Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit Virus??


  • This topic is locked This topic is locked
30 replies to this topic

#1 kaitlyn19

kaitlyn19

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 21 October 2013 - 11:04 AM

I am having a lot of issues with my laptop lately. Symptoms are similar to rootkit virus but so far no scanner has found this.

 

Symptoms include:

- Every download made with internet explorer doesn't work, it says its a virus and deletes it.

- Cannot open or use windows defender

- Cannot open or use Windows Security Centre

- Firewall will not go on. When I click it a error message comes up

 

 

What ive done so far:

 

 - Checked LAN settings in tools on internet explorer to see if changes has been made to proxy (No changes)

 - Scanned with:

         -AVG free (2 Trojans, deleted, problem still not fixed)

         -Malware bytes (only quick scan, full scan is being done right now)

         -RKill (only black screen came up, it did say I had symptoms of rootkit)

         -TDSS Rootkit Removal Tool (No treats found)

 

Hopefully someone can help me out here. I am going to do a Farbar Service Scanner next and post here. This Malware scanner will take around 8-9 hours to complete still so we will see what happens with that. I am doing a full scan on every driver. Right now im stuck using Google chrome to download programs, that is working fine.



BC AdBot (Login to Remove)

 


#2 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 21 October 2013 - 11:10 AM

Farbar Service Scanner Version: 20-10-2013
Ran by Kaitlyn (administrator) on 21-10-2013 at 12:08:16
Running from "C:\Users\Kaitlyn\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.

 

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 13:30] - [2013-09-13 21:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 13:30] - [2013-09-07 22:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll Reparse point on file detected.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:15 AM

Posted 21 October 2013 - 11:14 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

cXfZ4wS.png


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:15 PM

Posted 21 October 2013 - 11:19 AM

Hello, just letting you know I moved this topic o here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 21 October 2013 - 11:24 AM

Thank you for assisting me! I will follow all your steps attentively and hope we can get my laptop in tip top shape! Here is a attachment of the FSS scan 

Attached Files

  • Attached File  FSS.txt   5.96KB   2 downloads


#6 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 21 October 2013 - 02:58 PM

Malware Bytes just finished its full scan. 9 things came up, 8 of which were called.. PUP.OPTIONAL. 7 of those were in files and one was in registry key. The 9th one was called.. adware.vomba. I am removing these now and restarting my computer. I may download and scan on Hitman Pro tomorrow morning and see if anything different comes up on there. Still waiting for your advice till I proceed though..



#7 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 21 October 2013 - 03:12 PM

Another symptom I am having is my settings changing on its own. Mostly for internet explorer. The main thing is my new tabs page. I have it set for my recently visited sites and it seems almost every time I start up my computer again its set for blank page. I know how to change it back but it seems like something is taking a hold of my computer and changing some settings. After restarting my computer I still cant access fire wall, windows defender, windows security center or download anything. So getting rid of those viruses didn't do anything



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:15 AM

Posted 21 October 2013 - 03:40 PM

Hi,

 

You attached a wrong log...Farbar Serivce Scanner and Farbar Recovery Scan Tool are not the same utillities...

 

 

Regards,

Georgi


cXfZ4wS.png


#9 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 21 October 2013 - 07:01 PM

