
2013-09-11 14:37 - 2013-09-11 14:37 - 00844288 _____ C:\Users\Anna\Downloads\ECON1100_Chapter 1_lecture.ppt
2013-09-11 14:23 - 2013-09-11 14:21 - 00000000 ____D C:\Users\Anna\Downloads\Economics
2013-09-11 09:39 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 09:39 - 2009-07-14 00:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 09:32 - 2013-09-08 13:50 - 00000000 ___RD C:\Users\Anna\Google Drive
2013-09-11 09:32 - 2013-08-29 23:05 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-11 09:31 - 2012-08-29 00:47 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-09-11 09:31 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 09:31 - 2009-07-14 00:51 - 00069917 _____ C:\Windows\setupact.log
2013-09-10 23:17 - 2013-04-17 13:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-10 23:17 - 2012-10-13 15:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-10 23:17 - 2011-10-26 00:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-10 23:16 - 2013-09-10 23:16 - 09430408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-10 14:53 - 2012-08-29 11:23 - 00000000 ____D C:\Users\Anna\Documents\Youcam
2013-09-10 12:29 - 2012-12-11 14:17 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-10 12:29 - 2012-08-29 00:47 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-09-10 12:29 - 2012-08-07 18:27 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-10 10:12 - 2013-08-31 12:19 - 00000000 ____D C:\Users\Anna\Downloads\Research Methods
2013-09-09 16:00 - 2013-09-09 16:00 - 00000000 ____D C:\Users\Anna\AppData\Local\{94866C27-7829-4EFA-807E-A502D540D55F}
2013-09-08 13:50 - 2013-09-08 13:50 - 00001693 _____ C:\Users\Anna\Desktop\Google Drive.lnk
2013-09-08 13:50 - 2012-08-06 16:01 - 00000000 ____D C:\Users\Anna
2013-09-08 13:47 - 2013-09-08 13:47 - 00002044 _____ C:\Users\Public\Desktop\Google Slides.lnk
2013-09-08 13:47 - 2013-09-08 13:47 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2013-09-08 13:47 - 2013-09-08 13:47 - 00002028 _____ C:\Users\Public\Desktop\Google Docs.lnk
2013-09-08 13:47 - 2013-08-29 23:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-08 13:47 - 2012-08-06 16:12 - 00000000 ____D C:\Users\Anna\AppData\Local\Google
2013-09-08 13:35 - 2013-09-08 13:35 - 00784832 _____ (Google Inc.) C:\Users\Anna\Downloads\googledrivesync.exe
2013-09-08 12:55 - 2013-09-08 12:55 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-08 12:55 - 2013-09-08 12:54 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-08 12:55 - 2013-09-08 12:54 - 00000000 ____D C:\Program Files\iTunes
2013-09-08 12:55 - 2013-09-08 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-08 12:54 - 2013-09-08 12:54 - 00000000 ____D C:\Program Files\iPod
2013-09-05 19:23 - 2012-10-10 21:23 - 00000000 ____D C:\ProgramData\Sendori
2013-09-04 13:30 - 2013-08-29 23:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-04 09:53 - 2009-07-14 01:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 09:46 - 2013-07-20 17:02 - 00000000 ____D C:\Users\Anna\Documents\School
2013-09-03 14:15 - 2013-02-19 16:06 - 00000000 ____D C:\Users\Anna\AppData\Local\NPE
2013-08-31 12:21 - 2012-08-28 23:11 - 00000000 ____D C:\Users\Anna\Downloads\Odds and Ends
2013-08-30 17:54 - 2010-11-20 23:47 - 00572136 _____ C:\Windows\PFRO.log
2013-08-29 23:13 - 2013-07-20 17:22 - 00000000 ____D C:\Users\Anna\Documents\Random
2013-08-29 23:05 - 2013-08-29 23:05 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-29 23:05 - 2013-08-29 23:05 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-29 16:49 - 2012-08-29 16:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-29 12:34 - 2013-08-29 12:06 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 12:16 - 2013-08-29 12:16 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-08-29 12:16 - 2013-08-29 12:16 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-29 11:49 - 2013-08-29 11:49 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 11:49 - 2013-08-29 11:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 11:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-29 11:18 - 2012-10-13 15:19 - 00000000 ____D C:\Windows\system32\Macromed
2013-08-29 11:17 - 2012-01-20 03:30 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-29 11:16 - 2012-01-20 02:58 - 00000000 ____D C:\ProgramData\Norton
2013-08-29 11:16 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-29 11:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-08-29 09:31 - 2013-08-29 09:28 - 00000000 ____D C:\ProgramData\vqan
2013-08-25 22:10 - 2013-08-17 16:13 - 00000000 ____D C:\Users\Anna\Downloads\Perspectives in Psychology
 
