Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible trojan and/or malware


  • Please log in to reply
59 replies to this topic

#1 addygard

addygard

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 04 September 2013 - 09:02 PM

Starting a new topic here from this old topic:

http://www.bleepingcomputer.com/forums/t/505591/possible-trojan-unable-to-complete-anti-rootkit-scan/#entry3147667
 

Tried to follow the Preperation Guide for removing malware, but was unable to do the first thing it said, which was to back up my computer...I hope I was doing it right.  I was using Cobian and followed all the instructions as I understood them, but it kept saying my backup was disabled.  Then a little while later, I rebooted my computer so I could try my new live Linux cd that my daughter created for me, but when I rebooted again to start Windows, the Cobian Black Moon icon is no longer in my tool tray at the bottom of the screen, even when I un-hide everything.

 

Here are the two logs from DDS.  Thanks!

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Mom at 20:36:38 on 2013-09-04
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.447.99 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\mymbamAnti-Malware\mbamscheduler.exe
C:\Program Files\mymbamAnti-Malware\mbamservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\mymbamAnti-Malware\mbamgui.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mom\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.bing.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: {927f5499-4e0a-4390-90dd-2f8dda29dbcf} - <orphaned>
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [F.lux] "c:\documents and settings\mom\local settings\apps\f.lux\flux.exe" /noshow
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxps://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346442988453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{8F6D5F35-0620-4929-B431-6051E242D5C3} : DHCPNameServer = 192.168.2.1
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-7-15 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2012-7-15 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2012-7-15 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 175176]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2012-7-15 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-7 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-7 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-7 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-18 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-7 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-7-15 137960]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2013-1-8 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2013-1-8 49152]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 MBAMScheduler;MBAMScheduler;c:\program files\mymbamanti-malware\mbamscheduler.exe [2013-8-24 418376]
R2 MBAMService;MBAMService;c:\program files\mymbamanti-malware\mbamservice.exe [2013-8-24 701512]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2013-1-8 246936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-24 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2013-09-04 02:43:59 -------- d-----w- c:\program files\Cobian Backup 8
2013-09-03 01:42:48 -------- d-----w- C:\TDSSKiller_Quarantine
2013-09-02 16:30:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-09-02 16:30:35 -------- d-----w- c:\windows\system32\wbem\Repository
2013-09-02 16:30:14 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2013-09-02 16:30:13 -------- d-----w- c:\program files\Celebrity Toolbar
2013-09-02 16:30:10 -------- d-----w- c:\program files\Viewpoint
2013-09-02 16:30:10 -------- d-----w- c:\documents and settings\mom\local settings\application data\visi_coupon
2013-09-02 03:58:48 -------- d-----w- C:\AdwCleaner
2013-09-01 16:17:43 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-08-24 18:10:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-24 18:10:52 -------- d-----w- c:\program files\mymbamAnti-Malware
2013-08-23 02:30:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-08-17 23:02:12 -------- d-----w- c:\windows\system32\MRT
2013-08-17 22:59:50 -------- d-----w- C:\162be81fa393eaf786246793205695
.
==================== Find3M  ====================
.
2013-08-03 19:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59:11 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-27 23:26:47 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 23:26:47 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet(4).dll
2013-06-07 21:56:06 1215488 ----a-w- c:\windows\system32\urlmon(4).dll
2013-06-07 21:56:06 105984 ----a-w- c:\windows\system32\url(3).dll
.
============= FINISH: 20:38:30.89 ===============
 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2004 6:29:39 PM
System Uptime: 9/4/2013 8:21:27 PM (0 hours ago)
.
Motherboard: First International Computer, Inc. |  | AU31
Processor: AMD Athlon™  | Socket A | 1302/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 153 GiB total, 80.337 GiB free.
D: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0A48&PID_3239\9203111
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0A48&PID_3239\9203111
Service: USBSTOR
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:
.
==== System Restore Points ===================
.
RP192: 7/13/2013 9:34:03 AM - System Checkpoint
RP193: 7/13/2013 12:16:20 PM - Removed H&R Block Basic + Efile 2009.
RP194: 7/13/2013 12:26:03 PM - Removed TaxCut Premium 2007.
RP195: 7/13/2013 12:34:07 PM - Removed TaxCut Basic + Efile 2008.
RP196: 7/16/2013 8:28:08 PM - System Checkpoint
RP197: 7/17/2013 9:07:40 PM - System Checkpoint
RP198: 7/18/2013 9:23:15 PM - System Checkpoint
RP199: 7/20/2013 5:03:26 PM - System Checkpoint
RP200: 7/22/2013 7:32:33 PM - System Checkpoint
RP201: 7/25/2013 6:55:36 PM - System Checkpoint
RP202: 7/26/2013 7:34:22 PM - System Checkpoint
RP203: 7/31/2013 7:37:07 PM - System Checkpoint
RP204: 8/2/2013 8:22:53 PM - System Checkpoint
RP205: 8/4/2013 9:52:48 AM - System Checkpoint
RP206: 8/7/2013 6:44:46 PM - System Checkpoint
RP207: 8/8/2013 7:55:29 PM - System Checkpoint
RP208: 8/13/2013 7:59:49 PM - System Checkpoint
RP209: 8/14/2013 8:16:33 PM - System Checkpoint
RP210: 8/15/2013 6:15:57 PM - Software Distribution Service 3.0
RP211: 8/16/2013 6:08:11 PM - Software Distribution Service 3.0
RP212: 8/16/2013 6:51:43 PM - Restore Operation
RP213: 8/17/2013 4:42:19 PM - Software Distribution Service 3.0
RP214: 8/20/2013 7:55:52 PM - Software Distribution Service 3.0
RP215: 8/22/2013 8:51:57 PM - System Checkpoint
RP216: 8/23/2013 9:09:04 PM - System Checkpoint
RP217: 8/24/2013 9:50:45 PM - System Checkpoint
RP218: 8/25/2013 10:14:10 PM - System Checkpoint
RP219: 8/28/2013 7:08:54 PM - Software Distribution Service 3.0
RP220: 8/29/2013 7:36:30 PM - System Checkpoint
RP221: 8/31/2013 3:24:11 PM - System Checkpoint
RP222: 9/1/2013 4:45:54 PM - System Checkpoint
RP223: 9/2/2013 11:28:40 AM - Restore Operation
RP224: 9/2/2013 9:01:15 PM - Removed Java 7 Update 10
.
==== Installed Programs ======================
.
56Kbps Internal Modem
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
AT&T Yahoo! Applications
ATT-AACE
ATT-RemoteControl
avast! Internet Security
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Bonjour
CardRd81
CCleaner
CCScore
Cobian Backup 8
CR2
Critical Update for Windows Media Player 11 (KB959772)
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
F.lux
Far Cry (Patch 1)
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry (Patch 1.33)
green label Greetings Cards
H&R Block Basic + Efile 2010
H&R Block Basic + Efile 2011
H&R Block Basic + Efile 2012
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstallMgr
InterActual Player
IOI Multimedia Card Reader
iTunes
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Make a Movie
MakeAMov
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft IntelliPoint 6.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MP3 Player Utilities 1.51
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6 Service Pack 2 (KB973686)
Multimedia Keyboard Driver
Netscape 6 (6.2.1)
Notifier
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
OfotoXMI
OTtBP
OTtBPSDK
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SFR
SFR2
SHASTA
SKIN0001
SKINXSDK
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Mover
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Winamp
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WIRELESS
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
9/4/2013 8:36:52 PM, error: Service Control Manager [7016]  - The SmartLinkService service has reported an invalid current state 0.
9/4/2013 4:59:54 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
9/4/2013 4:59:54 PM, error: Service Control Manager [7000]  - The iPod Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/4/2013 4:59:53 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/2/2013 9:11:30 AM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/2/2013 9:11:16 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
9/2/2013 9:11:04 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
9/2/2013 9:02:56 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
9/2/2013 11:43:39 AM, error: Service Control Manager [7000]  - The Application Layer Gateway Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/2/2013 11:43:20 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/2/2013 10:59:22 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/2/2013 1:08:05 PM, error: System Error [1003]  - Error code 10000050, parameter1 fc4c7d25, parameter2 00000000, parameter3 bf862276, parameter4 00000000.
9/2/2013 1:04:21 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
9/1/2013 6:51:34 PM, error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:33 PM, error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:33 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:32 PM, error: Service Control Manager [7034]  - The Seagate Service service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:31 PM, error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:31 PM, error: Service Control Manager [7034]  - The Belkin Network USB Helper service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:31 PM, error: Service Control Manager [7034]  - The Belkin Local Backup Service service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:31 PM, error: Service Control Manager [7034]  - The AffinegyService service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 6:51:31 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2013 6:41:05 PM, error: Service Control Manager [7034]  - The WMDM PMSP Service service terminated unexpectedly.  It has done this 1 time(s).
9/1/2013 11:08:09 AM, error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
8/31/2013 1:11:55 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
8/31/2013 1:10:15 PM, error: Service Control Manager [7000]  - The Zune Bus Enumerator Driver service failed to start due to the following error:  The system cannot find the file specified.
8/30/2013 6:05:36 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
.
==== End Of File ===========================
 