Sorry, here is what u need.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01
Ran by Kaitlyn (administrator) on KAITLYNS-PC on 21-10-2013 19:49:13
Running from C:\Users\Kaitlyn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Kaitlyn\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKCU\...\Run: [Google Update] - C:\Users\Kaitlyn\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-09-06] (Google Inc.)
HKCU\...\Run: [Search Protection] - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [HP Photosmart 7510 series (NET)] - C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: E - E:\autorun.exe
MountPoints2: {650946d9-700e-11df-87f6-806e6f6e6963} - D:\Autorun.exe
MountPoints2: {de6ea0ed-b9b0-11e1-966f-00266c4f9986} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {de6ea10c-b9b0-11e1-966f-00266c4f9986} - E:\HTC_Sync_Manager_PC.exe
MountPoints2: {e64c58cf-0bee-11e0-8e86-806e6f6e6963} - E:\AutoLaunch.exe
MountPoints2: {f032c441-f2ca-11e1-9bbb-806e6f6e6963} - E:\setup.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [autodetect] - C:\windows\SysWOW64\SupportAppXL\AutoDect.exe [91648 2008-12-02] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Blubster] - C:\Program Files (x86)\Blubster\Blubster.exe SILENT
HKLM-x32\...\Run: [MFARestart] - "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296056 2011-12-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [BrStsWnd] - C:\Program Files (x86)\Brownie\BrstsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2403144 2013-10-21] ()
HKU\Guest\...\Run: [Google Update] - C:\Users\Kaitlyn\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-09-06] (Google Inc.)
HKU\Guest\...\Run: [Search Protection] - C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
HKU\Guest\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\Guest\...\Run: [HP Photosmart 7510 series (NET)] - C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\Guest\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1597864 2013-02-14] (Valve Corporation)
HKU\Guest\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [3111744 2012-04-26] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll [ ] ()
Startup: C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\Kaitlyn\AppData\Local\Temp\is-S91P4.tmp\ATR1.exe (No File)
Startup: C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> C:\Users\Kaitlyn\AppData\Local\Temp\{C0EDB363-BBC3-40BC-BD23-DE85A903AE1F}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe (No File)