Files to move or delete:
====================
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-23 11:13
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 01
Ran by Anna at 2013-09-11 17:55:54
Running from C:\Users\Anna\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (x32 Version: 3.2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
AMD APP SDK Runtime (Version: 2.5.775.2)
AMD Catalyst Install Manager (Version: 3.0.847.0)
AMD Fuel (Version: 2011.0915.1431.24206)
AMD Media Foundation Decoders (Version: 1.0.60915.1416)
AMD Steady Video Plug-In  (Version: 2.02.0000)
AMD VISION Engine Control Center (x32 Version: 2011.0915.1431.24206)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.8188)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.86)
Broadcom Bluetooth Software (Version: 6.5.0.2300)
Broadcom InConcert Maestro (Version: 1.0.5.2300)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0915.1431.24206)
Catalyst Control Center InstallProxy (x32 Version: 2011.0915.1431.24206)
Catalyst Control Center Localization All (x32 Version: 2011.0915.1431.24206)
CCC Help Chinese Standard (x32 Version: 2011.0915.1430.24206)
CCC Help Chinese Traditional (x32 Version: 2011.0915.1430.24206)
CCC Help Czech (x32 Version: 2011.0915.1430.24206)
CCC Help Danish (x32 Version: 2011.0915.1430.24206)
CCC Help Dutch (x32 Version: 2011.0915.1430.24206)
CCC Help English (x32 Version: 2011.0915.1430.24206)
CCC Help Finnish (x32 Version: 2011.0915.1430.24206)
CCC Help French (x32 Version: 2011.0915.1430.24206)
CCC Help German (x32 Version: 2011.0915.1430.24206)
CCC Help Greek (x32 Version: 2011.0915.1430.24206)
CCC Help Hungarian (x32 Version: 2011.0915.1430.24206)
CCC Help Italian (x32 Version: 2011.0915.1430.24206)
CCC Help Japanese (x32 Version: 2011.0915.1430.24206)
CCC Help Korean (x32 Version: 2011.0915.1430.24206)
CCC Help Norwegian (x32 Version: 2011.0915.1430.24206)
CCC Help Polish (x32 Version: 2011.0915.1430.24206)
CCC Help Portuguese (x32 Version: 2011.0915.1430.24206)
CCC Help Russian (x32 Version: 2011.0915.1430.24206)
CCC Help Spanish (x32 Version: 2011.0915.1430.24206)
CCC Help Swedish (x32 Version: 2011.0915.1430.24206)
CCC Help Thai (x32 Version: 2011.0915.1430.24206)
CCC Help Turkish (x32 Version: 2011.0915.1430.24206)
ccc-utility64 (Version: 2011.0915.1431.24206)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
CyberLink YouCam (x32 Version: 3.5.0.4422)
D3DX10 (x32 Version: 15.4.2368.0902)
Dora's World Adventure (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1)
Evernote v. 4.2.3 (x32 Version: 4.2.3.22)
Farm Frenzy (x32 Version: 2.2.0.98)
Farmscapes (x32 Version: 2.2.0.98)
FATE (x32 Version: 2.2.0.97)
Final Drive Fury (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 29.0.1547.66)
Google Drive (x32 Version: 1.11.4865.2530)
Google Update Helper (x32 Version: 1.3.21.153)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HitmanPro 3.7 (Version: 3.7.7.205)
Hoyle Card Games (x32 Version: 2.2.0.95)
HP Application Assistant (Version: 1.0.409.3882)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Documentation (x32 Version: 1.1.0.0)
HP Games (x32 Version: 1.0.2.5)
HP Launch Box (Version: 1.0.11)
HP MovieStore (x32 Version: 2.1.091)
HP MovieStore (x32 Version: 2.1.21091.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.7.2)
HP QuickWeb (x32 Version: 3.1.1.10197)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 1.0.12)
HP Setup (x32 Version: 9.0.15076.3891)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Software Framework (x32 Version: 4.5.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
IDT Audio (x32 Version: 1.0.6365.0)
iTunes (Version: 11.0.5.5)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)
John Deere Drive Green (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Letters from Nowhere 2 (x32 Version: 2.2.0.97)
Luxor HD (x32 Version: 2.2.0.98)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Internet Security (x32 Version: 20.4.0.40)
opensource (x32 Version: 1.0.14960.3876)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Realtek Ethernet Controller Driver (x32 Version: 7.46.610.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.84)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)
Safari (x32 Version: 5.34.57.2)
Sendori (x32 Version: 2.0.15)
Skype™ 5.10 (x32 Version: 5.10.116)
SMPlayer 0.6.9 (x32 Version: 0.6.9)
swMSM (x32 Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.17.0)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)
Torchlight (x32 Version: 2.2.0.98)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update Installer for WildTangent Games App (x32)
uTorrentControl_v2 Toolbar (x32 Version: 6.9.0.16)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
VLC media player 2.0.3 (x32 Version: 2.0.3)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
26-07-2013 03:03:30 Windows Update
15-08-2013 04:01:07 Windows Update
29-08-2013 20:48:26 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0A33E13B-7153-4598-8FF5-25A347A3A8F3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0D829DA2-C723-4F4F-8F29-1A85F49BA5DA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {2FDF1BC8-68FA-4716-88DD-03519F5F6F97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {51661FD6-0737-4777-8F78-EADCAD05813A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-10] (Adobe Systems Incorporated)
Task: {5296A3E1-3F22-4F6A-B7E7-837D2D836814} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5B7B152A-1C30-422D-9CED-386E5206CAB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-29] (Google Inc.)
Task: {77B0418D-2146-4C1B-A12B-D610D8519080} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {7C1817E6-92C6-4197-975A-C65ABA34E757} - System32\Tasks\HPCeeScheduleForAnna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8680D4EE-AB4F-4159-9A68-9BA22607A30B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8EA9B1F1-2E1B-4DE3-A79C-74D69526514B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-06-10] (Hewlett-Packard)
Task: {C02CF2C5-3596-4ED9-B0D1-09024ABB2C81} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D3903900-B7BC-4AE0-B4F8-B48B75BA2952} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
Task: {DBC615ED-96D8-40F1-B4BF-9318E77BC085} - System32\Tasks\User_Feed_Synchronization-{6015309E-A8FE-4D64-B1D2-6400A3A08A6C} => C:\Windows\system32\msfeedssync.exe [2013-03-29] (Microsoft Corporation)