 


When the power of love overcomes the love of power, the world will know peace.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:38 PM

Posted 09 September 2013 - 03:30 PM

Hi addygard

Sorry for the delay in response to your thread.
I've taken a look at your other thread.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

Let's get a better look at what may be happening here.


For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST


Thanks.

Edited by Starbuck, 09 September 2013 - 03:31 PM.

BBPP6nz.png


#3 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 10 September 2013 - 08:55 PM

Thank you for your reply.  I have not checked this forum for a couple of days, and it's kind of late for me now so I will download and run the scan tool as instructed first thing tomorrow after work.  I would do it tonight, but because of the recent problems I've had with other scans, I hesitate to start this one now.  Sorry for the delay.

 

Until tomorrow . . . thank you for your help and I look forward to working with you to get my computer cleaned up.


When the power of love overcomes the love of power, the world will know peace.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:38 PM

Posted 11 September 2013 - 12:19 AM

Hi addygard

That's fine, i'm just off to work myself.
Just post the reports when you have them.

Thanks

BBPP6nz.png


#5 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 11 September 2013 - 08:11 PM

Hi Starbuck,

 

Hope your day was good.  The reports are as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-09-2013 02
Ran by Mom (administrator) on BETSY on 11-09-2013 19:52:56
Running from C:\Documents and Settings\Mom\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Malwarebytes Corporation) C:\Program Files\mymbamAnti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\mymbamAnti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
( ) C:\WINDOWS\system32\slserv.exe
(Microsoft Corporation) C:\WINDOWS\System32\MsPMSPSv.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files\mymbamAnti-Malware\mbamgui.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Documents and Settings\Mom\Local Settings\Apps\F.lux\flux.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Yahoo!, Inc.) C:\PROGRA~1\Yahoo!\browser\ycommon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MaxMenuMgr] - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [181544 2008-10-28] (Seagate LLC)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296096 2012-11-04] (RealNetworks, Inc.)
HKLM\...\Run: [InstaLAN] - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-04-29] (Affinegy, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\System32\NavLogon.dll ()
Winlogon\Notify\WRNotifier: WRLogonNTF.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKCU\...\Run: [H/PC Connection Agent] - "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKCU\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [F.lux] - C:\Documents and Settings\Mom\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\Administrator\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Elissa Noske\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Elissa Noske\...\Run: [Yahoo! Pager] - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [ 2010-06-01] (Yahoo! Inc.)
HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Guest\...\Run: [Yahoo! Pager] - C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [ 2010-06-01] (Yahoo! Inc.)
HKU\Justin Denman\...\Run: [H/PC Connection Agent] - "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKU\Justin Denman\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
HKU\Ramona Noske\...\Run: [F.lux] - C:\Documents and Settings\Ramona Noske\Local Settings\Apps\F.lux\flux.exe [ 2009-08-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {927f5499-4e0a-4390-90dd-2f8dda29dbcf} -  No File
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {6fc27da2-548f-4e31-8f35-e00cf1f7197b} URL = http://search.freecause.com/search?ourmark=1&p={searchTerms}&fr=freecause&type=100&toggle=1&cop=mss&ei=UTF-8&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {6E36879B-14A2-4CC9-B8D4-11CC86F5FCA0} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKCU - {0F4CA47E-6800-4257-91F1-EEF696C06E1D} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {6E36879B-14A2-4CC9-B8D4-11CC86F5FCA0} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=att-ie8
SearchScopes: HKCU - {6F26361C-D50D-4551-B48E-7D1F2F07D171} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {6fc27da2-548f-4e31-8f35-e00cf1f7197b} URL = http://search.freecause.com/search?ourmark=1&p={searchTerms}&fr=freecause&type=100&toggle=1&cop=mss&ei=UTF-8&src={referrer:source?}
SearchScopes: HKCU - {BA9E36A4-B7FA-4CC9-9FF5-D7DC14E31D0E} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {F09F4EC7-EF6C-4430-9865-1C0071FCB859} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {B2C15D1C-8929-4769-B346-A30EF4ACDA95} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346442988453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\Mom\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