==================== Internet (Whitelisted) ====================

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9DEBF849-2E0E-4325-B4C3-C5772315ECFD&q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://avg.nation.com/avgtbavg/search/web?cid={82E960EC-FFED-494E-B3E3-825AC267AD8D}&mid=6ba0e359bc2047d0848ed16f2aab7075-d6987d98a2a21ca4ba637ad9a402bdf1fd4a49b2&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-10-21 10:43:27&v=17.0.0.12&pid=nation&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKCU - {E781ED83-C506-4BA0-8DEB-F95A7D23A426} URL = http://www.dymasearch.com/search.php?src=tops&q={SearchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.0.12\AVG Nation toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {e78a5c92-6a2b-4369-ab14-0ed3b2b18584} -  No File
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - AVG Nation toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Nation toolbar\17.0.0.12\AVG Nation toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -  No Name - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} -  No File
Toolbar: HKCU -  No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU -  No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -  No Name - {EFB1E45A-148D-40F9-A3F0-09D5577F9970} -  No File
Toolbar: HKCU -  No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: HKLM-x32 {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Conduit Search) - http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3007394&UP=SP9DEBF849-2E0E-4325-B4C3-C5772315ECFD
CHR DefaultSuggestURL: (Conduit Search) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (ConduitChromeApi) - C:\Users\Kaitlyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakaaanikglogbgdnnkhieaaadpnkggc\2.4.0.4_0\js/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\17\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kaitlyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: () - C:\Users\Kaitlyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaojdbdbhbbkpenbmlejjngphokgnp] - C:\Users\Kaitlyn\AppData\Local\APN\GoogleCRXs\aaaaojdbdbhbbkpenbmlejjngphokgnp_7.15.4.0.crx
CHR HKLM-x32\...\Chrome\Extension: [bakaaanikglogbgdnnkhieaaadpnkggc] - C:\Users\Kaitlyn\AppData\Local\Temp\tbch.crx
CHR HKLM-x32\...\Chrome\Extension: [gllbdihjlcikdkimpponkfggdpjnhngg] - C:\Users\Kaitlyn\AppData\Local\CRE\gllbdihjlcikdkimpponkfggdpjnhngg.crx
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Kaitlyn\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Kaitlyn\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] ()
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1733448 2013-10-21] (AVG Secure Search)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{4d53670e-b2af-5fba-9ac8-06fe71705780}\   \...\???\{4d53670e-b2af-5fba-9ac8-06fe71705780}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-21] (AVG Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-30] (Duplex Secure Ltd.)
U3 a47ne87v; C:\Windows\System32\Drivers\a47ne87v.sys [0 ] (Advanced Micro Devices)
S1 MpKsle6a74b2b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22E5DF10-DEF5-4A60-AB7F-77ADBBE4465C}\MpKsle6a74b2b.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-21 19:50 - 2013-10-21 19:51 - 00000000 ____D C:\Users\Kaitlyn\Downloads\Sims
2013-10-21 19:48 - 2013-10-21 19:48 - 01954698 _____ (Farbar) C:\Users\Kaitlyn\Downloads\FRST64.exe
2013-10-21 19:48 - 2013-10-21 19:48 - 00000000 ____D C:\FRST
2013-10-21 16:35 - 2013-10-21 16:35 - 00000000 ____D C:\windows\TempCABCCFF3-3EDF-2EC2-C6C5-40774D0779FE-Signatures
2013-10-21 12:08 - 2013-10-21 12:08 - 00006105 _____ C:\Users\Kaitlyn\Downloads\FSS.txt
2013-10-21 12:07 - 2013-10-21 12:07 - 00359081 _____ (Farbar) C:\Users\Kaitlyn\Downloads\FSS.exe
2013-10-21 11:36 - 2013-10-21 11:36 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Kaitlyn\Downloads\rkill (1).scr
2013-10-21 11:32 - 2013-10-21 11:32 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Kaitlyn\Downloads\rkill.scr
2013-10-21 10:47 - 2013-10-21 10:47 - 00000000 ____D C:\Users\Kaitlyn\AppData\Roaming\AVG2014
2013-10-21 10:44 - 2013-10-21 10:44 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\AVG Nation toolbar
2013-10-21 10:43 - 2013-10-21 10:52 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-21 10:43 - 2013-10-21 10:43 - 00000000 ____D C:\Program Files (x86)\AVG Nation toolbar
2013-10-21 10:43 - 2013-10-21 10:42 - 00046368 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-10-21 10:39 - 2013-10-21 10:44 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-21 10:39 - 2013-10-21 10:39 - 00000000 ___HD C:\$AVG
2013-10-21 10:30 - 2013-10-21 11:07 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\Avg2014
2013-10-21 10:30 - 2013-10-21 10:30 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\MFAData
2013-10-21 10:29 - 2013-10-21 10:29 - 04436536 _____ (AVG Technologies) C:\Users\Kaitlyn\Downloads\avg_isct_stb_all_2014_4158_free.exe
2013-10-21 10:18 - 2013-10-21 10:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Kaitlyn\Downloads\iexplore.exe.exe
2013-10-20 19:25 - 2013-10-20 19:25 - 00000000 ____D C:\windows\Temp5256F713-AF3A-CECD-C3F0-AD009A65FD64-Signatures
2013-10-19 21:00 - 2013-10-19 21:00 - 00000000 ____D C:\windows\Temp6762CA03-95F4-2AEA-F666-1DCE0535BBA9-Signatures
2013-10-19 13:51 - 2013-10-19 13:51 - 00000200 _____ C:\Users\Kaitlyn\Desktop\The Sims™ 3.lnk
2013-10-18 16:21 - 2013-10-18 16:21 - 00000000 ____D C:\windows\Temp7162858B-49F5-860C-0AF9-41ACECD54459-Signatures
2013-10-18 12:47 - 2013-10-18 12:47 - 05134711 _____ (Swearware) C:\Users\Kaitlyn\Downloads\ComboFix.exe