Task: {E2B947AA-E90B-4220-AD36-0FF567E1E838} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3659444195-849669350-1097274478-1002 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {E3911B2F-9F87-471B-989C-B172B2D1FBFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {EFC711DF-3CEE-405A-B0C0-9CD49CEB3609} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-29] (Google Inc.)
Task: {FD32E35A-CDDE-4DCA-904A-94F5A312EF8E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAnna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-21 22:58 - 2011-07-21 22:58 - 00412456 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-07-21 22:58 - 2011-07-21 22:58 - 00226600 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2011-07-21 22:59 - 2011-07-21 22:59 - 10563368 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPRes.dll
2012-01-20 02:51 - 2011-09-08 09:42 - 04113408 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang64.dll
2012-01-20 02:51 - 2011-09-08 09:42 - 00655872 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2011-09-15 18:26 - 2011-09-15 18:26 - 00294912 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-09-15 18:26 - 2011-09-15 18:26 - 00180224 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 17:51 - 2009-01-20 17:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-09-15 18:15 - 2011-09-15 18:15 - 00037376 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.Implementation.dll
2011-09-15 18:15 - 2011-09-15 18:15 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-15 18:29 - 2011-09-15 18:29 - 00027648 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-09-15 18:29 - 2011-09-15 18:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 17:42 - 2011-06-17 17:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 02436608 _____ (Python Software Foundation) C:\Users\Anna\AppData\Local\Temp\_MEI40242\python27.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00098816 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32api.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00110080 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\pywintypes27.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00364544 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\pythoncom27.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00044032 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\_socket.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 01153024 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\_ssl.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00320512 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32com.shell.shell.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00711680 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\_hashlib.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 01175040 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\wx._core_.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 01985024 _____ (wxWidgets development team) C:\Users\Anna\AppData\Local\Temp\_MEI40242\wxbase294u_vc90.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00154112 _____ (wxWidgets development team) C:\Users\Anna\AppData\Local\Temp\_MEI40242\wxbase294u_net_vc90.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 04598272 _____ (wxWidgets development team) C:\Users\Anna\AppData\Local\Temp\_MEI40242\wxmsw294u_core_vc90.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 01234944 _____ (wxWidgets development team) C:\Users\Anna\AppData\Local\Temp\_MEI40242\wxmsw294u_adv_vc90.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00805888 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\wx._gdi_.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00811008 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\wx._windows_.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00595968 _____ (wxWidgets development team) C:\Users\Anna\AppData\Local\Temp\_MEI40242\wxmsw294u_html_vc90.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 01062400 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\wx._controls_.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00735232 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\wx._misc_.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00128512 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\_elementtree.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00127488 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\pyexpat.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00557056 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\pysqlite2._sqlite.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00087040 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\_ctypes.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00119808 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32file.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00108544 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32security.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00018432 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32event.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00038912 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32inet.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00122368 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\wx._wizard.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00686080 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\unicodedata.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00026624 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\_multiprocessing.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00070656 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\wx._html2.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00091648 _____ (wxWidgets development team) C:\Users\Anna\AppData\Local\Temp\_MEI40242\wxmsw294u_webview_vc90.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00010240 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\select.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00025600 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32pdh.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00504832 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\windows._cacheinvalidation.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00421200 _____ (Microsoft Corporation) C:\Users\Anna\AppData\Local\Temp\_MEI40242\MSVCP100.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00773968 _____ (Microsoft Corporation) C:\Users\Anna\AppData\Local\Temp\_MEI40242\MSVCR100.dll