========================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-04-29] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] ()
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] ()
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [156968 2008-10-28] (Seagate Technology LLC)
R2 MBAMScheduler; C:\Program Files\mymbamAnti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\mymbamAnti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SLService; C:\Windows\System32\slserv.exe [45056 2003-01-17] ( )
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53248 2001-05-01] (Microsoft Corporation)
S2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AFGSp50; C:\Windows\System32\Drivers\AFGSp50.sys [27072 2011-02-15] (Printing Communications Assoc., Inc. (PCAUSA))
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [104752 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-06-27] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [204784 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R3 Intels51; C:\Windows\System32\DRIVERS\Intels51.sys [642958 2002-10-25] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMPR5; C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [19345 2004-11-22] (Motive, Inc.)
S3 MRENDIS5; C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [18003 2004-11-22] (Motive, Inc.)
S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [210128 2003-02-16] ( )
S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1293192 2003-02-16] ( )
S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [162136 2003-02-05] ( )
R3 nvax; C:\Windows\System32\drivers\nvax.sys [53376 2004-10-22] (NVIDIA Corporation)
R3 NVENET; C:\Windows\System32\DRIVERS\NVENET.sys [72771 2003-08-15] (NVIDIA Corporation)
R3 nvnforce; C:\Windows\System32\drivers\nvapu.sys [413824 2004-10-22] (NVIDIA Corporation)
R0 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [18688 2003-03-19] (NVIDIA Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
S3 RecAgent; C:\WINDOWS\system32\DRIVERS\RecAgent.sys [13776 2004-08-04] (Smart Link)
S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [516616 2003-02-16] ( )
S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [85520 2003-02-16] ( )
S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [39348 2003-01-17] (Vireo Software)
S3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [39532 2003-11-10] (Alcor Micro Corp.)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 AFGMp50; System32\Drivers\AFGMp50.sys [x]
S3 catchme; \??\C:\DOCUME~1\RAMONA~1\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
S2 zumbus; system32\DRIVERS\zumbus.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-11 19:51 - 2013-09-11 19:51 - 01082587 _____ (Farbar) C:\Documents and Settings\Mom\Desktop\FRST.exe
2013-09-11 19:37 - 2013-09-11 19:40 - 00005370 _____ C:\WINDOWS\KB2876217.log
2013-09-11 19:36 - 2013-09-11 19:40 - 00005886 _____ C:\WINDOWS\KB2876315.log
2013-09-11 19:33 - 2013-09-11 19:33 - 00000000 ____D C:\WINDOWS\LastGood
2013-09-11 19:32 - 2013-09-11 19:40 - 00005449 _____ C:\WINDOWS\KB2864063.log
2013-09-08 10:03 - 2013-09-08 10:03 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\From Pinterest
2013-09-05 20:51 - 2013-09-05 20:51 - 00000060 _____ C:\WINDOWS\setupact.log
2013-09-05 20:51 - 2013-09-05 20:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-04 20:38 - 2013-09-04 20:46 - 00024847 _____ C:\Documents and Settings\Mom\Desktop\attach.txt
2013-09-04 20:38 - 2013-09-04 20:46 - 00012996 _____ C:\Documents and Settings\Mom\Desktop\dds.txt
2013-09-04 20:35 - 2013-09-04 20:35 - 00688992 ____R (Swearware) C:\Documents and Settings\Mom\Desktop\dds.com
2013-09-03 21:43 - 2013-09-04 17:35 - 00000000 ____D C:\Program Files\Cobian Backup 8
2013-09-03 21:26 - 2013-09-03 21:26 - 08499200 _____ (Luis Cobian) C:\Documents and Settings\Mom\Desktop\cbSetup8.exe
2013-09-02 20:42 - 2013-09-02 20:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-02 19:34 - 2013-09-02 19:34 - 00020643 _____ C:\Documents and Settings\Mom\Desktop\Result.txt
2013-09-02 16:36 - 2013-09-02 16:36 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\Woodlands Online Ads
2013-09-02 13:11 - 2013-09-02 13:11 - 01309696 _____ C:\Documents and Settings\Mom\My Documents\error report.wps
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Program Files\Viewpoint
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Program Files\Celebrity Toolbar
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Documents and Settings\Mom\Local Settings\Application Data\visi_coupon
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Documents and Settings\Justin Denman\Local Settings\Application Data\visi_coupon
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Viewpoint
2013-09-01 22:58 - 2013-09-01 23:23 - 00000000 ____D C:\AdwCleaner
2013-09-01 11:17 - 2013-09-01 11:17 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-09-01 11:12 - 2013-09-01 11:12 - 00000114 _____ C:\local.conf
2013-08-28 19:14 - 2013-08-28 19:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-25 13:53 - 2013-08-31 18:53 - 00052736 _____ C:\Documents and Settings\Mom\My Documents\bleepingcomputerpost.wps
2013-08-25 11:59 - 2013-08-25 11:59 - 00030587 _____ C:\Documents and Settings\Mom\Desktop\AvastAttachments_2013825.zip
2013-08-24 13:10 - 2013-08-24 13:10 - 00000728 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-24 13:10 - 2013-08-24 13:10 - 00000000 ____D C:\Program Files\mymbamAnti-Malware
2013-08-24 13:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-22 21:30 - 2013-09-01 18:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-08-17 18:02 - 2013-08-17 18:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-17 17:59 - 2013-08-17 18:01 - 00000000 ____D C:\162be81fa393eaf786246793205695
2013-08-15 18:39 - 2013-08-17 17:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 18:38 - 2013-08-17 17:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 18:38 - 2013-08-17 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 18:36 - 2013-08-17 17:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$