2013-10-18 12:45 - 2013-10-18 12:45 - 00002393 _____ C:\Users\Kaitlyn\Desktop\Google Chrome.lnk
2013-10-17 20:54 - 2013-10-17 20:54 - 00000000 ____D C:\windows\TempAD84B503-B4F0-1B66-A79A-7B6E7EDB05AD-Signatures
2013-10-17 16:44 - 2013-10-17 16:44 - 00000000 ____D C:\windows\Temp44ED0F61-E029-E143-3375-5AD5FA4BF653-Signatures
2013-10-16 20:08 - 2013-10-16 20:08 - 00000000 ____D C:\windows\TempDEBB191D-A4FF-2BE0-182D-892767F44515-Signatures
2013-10-16 08:09 - 2013-10-16 08:09 - 00000000 ____D C:\windows\Temp251689B5-F486-ADA2-7C40-7F657EC70235-Signatures
2013-10-15 16:45 - 2013-10-15 16:45 - 00000000 ____D C:\windows\Temp77B591E5-A5E3-BA47-0227-49136E995266-Signatures
2013-10-10 16:45 - 2013-09-22 19:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-10 16:45 - 2013-09-22 19:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-10 16:45 - 2013-09-22 19:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-10 16:45 - 2013-09-22 18:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-10 16:45 - 2013-09-22 18:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-10 16:45 - 2013-09-22 18:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-10 16:45 - 2013-09-22 18:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-10 16:45 - 2013-09-22 18:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-10 16:45 - 2013-09-20 23:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-10 16:45 - 2013-09-20 23:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-10 16:45 - 2013-09-20 22:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-10 16:45 - 2013-09-20 22:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 13:30 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 13:30 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 13:30 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 13:30 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-09 13:30 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 13:30 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 13:30 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 13:30 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-09 13:30 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 13:30 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-09 13:30 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-09 13:30 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-09 13:30 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-09 13:30 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-09 13:30 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-09 13:30 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-09 13:30 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-09 13:30 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-09 13:30 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-09 13:30 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 13:30 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:30 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:30 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-09 13:30 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 13:30 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-09 13:30 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 13:30 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 13:30 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 13:30 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-09 13:30 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-09 13:30 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 13:30 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 13:30 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-09 13:30 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 13:30 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 13:30 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:30 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 13:30 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 13:30 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 13:30 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 13:30 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-09 13:30 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-09 13:30 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-09 13:30 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 13:30 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-09 13:30 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-09 13:29 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-09 13:29 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-09 13:29 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-09 13:29 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-09 13:29 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-09 13:29 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-09 13:29 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-09 13:29 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 13:29 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-07 08:15 - 2013-10-07 08:15 - 00000000 ____D C:\windows\SysWOW64\SearchProtect
2013-09-26 09:59 - 2013-10-07 08:15 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-09-26 09:59 - 2013-09-26 10:00 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\SearchProtect
2013-09-26 09:54 - 2013-09-26 09:54 - 00000868 _____ C:\Users\Kaitlyn\Desktop\µTorrent.lnk
2013-09-26 09:54 - 2013-09-26 09:54 - 00000848 _____ C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-26 09:44 - 2013-09-26 09:44 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgfwd6a.sys
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys

==================== One Month Modified Files and Folders =======

2013-10-21 19:51 - 2013-10-21 19:50 - 00000000 ____D C:\Users\Kaitlyn\Downloads\Sims
2013-10-21 19:51 - 2011-01-13 15:44 - 00000000 ____D C:\ProgramData\MFAData
2013-10-21 19:50 - 2010-06-04 15:27 - 01970353 _____ C:\windows\WindowsUpdate.log
2013-10-21 19:48 - 2013-10-21 19:48 - 01954698 _____ (Farbar) C:\Users\Kaitlyn\Downloads\FRST64.exe
2013-10-21 19:48 - 2013-10-21 19:48 - 00000000 ____D C:\FRST
2013-10-21 19:47 - 2012-04-09 15:28 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 19:43 - 2010-09-06 02:17 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-21 19:42 - 2013-09-10 21:38 - 00000384 _____ C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Kaitlyn.job
2013-10-21 19:42 - 2012-02-21 11:25 - 00000345 _____ C:\windows\Brownie.ini
2013-10-21 19:41 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-21 19:41 - 2009-07-14 00:51 - 00200179 _____ C:\windows\setupact.log
2013-10-21 16:35 - 2013-10-21 16:35 - 00000000 ____D C:\windows\TempCABCCFF3-3EDF-2EC2-C6C5-40774D0779FE-Signatures
2013-10-21 16:35 - 2011-05-03 11:21 - 00002141 _____ C:\windows\epplauncher.mif
2013-10-21 16:11 - 2009-07-14 00:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 16:11 - 2009-07-14 00:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 16:08 - 2013-08-20 08:41 - 00003112 _____ C:\windows\System32\Tasks\RDReminder
2013-10-21 16:08 - 2009-07-14 01:13 - 00785310 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-21 16:01 - 2010-06-04 15:56 - 02781552 _____ C:\windows\PFRO.log
2013-10-21 16:00 - 2010-09-06 15:50 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3838072084-2198307700-2964809338-1000UA.job
2013-10-21 15:59 - 2012-03-15 18:14 - 00000328 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2013-10-21 15:01 - 2010-09-06 02:17 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 14:00 - 2010-09-06 15:50 - 00000864 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3838072084-2198307700-2964809338-1000Core.job
2013-10-21 12:08 - 2013-10-21 12:08 - 00006105 _____ C:\Users\Kaitlyn\Downloads\FSS.txt
2013-10-21 12:07 - 2013-10-21 12:07 - 00359081 _____ (Farbar) C:\Users\Kaitlyn\Downloads\FSS.exe
2013-10-21 11:36 - 2013-10-21 11:36 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Kaitlyn\Downloads\rkill (1).scr
2013-10-21 11:32 - 2013-10-21 11:32 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Kaitlyn\Downloads\rkill.scr
2013-10-21 11:07 - 2013-10-21 10:30 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\Avg2014
2013-10-21 10:52 - 2013-10-21 10:43 - 00000000 ____D C:\ProgramData\AVG Nation toolbar
2013-10-21 10:47 - 2013-10-21 10:47 - 00000000 ____D C:\Users\Kaitlyn\AppData\Roaming\AVG2014
2013-10-21 10:44 - 2013-10-21 10:44 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\AVG Nation toolbar
2013-10-21 10:44 - 2013-10-21 10:39 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-21 10:44 - 2011-09-04 16:39 - 00003230 _____ C:\windows\System32\Tasks\SidebarExecute
2013-10-21 10:43 - 2013-10-21 10:43 - 00000000 ____D C:\Program Files (x86)\AVG Nation toolbar
2013-10-21 10:43 - 2012-11-11 09:41 - 00000000 ____D C:\Users\Kaitlyn\AppData\Roaming\TuneUp Software
2013-10-21 10:42 - 2013-10-21 10:43 - 00046368 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-10-21 10:39 - 2013-10-21 10:39 - 00000000 ___HD C:\$AVG
2013-10-21 10:38 - 2011-01-13 19:28 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-21 10:30 - 2013-10-21 10:30 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\MFAData
2013-10-21 10:29 - 2013-10-21 10:29 - 04436536 _____ (AVG Technologies) C:\Users\Kaitlyn\Downloads\avg_isct_stb_all_2014_4158_free.exe
2013-10-21 10:18 - 2013-10-21 10:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Kaitlyn\Downloads\iexplore.exe.exe
2013-10-20 19:25 - 2013-10-20 19:25 - 00000000 ____D C:\windows\Temp5256F713-AF3A-CECD-C3F0-AD009A65FD64-Signatures
2013-10-20 19:25 - 2012-04-25 10:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-20 19:25 - 2011-05-03 11:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-19 21:00 - 2013-10-19 21:00 - 00000000 ____D C:\windows\Temp6762CA03-95F4-2AEA-F666-1DCE0535BBA9-Signatures
2013-10-19 14:55 - 2010-10-31 15:39 - 00000000 ____D C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-19 14:39 - 2010-11-15 18:48 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-10-19 13:51 - 2013-10-19 13:51 - 00000200 _____ C:\Users\Kaitlyn\Desktop\The Sims™ 3.lnk
2013-10-18 16:21 - 2013-10-18 16:21 - 00000000 ____D C:\windows\Temp7162858B-49F5-860C-0AF9-41ACECD54459-Signatures