2013-09-11 09:32 - 2013-09-11 09:32 - 00011264 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32crypt.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00035840 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32process.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00017408 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32profile.pyd
2013-09-11 09:32 - 2013-09-11 09:32 - 00022528 _____ () C:\Users\Anna\AppData\Local\Temp\_MEI40242\win32ts.pyd
2013-06-09 11:41 - 2013-05-21 00:44 - 00705928 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccL120U.dll
2013-06-09 11:41 - 2013-05-21 00:44 - 00089480 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccVrTrst.dll
2013-06-09 11:41 - 2013-05-23 01:25 - 00086408 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\EFACli.dll
2013-06-09 11:41 - 2013-05-21 00:44 - 00157576 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvc.dll
2013-06-09 11:41 - 2013-05-21 00:40 - 00410576 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\srtsp32.dll
2013-06-09 11:41 - 2013-05-21 00:44 - 00159624 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccIPC.dll
2013-06-09 11:41 - 2013-06-04 00:42 - 00548688 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\NPCTRAY.DLL
2013-06-09 11:41 - 2013-05-21 00:44 - 00345480 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSet.dll
2013-06-09 11:41 - 2013-06-04 00:43 - 00962384 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\uiMain.dll
2013-06-09 11:41 - 2013-05-28 03:42 - 02430800 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SYMHTMDX.DLL
2013-06-09 11:41 - 2013-05-29 21:22 - 00320816 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diStRptr.dll
2013-06-09 11:41 - 2013-05-29 22:13 - 01337136 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\MClnTask.dll
2013-07-11 11:36 - 2013-06-28 01:17 - 01849168 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\isDataPr.dll
2013-06-09 11:41 - 2013-06-04 00:42 - 00548176 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\ASHELPER.DLL
2013-06-09 11:41 - 2013-06-04 00:42 - 00579408 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\ASOEHOOK.DLL
2013-06-09 11:41 - 2013-05-20 18:50 - 00932176 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\cltPE.dll
2013-07-10 10:15 - 2013-07-03 17:42 - 00821552 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\naHelper.dll
2013-06-09 11:41 - 2013-06-04 00:42 - 00537424 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\AVPAPP32.DLL
2013-06-09 11:41 - 2013-05-21 00:44 - 00401288 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CCJOBMGR.DLL
2013-06-09 11:41 - 2013-05-20 18:50 - 02651472 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CLTALDIS.DLL
2013-06-09 11:41 - 2013-05-23 22:09 - 00502664 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\AVIfc.dll
2013-06-09 11:41 - 2013-06-04 00:42 - 00528208 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\FWSESAL.DLL
2013-06-17 17:31 - 2013-05-20 18:50 - 00536912 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\MUI\20.4.0.40\09\01\cltRes.loc
2013-06-09 11:41 - 2013-05-30 21:46 - 00999760 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coDataPr.dll
2013-06-09 11:41 - 2013-05-30 21:48 - 00551760 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coShdObj.dll
2013-06-09 11:41 - 2013-05-20 18:50 - 01035088 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\cltLMS.dll
2013-06-09 11:41 - 2013-05-30 21:48 - 01397584 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\COACTMGR.DLL
2013-06-09 11:41 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-06-09 11:41 - 2013-05-21 00:44 - 00289160 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccGEvt.dll
2013-06-09 11:41 - 2013-06-04 00:42 - 00502608 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\NUEX.DLL
2013-06-09 11:41 - 2013-05-29 22:13 - 01078576 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\DataStor.dll
2013-06-09 11:41 - 2013-05-29 22:13 - 00965936 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Comm.dll
2013-06-09 11:41 - 2013-06-04 00:43 - 00243024 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\QSPLUGIN.DLL
2013-06-09 11:41 - 2012-05-15 05:27 - 00588216 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\SDKCMN.DLL
2013-06-09 11:41 - 2013-06-04 00:43 - 00916304 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\UIALERT.DLL
2013-06-09 11:41 - 2013-05-29 22:13 - 00028464 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\USERCTXT.DLL
2013-06-09 11:41 - 2013-06-04 00:42 - 03857232 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ncw.dll
2013-07-01 15:28 - 2013-07-01 15:28 - 00275744 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\DynLib.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-09-04 13:30 - 2013-09-02 16:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-04 13:30 - 2013-09-02 16:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-04 13:30 - 2013-09-02 16:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-04 13:30 - 2013-09-02 16:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-04 13:30 - 2013-09-02 16:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-04 13:30 - 2013-09-02 16:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
2013-07-10 12:06 - 2013-07-10 12:06 - 03285912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-10 23:17 - 2013-09-10 23:17 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-08-16 09:07 - 2013-08-16 09:07 - 03008536 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_DSP.DLL
2013-08-16 09:07 - 2013-08-16 09:07 - 00776216 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_SDKMANAGER.DLL
2013-08-16 09:07 - 2013-08-16 09:07 - 00219672 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_MUSICID.DLL
2013-08-16 09:07 - 2013-08-16 09:07 - 00262680 _____ (Gracenote, Inc.) C:\Program Files (x86)\iTunes\GNSDK_SUBMIT.DLL
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\ProgramData\Temp:D3A96964
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2013 01:19:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9444956
 