==================== One Month Modified Files and Folders =======

2013-09-11 19:52 - 2013-09-11 19:52 - 00000000 ____D C:\FRST
2013-09-11 19:51 - 2013-09-11 19:51 - 01082587 _____ (Farbar) C:\Documents and Settings\Mom\Desktop\FRST.exe
2013-09-11 19:45 - 2004-08-18 16:43 - 01861552 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-11 19:40 - 2013-09-11 19:37 - 00005370 _____ C:\WINDOWS\KB2876217.log
2013-09-11 19:40 - 2013-09-11 19:36 - 00005886 _____ C:\WINDOWS\KB2876315.log
2013-09-11 19:40 - 2013-09-11 19:32 - 00005449 _____ C:\WINDOWS\KB2864063.log
2013-09-11 19:33 - 2013-09-11 19:33 - 00000000 ____D C:\WINDOWS\LastGood
2013-09-11 19:27 - 2012-07-07 20:26 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-09-11 19:09 - 2013-03-28 19:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-11 18:54 - 2013-01-26 16:02 - 00000292 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1824453259-1067934759-3774945580-1005.job
2013-09-11 18:53 - 2013-08-02 18:12 - 00000274 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1824453259-1067934759-3774945580-1009.job
2013-09-11 18:48 - 2004-02-05 05:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-11 18:48 - 2004-02-05 04:36 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-11 18:48 - 2004-02-04 21:41 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-11 18:48 - 2004-02-04 21:41 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-10 18:49 - 2004-02-05 05:45 - 00032418 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-09 21:56 - 2007-10-05 17:25 - 00000178 ___SH C:\Documents and Settings\Mom\ntuser.ini
2013-09-08 10:03 - 2013-09-08 10:03 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\From Pinterest
2013-09-05 20:51 - 2013-09-05 20:51 - 00000060 _____ C:\WINDOWS\setupact.log
2013-09-05 20:51 - 2013-09-05 20:51 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-05 20:51 - 2007-10-05 17:25 - 00000000 ____D C:\Documents and Settings\Mom
2013-09-05 18:29 - 2012-11-04 15:13 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1824453259-1067934759-3774945580-1005.job
2013-09-04 20:46 - 2013-09-04 20:38 - 00024847 _____ C:\Documents and Settings\Mom\Desktop\attach.txt
2013-09-04 20:46 - 2013-09-04 20:38 - 00012996 _____ C:\Documents and Settings\Mom\Desktop\dds.txt
2013-09-04 20:35 - 2013-09-04 20:35 - 00688992 ____R (Swearware) C:\Documents and Settings\Mom\Desktop\dds.com
2013-09-04 17:35 - 2013-09-03 21:43 - 00000000 ____D C:\Program Files\Cobian Backup 8
2013-09-03 21:26 - 2013-09-03 21:26 - 08499200 _____ (Luis Cobian) C:\Documents and Settings\Mom\Desktop\cbSetup8.exe
2013-09-02 23:08 - 2005-05-31 09:50 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-02 20:42 - 2013-09-02 20:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-02 19:34 - 2013-09-02 19:34 - 00020643 _____ C:\Documents and Settings\Mom\Desktop\Result.txt
2013-09-02 18:54 - 2013-07-09 19:17 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-02 16:38 - 2009-09-26 14:28 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\Craft, Halloween Jokes, Images, Ideas, Samples
2013-09-02 16:36 - 2013-09-02 16:36 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\Woodlands Online Ads
2013-09-02 16:20 - 2011-05-30 12:26 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\Dogs
2013-09-02 16:14 - 2009-08-09 14:28 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\Saved PDFs
2013-09-02 15:58 - 2010-02-20 07:09 - 00000000 ____D C:\Documents and Settings\Mom\My Documents\Ferret
2013-09-02 13:11 - 2013-09-02 13:11 - 01309696 _____ C:\Documents and Settings\Mom\My Documents\error report.wps
2013-09-02 11:37 - 2012-07-15 13:10 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
2013-09-02 11:37 - 2004-02-05 05:43 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Program Files\Viewpoint
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Program Files\Celebrity Toolbar
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Documents and Settings\Mom\Local Settings\Application Data\visi_coupon
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Documents and Settings\Justin Denman\Local Settings\Application Data\visi_coupon
2013-09-02 11:30 - 2013-09-02 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Viewpoint
2013-09-02 11:30 - 2006-01-03 10:57 - 00000000 ____D C:\Documents and Settings\Administrator
2013-09-02 11:30 - 2004-10-31 15:28 - 00000000 ____D C:\Documents and Settings\Guest
2013-09-02 11:30 - 2004-08-16 22:41 - 00000000 ____D C:\Documents and Settings\Justin Denman
2013-09-02 11:30 - 2004-08-16 15:04 - 00000000 ____D C:\Documents and Settings\Elissa Noske
2013-09-02 11:30 - 2004-08-15 18:30 - 00000000 ____D C:\Documents and Settings\Ramona Noske
2013-09-02 11:30 - 2004-02-05 05:45 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-09-02 11:30 - 2004-02-05 05:45 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-09-02 11:30 - 2004-02-05 05:42 - 00000000 ____D C:\WINDOWS\Registration
2013-09-01 23:23 - 2013-09-01 22:58 - 00000000 ____D C:\AdwCleaner
2013-09-01 18:27 - 2013-08-22 21:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-01 11:17 - 2013-09-01 11:17 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-09-01 11:12 - 2013-09-01 11:12 - 00000114 _____ C:\local.conf
2013-09-01 07:58 - 2012-07-08 15:45 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-09-01 07:58 - 2012-07-08 15:45 - 00000000 ____D C:\Program Files\CCleaner
2013-08-31 18:53 - 2013-08-25 13:53 - 00052736 _____ C:\Documents and Settings\Mom\My Documents\bleepingcomputerpost.wps
2013-08-30 18:06 - 2013-03-15 21:11 - 00000282 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1824453259-1067934759-3774945580-1009.job
2013-08-28 19:14 - 2013-08-28 19:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-25 11:59 - 2013-08-25 11:59 - 00030587 _____ C:\Documents and Settings\Mom\Desktop\AvastAttachments_2013825.zip
2013-08-24 13:10 - 2013-08-24 13:10 - 00000728 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-24 13:10 - 2013-08-24 13:10 - 00000000 ____D C:\Program Files\mymbamAnti-Malware
2013-08-22 18:59 - 2011-11-07 16:15 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-17 18:02 - 2013-08-17 18:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-17 18:01 - 2013-08-17 17:59 - 00000000 ____D C:\162be81fa393eaf786246793205695
2013-08-17 18:01 - 2005-05-11 23:50 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-17 17:45 - 2004-02-04 21:40 - 00600328 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-17 17:41 - 2013-08-15 18:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-17 17:37 - 2013-08-15 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-17 17:32 - 2013-08-15 18:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-17 17:32 - 2007-10-04 23:16 - 00763572 _____ C:\WINDOWS\system32\TZLog.log
2013-08-17 17:29 - 2013-08-15 18:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 19:00 - 2009-04-05 13:28 - 00000000 ____D C:\WINDOWS\ie8updates