2013-10-18 12:47 - 2013-10-18 12:47 - 05134711 _____ (Swearware) C:\Users\Kaitlyn\Downloads\ComboFix.exe
2013-10-18 12:45 - 2013-10-18 12:45 - 00002393 _____ C:\Users\Kaitlyn\Desktop\Google Chrome.lnk
2013-10-18 10:05 - 2011-01-15 21:20 - 00000000 ____D C:\Users\Kaitlyn\AppData\Roaming\uTorrent
2013-10-17 20:54 - 2013-10-17 20:54 - 00000000 ____D C:\windows\TempAD84B503-B4F0-1B66-A79A-7B6E7EDB05AD-Signatures
2013-10-17 19:25 - 2011-04-22 13:23 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\PokerStars
2013-10-17 16:44 - 2013-10-17 16:44 - 00000000 ____D C:\windows\Temp44ED0F61-E029-E143-3375-5AD5FA4BF653-Signatures
2013-10-16 20:08 - 2013-10-16 20:08 - 00000000 ____D C:\windows\TempDEBB191D-A4FF-2BE0-182D-892767F44515-Signatures
2013-10-16 12:49 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2013-10-16 08:09 - 2013-10-16 08:09 - 00000000 ____D C:\windows\Temp251689B5-F486-ADA2-7C40-7F657EC70235-Signatures
2013-10-15 16:45 - 2013-10-15 16:45 - 00000000 ____D C:\windows\Temp77B591E5-A5E3-BA47-0227-49136E995266-Signatures
2013-10-11 08:02 - 2009-07-14 00:45 - 00428256 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-10 08:03 - 2013-03-13 16:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 17:18 - 2010-06-04 16:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 17:13 - 2013-03-13 16:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 17:11 - 2011-05-03 11:20 - 00771222 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-10-09 17:03 - 2013-07-23 16:16 - 00000000 ____D C:\windows\system32\MRT
2013-10-09 16:59 - 2010-09-15 13:18 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-09 13:56 - 2010-09-06 02:17 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 13:56 - 2010-09-06 02:17 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-09 11:06 - 2013-02-11 11:59 - 00000280 _____ C:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-10-09 10:48 - 2012-04-09 15:28 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 10:48 - 2012-04-09 15:28 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 10:48 - 2011-09-06 09:38 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 13:55 - 2010-09-06 15:50 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3838072084-2198307700-2964809338-1000UA
2013-10-08 13:55 - 2010-09-06 15:50 - 00003494 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3838072084-2198307700-2964809338-1000Core
2013-10-07 08:15 - 2013-10-07 08:15 - 00000000 ____D C:\windows\SysWOW64\SearchProtect
2013-10-07 08:15 - 2013-09-26 09:59 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-10-02 09:07 - 2010-09-12 22:17 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\CrashDumps
2013-09-30 21:48 - 2013-09-10 21:36 - 00002974 _____ C:\windows\System32\Tasks\ReclaimerUpdateXML_Kaitlyn
2013-09-30 21:48 - 2013-09-10 21:36 - 00000374 _____ C:\windows\Tasks\ReclaimerUpdateXML_Kaitlyn.job
2013-09-30 21:44 - 2013-09-10 21:36 - 00000378 _____ C:\windows\Tasks\ReclaimerUpdateFiles_Kaitlyn.job
2013-09-26 15:30 - 2010-09-09 21:25 - 00000440 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-09-26 15:30 - 2010-06-04 15:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-26 15:29 - 2010-09-01 00:33 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\Google
2013-09-26 10:00 - 2013-09-26 09:59 - 00000000 ____D C:\Users\Kaitlyn\AppData\Local\SearchProtect
2013-09-26 09:54 - 2013-09-26 09:54 - 00000868 _____ C:\Users\Kaitlyn\Desktop\µTorrent.lnk
2013-09-26 09:54 - 2013-09-26 09:54 - 00000848 _____ C:\Users\Kaitlyn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-26 09:44 - 2013-09-26 09:44 - 00057144 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgfwd6a.sys
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2013-09-25 08:00 - 2009-07-14 01:08 - 00032656 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-09-22 19:28 - 2013-10-10 16:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-22 19:28 - 2013-10-10 16:45 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-09-22 19:27 - 2013-10-10 16:45 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-09-22 18:55 - 2013-10-10 16:45 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-22 18:55 - 2013-10-10 16:45 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-22 18:55 - 2013-10-10 16:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-22 18:54 - 2013-10-10 16:45 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-22 18:54 - 2013-10-10 16:45 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