Error: (09/11/2013 01:19:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9444956
 
Error: (09/11/2013 01:19:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/11/2013 01:19:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9443848
 
Error: (09/11/2013 01:19:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9443848
 
Error: (09/11/2013 01:19:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/11/2013 01:19:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9442850
 
Error: (09/11/2013 01:19:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9442850
 
Error: (09/11/2013 01:19:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/11/2013 01:19:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9441851
 
 
System errors:
=============
Error: (09/11/2013 05:36:02 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/11/2013 01:34:34 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/11/2013 10:14:18 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/11/2013 10:14:18 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/11/2013 10:14:17 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/11/2013 10:14:17 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/11/2013 10:14:16 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (09/10/2013 11:58:57 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/10/2013 07:57:45 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/10/2013 03:56:26 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 73%
Total physical RAM: 3562.91 MB
Available physical RAM: 932.52 MB
Total Pagefile: 7124 MB
Available Pagefile: 3424.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:571.09 GB) (Free:441.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.92 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: B0B9757B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=571 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 PM

Posted 11 September 2013 - 05:28 PM

Hi Anna,

It is my pleasure to help.

Do you recognize this?

C:\ProgramData\vqan

Please consider the following information and perform the steps I have provided.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 joesus

joesus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 12 September 2013 - 12:55 AM

Thank you for the information. I will definitely take that into consideration. Here are the logs from the tasks you asked me to complete: 

 

# AdwCleaner v3.003 - Report created 12/09/2013 at 00:03:55
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anna - ANNA-HP
# Running from : C:\Users\Anna\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SaveValet
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\Users\Anna\AppData\Local\Conduit
Folder Deleted : C:\Users\Anna\AppData\Local\cre
Folder Deleted : C:\Users\Anna\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Anna\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Anna\AppData\LocalLow\uTorrentControl_v2
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B9D71A8-61FE-4DCF-A89A-3FE9FC06E89A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D365ED60-AE49-47A8-96FC-11EDB71CD16F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3ty6ck20.default\prefs.js ]
 