Files to move or delete:
====================
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Bootstrapper.exe
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperARA.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperARU.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperCHS.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperCHT.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperCSY.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperDAN.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperDEU.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperELL.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperENU.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperESN.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperESP.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperFIN.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperFRA.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperHEB.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperHRV.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperHUN.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperITA.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperJPN.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperKOR.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperLOC.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperNLD.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperNOR.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperPLK.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperPTB.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperPTG.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperRUS.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperSKY.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperSLV.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperSVE.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperTHA.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperTRK.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\BootstrapperUKR.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\DeleteProgramDataFiles.CA.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\dotNetFx40_Client_setup.exe
C:\Documents and Settings\Justin Denman\Local Settings\Temp\setup.exe
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Tsu-0724.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-09-2013 02
Ran by Mom at 2013-09-11 19:55:23
Running from C:\Documents and Settings\Mom\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

56Kbps Internal Modem
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 3.6.0.6090)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression 5
AT&T Yahoo! Applications
ATT-AACE
ATT-RemoteControl
avast! Internet Security (Version: 8.0.1489.0)
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.1.3)
Bonjour (Version: 3.0.0.10)
CardRd81 (Version: 4.00.0000.0004)
CCleaner (Version: 4.05)
CCScore (Version: 5.01.0000.0001)
Cobian Backup 8
CR2 (Version: 4.00.0000.0003)
Critical Update for Windows Media Player 11 (KB959772)
ESSBrwr (Version: 5.01.0000.0001)
ESSCDBK (Version: 5.01.0000.0001)
ESScore (Version: 5.01.0000.0002)
ESSCT (Version: 5.01.0000.0101)
ESSEMAIL (Version: 5.01.0000.0001)
ESSgui (Version: 5.01.0000.0004)
ESShelp (Version: 5.01.0000.0001)
ESSini (Version: 5.01.0000.0101)
ESSPCD (Version: 5.01.0000.0001)
ESSPDock (Version: 4.00.0000.0003)
ESSSONIC (Version: 5.00.0000.0002)
ESSTOOLS (Version: 5.00.0000.0004)
essvcpt (Version: 5.01.0000.0002)
ESSvpaht (Version: 5.01.0000.0004)
ESSvpot (Version: 5.01.0000.0101)
F.lux
Far Cry (Patch 1) (Version: 1.00.0000)
Far Cry (Patch 1.3) (Version: 1.00.0000)
Far Cry (Patch 1.31) (Version: 1.00.0000)
Far Cry (Patch 1.33) (Version: 1.00.0000)
green label Greetings Cards
H&R Block Basic + Efile 2010 (Version: 10.02.5701)
H&R Block Basic + Efile 2011 (Version: 11.02.6203)
H&R Block Basic + Efile 2012 (Version: 12.02.7801)
HLPIndex (Version: 5.01.0000.0001)
HLPPDOCK (Version: 4.00.0000.0002)
HLPSFO (Version: 5.01.0000.0103)
InstallMgr (Version: 1.0.39.0)
InterActual Player
IOI Multimedia Card Reader (Version: 1.03)
iTunes (Version: 11.0.4.4)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player (Version: 10.1.0.11)
Make a Movie (Version: 1.00.0000)
MakeAMov (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Default Manager (Version: 1.1.53.0)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 7.0 (Version: 07.02.0620)
MobileMe Control Panel (Version: 3.1.5.0)
Move Networks Media Player for Internet Explorer
MP3 Player Utilities 1.51 (Version: 1.51)
MSN Music Assistant
MSN Toolbar (Version: 1.0.39.0)
MSN Toolbar (Version: 3.0.1125.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Multimedia Keyboard Driver
Netscape 6 (6.2.1)
Notifier (Version: 5.01.0000.0101)
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA nForce Drivers
OfotoXMI (Version: 5.01.0000.0001)
OTtBP (Version: 5.01.0000.0002)
OTtBPSDK (Version: 4.00.0000.0000)
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PowerDVD
QuickTime (Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
Seagate Manager Installer (Version: 2.01.0048)
SFR (Version: 5.00.0000.0005)
SFR2 (Version: 3.03.0000.0002)
SHASTA (Version: 5.00.0002.0001)
SKIN0001 (Version: 5.01.0000.0002)
SKINXSDK (Version: 5.00.0000.0004)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Video Mover
Viewpoint Media Player
VPRINTOL (Version: 5.01.0000.0001)
WebFldrs XP (Version: 9.50.6513)
Winamp (Version: 5.57 )
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Movie Maker 2.0 (Version: 2.0.0000)
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 5.00.0000.0001)
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update