Files to move or delete:
====================
ZeroAccess:
C:\Users\Kaitlyn\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\Kaitlyn\AppData\Local\Temp\29pdl45d.dll
C:\Users\Kaitlyn\AppData\Local\Temp\9gqaswi_.dll
C:\Users\Kaitlyn\AppData\Local\Temp\AutoRun.exe
C:\Users\Kaitlyn\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Kaitlyn\AppData\Local\Temp\avguidx.dll
C:\Users\Kaitlyn\AppData\Local\Temp\AVG_Toolbar_10.2.0.3.exe
C:\Users\Kaitlyn\AppData\Local\Temp\bfguni.exe
C:\Users\Kaitlyn\AppData\Local\Temp\bpuninstall.exe
C:\Users\Kaitlyn\AppData\Local\Temp\cci.exe
C:\Users\Kaitlyn\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Kaitlyn\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Kaitlyn\AppData\Local\Temp\EAD1F62.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD2B05.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD2DD.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD5456.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD8FFF.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD9211.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD926F.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD9674.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EAD978D.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADA1AB.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADA39E.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADB615.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADC35D.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADCABD.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADD8D1.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADF140.exe
C:\Users\Kaitlyn\AppData\Local\Temp\EADFC8.exe
C:\Users\Kaitlyn\AppData\Local\Temp\eauninstall.exe
C:\Users\Kaitlyn\AppData\Local\Temp\eydmrtxj.dll
C:\Users\Kaitlyn\AppData\Local\Temp\ffunzip.exe
C:\Users\Kaitlyn\AppData\Local\Temp\First15.exe
C:\Users\Kaitlyn\AppData\Local\Temp\futuretaxnetfile2012.exe
C:\Users\Kaitlyn\AppData\Local\Temp\grvf0d1x.dll
C:\Users\Kaitlyn\AppData\Local\Temp\htmlayout.dll
C:\Users\Kaitlyn\AppData\Local\Temp\i4jdel0.exe
C:\Users\Kaitlyn\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll1148479.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll1169523.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll180165.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll208198.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll261145.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll285123.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll5680261.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll5702850.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll6291707.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll6296075.dll
C:\Users\Kaitlyn\AppData\Local\Temp\installerdll6312954.dll
C:\Users\Kaitlyn\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Kaitlyn\AppData\Local\Temp\install_flashplayer11x32axau_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Kaitlyn\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Kaitlyn\AppData\Local\Temp\lowproc.exe
C:\Users\Kaitlyn\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Kaitlyn\AppData\Local\Temp\mnyB233.exe
C:\Users\Kaitlyn\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Kaitlyn\AppData\Local\Temp\MSN63A4.exe
C:\Users\Kaitlyn\AppData\Local\Temp\MSNF127.exe
C:\Users\Kaitlyn\AppData\Local\Temp\nse46B9.exe
C:\Users\Kaitlyn\AppData\Local\Temp\nso4AA0.exe
C:\Users\Kaitlyn\AppData\Local\Temp\nsyDEFF.exe
C:\Users\Kaitlyn\AppData\Local\Temp\nsyE47C.exe
C:\Users\Kaitlyn\AppData\Local\Temp\oi_{2BDE9104-FA3E-4888-94B8-ED413BFC2083}.exe
C:\Users\Kaitlyn\AppData\Local\Temp\OriginLauncher6291707.exe
C:\Users\Kaitlyn\AppData\Local\Temp\rootsupd.exe
C:\Users\Kaitlyn\AppData\Local\Temp\saiE982.exe
C:\Users\Kaitlyn\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Kaitlyn\AppData\Local\Temp\Setup.exe
C:\Users\Kaitlyn\AppData\Local\Temp\SIInvoker.exe
C:\Users\Kaitlyn\AppData\Local\Temp\Softonic-Eng7.exe
C:\Users\Kaitlyn\AppData\Local\Temp\stubhelper.dll
C:\Users\Kaitlyn\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Kaitlyn\AppData\Local\Temp\tbmidi.dll
C:\Users\Kaitlyn\AppData\Local\Temp\tbSoft.dll
C:\Users\Kaitlyn\AppData\Local\Temp\tbuTor.dll
C:\Users\Kaitlyn\AppData\Local\Temp\tbWhit.dll
C:\Users\Kaitlyn\AppData\Local\Temp\tempmessage.bfg
C:\Users\Kaitlyn\AppData\Local\Temp\The Sims 2 Pets_uninst.exe
C:\Users\Kaitlyn\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Kaitlyn\AppData\Local\Temp\uninst1.exe
C:\Users\Kaitlyn\AppData\Local\Temp\UNINSTALL.exe
C:\Users\Kaitlyn\AppData\Local\Temp\uninstall210648.exe
C:\Users\Kaitlyn\AppData\Local\Temp\uninstall210710.exe
C:\Users\Kaitlyn\AppData\Local\Temp\uninstall210726.exe
C:\Users\Kaitlyn\AppData\Local\Temp\uninstall210741.exe
C:\Users\Kaitlyn\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Kaitlyn\AppData\Local\Temp\utt6163.tmp.exe
C:\Users\Kaitlyn\AppData\Local\Temp\utt8AA6.tmp.exe
C:\Users\Kaitlyn\AppData\Local\Temp\uttCBFA.tmp.exe
C:\Users\Kaitlyn\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Kaitlyn\AppData\Local\Temp\VP6Install.exe
C:\Users\Kaitlyn\AppData\Local\Temp\VP6VFW.dll
C:\Users\Kaitlyn\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