Line Deleted : user_pref("xkit.x1cpostage", "//* VERSION 5.8 REV E **//\r\n//* TITLE One-Click Postage **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* PREFMENU One-Click Postage Settings **//\r\n//* PREFFUNC x1cpostag[...]
Line Deleted : user_pref("xkit.x1cpostage_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2t[...]
Line Deleted : user_pref("xkit.xfollowers", "//* VERSION 4.1 REV C **//\r\n//* INTERVAL 0 **//\r\n//* TITLE Delta Checker **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* DESCRIPTION Check who followed/unfollowed you. [...]
Line Deleted : user_pref("xkit.xinbox", "//* VERSION 4.9 REV C **//\r\n//* INTERVAL 0 **//\r\n//* TITLE XInbox 4.9 **//\r\n//* DESCRIPTION View inbox without leaving dashboard, tag asks and delete multiple messages [...]
Line Deleted : user_pref("xkit.xinbox_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCB[...]
Line Deleted : user_pref("xkit.xkit_installed_extensions", "xkit_main,xkit_required,xkit_preferences,xkit_update_manager,xpreview,xreblogurself,xinbox,xclassictags,x1cpostage,xreply,xfollowers,xgotodash,xquickasks,x[...]
Line Deleted : user_pref("xkit.xkit_installer", "//* VERSION 6.1 REV A **//\r\n// XKit Installer\r\n// Installs XKit. Loaded by bootstrapper.\r\n// © 2011 STUDIOXENIX.com\r\n\r\nvar installer_icon = 'data:image/pn[...]
Line Deleted : user_pref("xkit.xkit_log", "NaNxkit_update_manager</b>:<p>Update Manager 6.0 REV F Working...</p></li>NaNxkit_update_manager</b>:<p>Skipping update checking...</p></li>NaNxkit_package_boot(xreblogurse[...]
Line Deleted : user_pref("xkit.xkit_required", "//* VERSION 6.0 REV C **//\r\n// XKit Required\r\n// Required images and text.\r\n// © 2011 - 2012 STUDIOXENIX.com\r\n\r\n\r\n/*!\r\n * jQuery UI 1.8.18\r\n *\r\n * [...]
Line Deleted : user_pref("xkit.xmutualfollowers", "//* VERSION 1.0 REV C **//\r\n//* INTERVAL 0 **//\r\n//* TITLE Mutual Checker **//\r\n//* DEVELOPER STUDIOXENIX **//\r\n//* DESCRIPTION Check who doesn't follow you[...]
Line Deleted : user_pref("xkit.xquickasks", "//* VERSION 3.0 REV E **//\r\n//* TITLE Quick Asks **//\r\n//* DESCRIPTION Send asks and submit stuff without leaving the dashboard. **//\r\n//* DEVELOPER STUDIOXENIX **/[...]
Line Deleted : user_pref("xkit.xquickasks_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2t[...]
Line Deleted : user_pref("xkit.xwraptags_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tl[...]
 
*************************
 
AdwCleaner[R0].txt - [8923 octets] - [11/09/2013 23:59:32]
AdwCleaner[S0].txt - [8078 octets] - [12/09/2013 00:03:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8138 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anna on Thu 09/12/2013 at  0:18:49.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{185A4F9B-A435-46C2-9767-FC8DD2FD52B5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6E34DCDF-C99C-4920-AEC7-E404F98D924A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6E34DCDF-C99C-4920-AEC7-E404F98D924A}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{008FE20B-BA14-40AD-BAB2-81957486C0C5}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{1D895E12-B792-4405-BA46-5862A8C0314E}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{3DB8B45F-19D8-4DA9-A283-98D0BBD0ECFB}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{565FBCB4-7D7C-4937-A8A3-6267E3F9D777}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{6F35BEA4-8FDA-417E-AD85-4B75DFFFFF00}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{8E42A4F9-D52A-4D2F-ADE2-50D779947CC0}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{94866C27-7829-4EFA-807E-A502D540D55F}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{99F0CFDD-D2E3-45E7-A11E-C0484B398CC8}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{A5080AF1-D61D-4D48-A996-91B25A43BA4C}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{B53E8F8F-D831-40EB-88D1-E93B01CA8B79}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{C6F8DCAA-01CF-42DF-86D8-1AE5007A54D8}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{CA655EFD-AFED-4DEB-84BA-0DFC69C150D7}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{DE86A303-97E0-4B3B-A1D6-FFB251E22EEE}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{F8693EB4-CE6E-409B-BA0C-525C4B3D6BAA}
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\3ty6ck20.default\prefs.js
 