==================== Restore Points  =========================

13-07-2013 14:34:03 System Checkpoint
13-07-2013 17:16:20 Removed H&R Block Basic + Efile 2009.
13-07-2013 17:26:03 Removed TaxCut Premium 2007.
13-07-2013 17:34:07 Removed TaxCut Basic + Efile 2008.
17-07-2013 01:28:08 System Checkpoint
18-07-2013 02:07:40 System Checkpoint
19-07-2013 02:23:15 System Checkpoint
20-07-2013 22:03:26 System Checkpoint
23-07-2013 00:32:33 System Checkpoint
25-07-2013 23:55:36 System Checkpoint
27-07-2013 00:34:22 System Checkpoint
01-08-2013 00:37:07 System Checkpoint
03-08-2013 01:22:53 System Checkpoint
04-08-2013 14:52:48 System Checkpoint
07-08-2013 23:44:46 System Checkpoint
09-08-2013 00:55:29 System Checkpoint
14-08-2013 00:59:49 System Checkpoint
15-08-2013 01:16:33 System Checkpoint
15-08-2013 23:15:57 Software Distribution Service 3.0
16-08-2013 23:08:11 Software Distribution Service 3.0
16-08-2013 23:51:43 Restore Operation
17-08-2013 21:42:19 Software Distribution Service 3.0
21-08-2013 00:55:52 Software Distribution Service 3.0
23-08-2013 01:51:57 System Checkpoint
24-08-2013 02:09:04 System Checkpoint
25-08-2013 02:50:45 System Checkpoint
26-08-2013 03:14:10 System Checkpoint
29-08-2013 00:08:54 Software Distribution Service 3.0
30-08-2013 00:36:30 System Checkpoint
31-08-2013 20:24:11 System Checkpoint
01-09-2013 21:45:54 System Checkpoint
02-09-2013 16:28:40 Restore Operation
03-09-2013 02:01:15 Removed Java 7 Update 10
09-09-2013 00:56:02 System Checkpoint
10-09-2013 01:14:05 System Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1824453259-1067934759-3774945580-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1824453259-1067934759-3774945580-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1824453259-1067934759-3774945580-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1824453259-1067934759-3774945580-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2004-02-05 04:36 - 2008-04-13 19:10 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime
2002-03-29 15:12 - 2002-03-29 15:12 - 00045056 _____ () C:\WINDOWS\System32\NavLogon.dll
2012-07-15 13:16 - 2013-03-06 17:12 - 09729024 _____ (Mailshell) C:\Program Files\AVAST Software\Avast\WINSPAMCATCHER.dll
2013-09-11 19:23 - 2013-09-11 16:11 - 02099200 _____ () C:\Program Files\AVAST Software\Avast\defs\13091101\algo.dll
2006-03-14 20:30 - 2004-11-24 23:07 - 00079679 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FLMADA.DLL
2003-05-22 13:06 - 2003-05-22 13:06 - 00073869 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EBPMON24.DLL
2008-02-03 10:58 - 2008-02-03 10:58 - 00051716 _____ () C:\WINDOWS\system32\pdf995mon.dll
2011-11-12 23:39 - 2008-07-06 07:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2013-01-08 14:48 - 2011-04-29 19:30 - 00234400 _____ (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\AffIpHelper.dll
2013-01-08 14:48 - 2011-04-29 19:30 - 00139680 _____ (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\AffCrypto.dll
2013-01-08 14:48 - 2011-04-29 19:30 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2009-09-04 23:14 - 2009-09-04 23:14 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\WINDOWS\system32\dnssd.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-06-04 11:17 - 2002-07-04 09:38 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2004-02-05 04:35 - 2010-01-29 09:43 - 00307260 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\l3codeca.acm
2013-01-08 14:48 - 2011-02-15 15:15 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2013-01-08 14:48 - 2011-02-15 15:15 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2013-01-08 14:48 - 2011-02-15 15:16 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2013-01-08 14:48 - 2011-02-15 15:15 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-01-08 14:48 - 2011-02-15 14:25 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2013-01-08 14:50 - 2010-02-17 19:25 - 00132096 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2013-01-08 14:48 - 2011-04-29 19:30 - 02195360 _____ (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\AffStateMc.dll
2013-01-08 14:48 - 2011-04-29 19:30 - 00200608 _____ (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\affNdis.dll
2013-01-08 14:48 - 2011-02-15 14:30 - 00118784 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Program Files\Belkin\Router Setup and Monitor\W32N55.dll
2013-01-08 16:06 - 2013-09-11 19:01 - 00180224 _____ (Softanics) C:\Documents and Settings\Mom\Local Settings\Temp\1.tmp\F_IN_BOX.dll
2013-01-08 14:48 - 2011-04-29 18:55 - 00658432 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2007-10-04 18:05 - 2006-10-31 16:33 - 00198136 _____ (Yahoo! Inc.) C:\Program Files\Yahoo!\common\yiesrvc.dll
2006-03-01 12:44 - 2006-07-28 12:36 - 00120312 _____ (Yahoo! Inc.) C:\Program Files\Yahoo!\common\YIeTagBm.dll
2006-03-01 12:39 - 2006-08-16 16:11 - 00176128 _____ (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\ycommon.dll
2006-03-01 12:39 - 2006-02-23 17:13 - 00038912 _____ () C:\Program Files\Yahoo!\browser\YCommonPS.dll
2013-03-28 19:31 - 2013-03-28 19:31 - 14606552 ____R (Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\Flash32_11_6_602_180.ocx