LastRegBack: 2013-10-16 12:42

==================== End Of Log ============================

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:15 AM

Posted 22 October 2013 - 03:00 AM

Hi,

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove AVG 2014 and AVG Nation toolbar and leave only Microsoft Security Essentials installed (for now). We must repair MSE in order to restore it's functionality again and then you can uninstall it as well if you want to replace it with an alternative (but DON'T uninstall it yet because you will screw up your Windows). MSE is still affected by the rootkit.

 

Download the AVG Remover(64bit) 2014 tool and run it to clean the remnants from AVG.

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 22 October 2013 - 07:31 AM

Okay I uninstalled those two programs and I downloaded the AVG remover. When I run the AVG remover a message pops up saying AVG remover has stopped working



#12 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 22 October 2013 - 07:41 AM

On the black screen when the message pops up that the program stopped working it says...

 

Open service Failed 1060

The specified service does not exist as a installed service



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:15 AM

Posted 22 October 2013 - 07:51 AM

Ok, don't worry we will remove it at later stage. Please proceed with the fix now.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 kaitlyn19

kaitlyn19
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 22 October 2013 - 08:12 AM

Here is the fix log

Attached Files



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:15 AM

Posted 22 October 2013 - 02:22 PM

Hi,

 

Nice work! :)
Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 6



Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users