user_pref("xkit.xgotodash", "//* VERSION 1.2 REV B **//\r\n//* TITLE Go-To-Dash **//\r\n//* DESCRIPTION Adds a button on peoples blogs that allows you to go back to that post 
user_pref("xkit.xgotodash_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9
user_pref("xkit.xkit_preferences", "//* VERSION 6.9 REV E **//\r\n//* TITLE XKit Control Panel **//\r\n//* INTERVAL 0 **//\r\n// XKit Preferences\r\n// Injects the preference 
user_pref("xkit.xnews_9IsPoweYV9_message", "<b>Thanks for installing XKit 6!</b><br/>\r\nIf you have any suggestions or problems, please feel free to <br/><a href=\"hxxp://xki
user_pref("xkit.xnews_9IsPoweYV9_read", "true");
user_pref("xkit.xnews_9IsPoweYV9_time", "30335134452");
user_pref("xkit.xnews_9IsPoweYV9_title", "Have suggestions?");
user_pref("xkit.xnews_items", ",0,9IsPoweYV9,jZXyuPDBt9,H17ODD5tGE,OnhgXez1KA,o75jtKkDcU,hMEtwIHZYE,fHvQgYQTXz,V8nmrLWJUr,d1L0Ju5DLu,U37gEBkbH0,VBllVxBZLS");
user_pref("xkit.xpreview_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9i
user_pref("xkit.xreblogurself_icon", "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5
Emptied folder: C:\Users\Anna\AppData\Roaming\mozilla\firefox\profiles\3ty6ck20.default\minidumps [67 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/12/2013 at  0:32:11.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ComboFix 13-09-10.03 - Anna 09/12/2013   1:24.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.1793 [GMT -4:00]
Running from: c:\users\Anna\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anna\AppData\Local\Temp\_MEI40162\_ctypes.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\_elementtree.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\_hashlib.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\_multiprocessing.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\_socket.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\_ssl.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\msvcp100.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\msvcr100.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\pyexpat.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\pysqlite2._sqlite.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\python27.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\pythoncom27.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\PyWinTypes27.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\select.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\unicodedata.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32api.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32com.shell.shell.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32crypt.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32event.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32file.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32inet.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32pdh.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32process.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32profile.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32security.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\win32ts.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\windows._cacheinvalidation.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wx._controls_.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wx._core_.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wx._gdi_.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wx._html2.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wx._misc_.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wx._windows_.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wx._wizard.pyd
c:\users\Anna\AppData\Local\Temp\_MEI40162\wxbase294u_net_vc90.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\wxbase294u_vc90.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\wxmsw294u_adv_vc90.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\wxmsw294u_core_vc90.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\wxmsw294u_html_vc90.dll
c:\users\Anna\AppData\Local\Temp\_MEI40162\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-12 to 2013-09-12  )))))))))))))))))))))))))))))))
.
.
2013-09-12 05:32 . 2013-09-12 05:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 04:18 . 2013-09-12 04:18 -------- d-----w- c:\windows\ERUNT
2013-09-12 03:54 . 2013-09-12 04:04 -------- d-----w- C:\AdwCleaner
2013-09-11 21:54 . 2013-09-11 21:54 -------- d-----w- C:\FRST
2013-09-11 03:16 . 2013-09-11 03:16 9430408 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-08 17:50 . 2013-09-12 04:08 -------- d-----r- c:\users\Anna\Google Drive
2013-09-08 16:54 . 2013-09-08 16:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-08 16:54 . 2013-09-08 16:55 -------- d-----w- c:\program files\iTunes
2013-09-08 16:54 . 2013-09-08 16:55 -------- d-----w- c:\program files (x86)\iTunes
2013-09-08 16:54 . 2013-09-08 16:54 -------- d-----w- c:\program files\iPod
2013-08-30 03:05 . 2013-09-08 17:47 -------- d-----w- c:\program files (x86)\Google
2013-08-29 20:55 . 2013-07-26 03:12 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-08-29 16:16 . 2013-08-29 16:16 -------- d-----w- c:\program files\HitmanPro
2013-08-29 16:16 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-29 16:16 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-29 16:16 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-29 16:16 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-29 16:16 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-29 16:16 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-29 16:16 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-29 16:16 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-29 16:10 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-29 16:10 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-29 16:06 . 2013-08-29 16:34 -------- d-----w- c:\programdata\HitmanPro
2013-08-29 16:05 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-29 16:05 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-29 16:04 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-29 16:04 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-29 16:04 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-29 16:04 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-29 15:49 . 2013-08-29 15:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-29 15:49 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-29 13:28 . 2013-08-29 13:31 -------- d-----w- c:\programdata\vqan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 03:17 . 2012-10-13 19:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 03:17 . 2011-10-26 04:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-01 19:28 . 2012-10-11 01:23 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
2013-06-17 21:31 . 2012-12-08 19:54 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130903.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130911.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130911.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 14:10 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 03:17]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-30 03:05]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-30 03:05]
.
2013-09-11 c:\windows\Tasks\HPCeeScheduleForAnna.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{640E2870-B4F2-4D51-A3D2-916027A51253}: NameServer = 205.152.37.23
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\3ty6ck20.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-09-12  01:41:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-12 05:41
.
Pre-Run: 477,547,573,248 bytes free
Post-Run: 477,766,930,432 bytes free
.
- - End Of File - - DD8A81B2C0A8B16C0F0E2CA458183456
A36C5E4F47E84449FF07ED3517B43A31