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\WINDOWS\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2013 07:18:16 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/08/2013 07:18:16 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/07/2013 08:02:00 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/07/2013 06:51:47 PM) (Source: Application Hang) (User: )
Description: Hanging application spider.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 10:31:50 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 10:31:50 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 04:16:53 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2013 11:39:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (09/11/2013 07:10:01 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Flash Player Update Service service failed to start due to the following error:
%%1053

Error: (09/11/2013 07:10:01 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

Error: (09/11/2013 06:53:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/11/2013 06:53:35 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/11/2013 06:52:40 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/11/2013 06:52:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/11/2013 06:48:30 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (09/10/2013 06:46:44 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (09/09/2013 07:10:23 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (09/08/2013 05:48:34 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Microsoft Office Sessions:
=========================
Error: (09/08/2013 07:18:16 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/08/2013 07:18:16 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/07/2013 08:02:00 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/07/2013 06:51:47 PM) (Source: Application Hang)(User: )
Description: spider.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (09/02/2013 10:31:50 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/02/2013 10:31:50 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/02/2013 04:16:53 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe11.0.3.37hungapp0.0.0.000000000

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/02/2013 11:37:42 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/01/2013 11:39:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Percentage of memory in use: 76%
Total physical RAM: 447.48 MB
Available physical RAM: 102.94 MB
Total Pagefile: 1058.34 MB
Available Pagefile: 279.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:153.38 GB) (Free:79.12 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 153 GB) (Disk ID: 8EFDBD5C)
Partition 1: (Active) - (Size=153 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Thanks very much!


When the power of love overcomes the love of power, the world will know peace.


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:38 PM

Posted 12 September 2013 - 11:26 AM

Hi addygard
 

Hope your day was good

Yes thanks, day was good but it's starting to get colder now.

Step 1
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 2
Click Start >> All Programs >> Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
Type the following command, and then press the ENTER key:
sfc /scannow
(there is a gap between the c and the / )
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
It may or may not ask for the installation disc ( so have it ready if you do have one)


Step 3
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    In your next reply, please submit:
    FRST fix report
    Combofix.txt


    Thanks.
Attached File  fixlist.txt   1.59KB   3 downloads

Edited by Starbuck, 12 September 2013 - 11:32 AM.

BBPP6nz.png


#7 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 12 September 2013 - 08:33 PM

We've a little while yet before it cools off here . . . still mid-90s during the day, mid-70s for the evenings.  Very much looking forward to cooler weather myself.

 

Okay, the result of the fixlist is below.  However, before I run sfc /scannow, and I apologize for the delay, I'm not sure which is the installation disc.  I have a Restore CD (it's actually 3 cds) that I believe has all the software my computer came pre-loaded with; then I have a System Recovery CD/DVD (MS Windows XP Home Edition).  Thanks so much for your help

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013
Ran by Mom at 2013-09-12 20:15:18 Run:1
Running from C:\Documents and Settings\Mom\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winlogon\Notify\WRNotifier: WRLogonNTF.dll [X]
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {927f5499-4e0a-4390-90dd-2f8dda29dbcf} -  No File
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {6fc27da2-548f-4e31-8f35-e00cf1f7197b} URL = http://search.freecause.com/search?ourmark=1&p={searchTerms}&fr=freecause&type=100&toggle=1&cop=mss&ei=UTF-8&src={referrer:source?}
SearchScopes: HKCU - {6fc27da2-548f-4e31-8f35-e00cf1f7197b} URL = http://search.freecause.com/search?ourmark=1&p={searchTerms}&fr=freecause&type=100&toggle=1&cop=mss&ei=UTF-8&src={referrer:source?}
Toolbar: HKCU - No Name - {B2C15D1C-8929-4769-B346-A30EF4ACDA95} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Hosts: Hosts file not detected in the default directory
S3 AFGMp50; System32\Drivers\AFGMp50.sys [x]
S3 catchme; \??\C:\DOCUME~1\RAMONA~1\LOCALS~1\Temp\catchme.sys [x]
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Bootstrapper.exe
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Bootstrapper*.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\DeleteProgramDataFiles.CA.dll
C:\Documents and Settings\Justin Denman\Local Settings\Temp\dotNetFx40_Client_setup.exe
C:\Documents and Settings\Justin Denman\Local Settings\Temp\setup.exe
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Tsu-0724.dll

*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier => Key deleted successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{927f5499-4e0a-4390-90dd-2f8dda29dbcf} => Value deleted successfully.
HKCR\CLSID\{927f5499-4e0a-4390-90dd-2f8dda29dbcf} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value deleted successfully.
HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6fc27da2-548f-4e31-8f35-e00cf1f7197b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6fc27da2-548f-4e31-8f35-e00cf1f7197b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6fc27da2-548f-4e31-8f35-e00cf1f7197b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6fc27da2-548f-4e31-8f35-e00cf1f7197b} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2C15D1C-8929-4769-B346-A30EF4ACDA95} => Value deleted successfully.
HKCR\CLSID\{B2C15D1C-8929-4769-B346-A30EF4ACDA95} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
Could not reset Hosts.
AFGMp50 => Service deleted successfully.
catchme => Service deleted successfully.
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Bootstrapper.exe => Moved successfully.
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Bootstrapper*.dll => Moved successfully.
C:\Documents and Settings\Justin Denman\Local Settings\Temp\DeleteProgramDataFiles.CA.dll => Moved successfully.
C:\Documents and Settings\Justin Denman\Local Settings\Temp\dotNetFx40_Client_setup.exe => Moved successfully.
C:\Documents and Settings\Justin Denman\Local Settings\Temp\setup.exe => Moved successfully.
C:\Documents and Settings\Justin Denman\Local Settings\Temp\Tsu-0724.dll => Moved successfully.

==== End of Fixlog ====


When the power of love overcomes the love of power, the world will know peace.


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:38 PM

Posted 13 September 2013 - 01:04 AM

I have a Restore CD (it's actually 3 cds) that I believe has all the software my computer came pre-loaded with; then I have a System Recovery CD/DVD (MS Windows XP Home Edition)

From the cd's listed, it does sound as though the OS is preloaded.
This means the installation files will be on a hidden partition.
If any files are needed by sfc /scannow, they should be taken from there.
None of the cd's are an actual Installation disc.
Run sfc /scannow, and see how things go.

BBPP6nz.png


#9 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 13 September 2013 - 09:24 PM

Okay, I ran the scannow with no problem.   However, Combofix has been running almost an hour now, and I don't know if THAT'S a problem.  I know I won't still be awake when you reply, but I will leave everything running . . . just in case.  I'm on my daughter's computer right now, and I will also have to use it tomorrow to get online to see your reply (unless Combofix completes the scan and shows a log).  Just to let you know, she doesn't like to share even though she knows I'm having this problem.  Sorry about the difficulties.  And thank you ever so much for your patience and your continued help. :) 


When the power of love overcomes the love of power, the world will know peace.


#10 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 14 September 2013 - 09:48 AM

Hi Starbuck,

 

Hadn't heard from you by the time I got up this morning, but not a problem.  Just want to update you. . .

 

By the time I got up this morning, Combofix was exactly as I'd left it last night.  So I assumed it was not scanning or going to scan.  I closed it and restarted my computer.  No message came up that I was interrupting the scan, nor did any kind of log pop up.  However, I did notice that when my computer started back up, my Recycle Bin was empty.  I purposely had not emptied it in case there might have been anything in it that needed to be restored.  Oh well, too late now. . .

 

Then I tried to run Combofix again after restarting, but it did the same thing . . . nothing.  And when I say nothing, I mean it gets to the little blue screen  with the blinking cursor that says:

 

Scanning for infected files

This typically doesn’t take more than 10 minutes

However scan times for badly infected machines may easily double

 

I only let it run for about 40 minutes, then closed it.  What now?


When the power of love overcomes the love of power, the world will know peace.


#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:38 PM

Posted 15 September 2013 - 03:14 PM

Hi addygard

Sorry for the delay.
I went away early yesterday morning, but thought i'd replied to all my threads before going.
Obviously i missed yours.
My apologies.

Something is obviously blocking Combofix.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Now try running Combofix.

If it still won't run, try booting into safe mode and run Combofix from there.

Please reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
You will need to use the 'keyboard arrow keys' to navigate on this menu.
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Then choose your usual account.

BBPP6nz.png


#12 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 15 September 2013 - 08:01 PM

Not a problem and no apologies necessary . . . you volunteer your time and I am exceedingly grateful.

 

Regarding DeFogger, when it finished and I clicked OK, it did not ask me to reboot, so I rebooted anyway.  There was no error message, so I did not post the log.

 

Again, Combofix did not scan, nor did it scan in Safe Mode.  It stays at the same place as posted above.

 

I can still browse. . .I google and I do Pinterest . . . and that's basically it since my first post about this problem on BC a few weeks ago . .  no bill pay, no email (by choice).  Yesterday I googled a problem about my car and I got a red alert from Avast that it blocked 2 things from one link that I clicked on, but I could swear I had been to that forum site in the past searching info about my car.  Ordinarily if that happens, I would do a malwarebytes scan, but I haven't done one for a while now and won't until you tell me to.  However, I have been deleting temporary internet files using the tools/internet options and/or ccleaner because browsing takes so long and the page freezes up and I have to close the browser and reopen it again, so it helps a little bit.  But if any of this is counter-productive to what you want me to do or not do while you're assisting me, please let me know.

 

Thanks!

 

 


When the power of love overcomes the love of power, the world will know peace.


#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:38 PM

Posted 16 September 2013 - 02:18 AM

Hi addygard

I have been deleting temporary internet files using the tools/internet options and/or ccleaner

You can set Internet Explorer to do this for you automatically:

Tools >> Internet Options >> Advanced tab.
Scroll down the window and look under the Security heading.
Place a tick against Empty Temporary Internet folder when browser is closed.
Click Apply >> OK.

Let's try this from a different angle then:

Download RogueKiller and save it to your desktop.
  • Close all running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Let's see if RK will provide us with a report.

Edited by Starbuck, 16 September 2013 - 02:26 AM.

BBPP6nz.png


#14 addygard

addygard
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:10:38 AM

Posted 16 September 2013 - 07:59 PM

Hi Starbuck,

 

Okay, you didn't say to delete or not delete whatever came up in the RogueKiller scan, so i didn't delete.  I figure I can run the scan again and delete after you see the report, which is pasted below, and tell me what I need to do.

 

As an aside, and I don't know if this has anything to do with anything, but the links in your post for both DeFogger and RogueKiller took me to a blank page with the little security warning pop up.  I had to go to the BC's download page for them.

 

And I set IE to automatically delete the temporary internet files as you recommended.  Thank you very much.

 

 

 

RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mom [Admin rights]
Mode : Scan -- Date : 09/16/2013 19:39:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS722516VLAT20 +++++
--- User ---
[MBR] df8ca67468ca8c8cebb6b95a110cbdd2
[BSP] 3401567bc37729d1918e10f3b15d0458 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 157065 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09162013_193918.txt >>

 

 

 


When the power of love overcomes the love of power, the world will know peace.


#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:38 PM

Posted 17 September 2013 - 11:12 AM

Hi addygard
 

the links in your post for both DeFogger and RogueKiller took me to a blank page with the little security warning pop up.

The warning probably came from your Avast.
The links were to the developers own sites, so may not have been recognised by Avast.
Obviously BC doesn't get flagged by Avast. :)
 

Okay, you didn't say to delete or not delete whatever came up in the RogueKiller scan, so i didn't delete.

That's fine.
Not everything that shows will be bad.... that's why we ask for the report instead of jumping straight in.


Step 1
  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • The only line you need to keep ticked is:
    [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    the other 2 can be unticked.
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.


Step 2
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png



In your next reply, please submit:
new RK report
Eset scan report


Thanks.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users