 

 

As far as how my computer's running, I would say mostly good. I'm still noticing something of a lag, though and occasional freezing (i.e., when I'm just looking at a web page and it will give me the "not responding" message) so I'm just curious to see if the virus is the cause of this because it's still hanging on somewhere. But for the most part, I can still use my computer as I normally do and it's running fine. 



#7 joesus

joesus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 12 September 2013 - 12:59 AM

Sorry, for the second comment but I feel like I might have misunderstood your last question. Prior to running those that's how my computer was working. Right now it seems like it's a little faster and it hasn't frozen on me, so I would say it's working pretty well. Just thought I would clarify so there's no confusion. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 PM

Posted 12 September 2013 - 09:56 AM

Hi Anna,

Sounds like we are making some progress. I would still like you to let me know if you recognize this:

C:\ProgramData\vqan

Please run this for me.

===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the folder
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 joesus

joesus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 12 September 2013 - 06:58 PM

Hello, Gary

 

I apologize, in my last response I neglected to answer your question regarding the folder. I do not recognize it. 

 

My computer is still running well, as far as I can tell. It hasn't stalled on me and it seems like it's been running a little faster. 

 

I also ran the program that you asked me too and will now await your instructions for what to do next.

 

Thank you,

Anna



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 PM

Posted 12 September 2013 - 07:39 PM

Hi Anna,

I would like to take a look at the contents of that folder before deciding what to do with it. Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\ProgramData\vqan /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 joesus

joesus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 12 September 2013 - 09:14 PM

Hi, Gary

 

Here are the results: 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 22:12 on 12/09/2013 by Anna
Administrator - Elevation successful
 
========== dir ==========
 
C:\ProgramData\vqan - Parameters: "/s"
 
---Files---
hsicvp.ajh --a---- 237911 bytes [13:29 29/08/2013] [13:29 29/08/2013]
msylio.hmj --a---- 53873 bytes [13:30 29/08/2013] [13:30 29/08/2013]
qlrhna.gpc --a---- 269109 bytes [13:31 29/08/2013] [13:31 29/08/2013]
 
No folders found.
 
-= EOF =-

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 PM

Posted 12 September 2013 - 09:30 PM

Thanks, that stuff needs to go.

Using Windows Explorer please navigate to that folder, right click, then select Delete.

After completing that please run the below scans.

===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon 1208__malwarebytes.png and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes results
  • ESET results (no log if nothing found)
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 joesus

joesus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 13 September 2013 - 05:32 AM

Hi, Gary. 

 

The folder has been deleted. 

 

Here are the results logs from the two scans you asked me to run: 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.13.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Anna :: ANNA-HP [administrator]
 
9/12/2013 10:52:03 PM
mbam-log-2013-09-12 (22-52-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225052
Time elapsed: 5 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
C:\Users\Anna\Videos\Other Stuff\VLC_968.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
 
My computer seems to be running fairly well now. Response time is good when opening programs or pulling up browsers. No stalling or lagging. 
 
Thank you,
Anna

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,977 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:13 PM

Posted 13 September 2013 - 08:33 AM

Hi Anna,

Is there anything else I might be able to assist you with before I provide some computer safety information for your consideration?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 joesus

joesus
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 13 September 2013 - 05:46 PM

Hello, Gary

 

No, I believe that is all I need assistance with. 

 

Thank you,

Anna Hawk






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users