Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot download any files


  • This topic is locked This topic is locked
30 replies to this topic

#1 dodgypaul

dodgypaul

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 21 October 2013 - 03:07 PM

Attached File  dds.txt   74.45KB   1 downloads

 

"xxxxxxxxx" contained a virus and was deleted is the message i get everytime i try to download anything through IE or chrome , seem to be able to use safari ok.

 

Norton internet security was picking up 2 trojans every scan but doesnt totally clear them.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 22 October 2013 - 01:55 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 October 2013 - 11:02 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2013
Ran by Fishman (administrator) on FISHMAN-HP on 23-10-2013 16:49:01
Running from C:\Users\Fishman\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-10-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-06-25] (IDT, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$141d4e73bb1ca222e373718785746887\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-30] (Google Inc.)
HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1091872 2012-03-12] ()
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-06-14] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-06-25] (cyberlink)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\TeeSupport\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-30] (Google Inc.)
Startup: C:\Users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bafrj6jw7t.lnk
ShortcutTarget: bafrj6jw7t.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\t7wj6jrfab.plz (No File)
Startup: C:\Users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frwbnij60.lnk
ShortcutTarget: frwbnij60.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\06jinbwrf.plz (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM - {0DC0AC97-32F8-40FB-81CD-96617E371580} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0DC0AC97-32F8-40FB-81CD-96617E371580} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0DC0AC97-32F8-40FB-81CD-96617E371580} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-08-25] (EasyBits Software Corp.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Simple Pass 2011) - C:\Users\Fishman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Website Logon) - C:\Users\Fishman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0
CHR Extension: (Norton Identity Protection) - C:\Users\Fishman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Fishman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [1370400 2012-03-07] (NETGEAR)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-10-02] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-10-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20131018.001\IDSvia64.sys [521816 2013-10-18] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2012-03-14] (http://libusb-win32.sourceforge.net)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131021.001\ENG64.SYS [126040 2013-10-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20131021.001\EX64.SYS [2099288 2013-10-21] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-04-23] (CACE Technologies, Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U2 SharedAccess;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-23 16:47 - 2013-10-23 16:47 - 00000000 ____D C:\FRST
2013-10-23 16:46 - 2013-10-23 16:46 - 01955374 _____ (Farbar) C:\Users\Fishman\Downloads\FRST64.exe
2013-10-21 20:57 - 2013-10-21 20:58 - 00000000 ____D C:\Users\Fishman\AppData\Local\NPE
2013-10-21 20:45 - 2013-10-21 20:53 - 00076238 _____ C:\Users\Fishman\Desktop\dds.txt
2013-10-21 20:45 - 2013-10-21 20:53 - 00019736 _____ C:\Users\Fishman\Desktop\attach.txt
2013-10-21 20:42 - 2013-10-21 20:42 - 00688992 ____R (Swearware) C:\Users\Fishman\Downloads\dds.com
2013-10-21 20:39 - 2013-10-21 20:39 - 00000000 ____D C:\Users\Fishman\Downloads\dds
2013-10-21 20:38 - 2013-10-21 20:38 - 00686694 _____ C:\Users\Fishman\Downloads\dds.zip
2013-10-21 17:00 - 2013-10-21 18:49 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\NPE
2013-10-21 16:59 - 2013-10-21 16:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-21 16:57 - 2013-10-21 16:57 - 03053496 ____N (Symantec Corporation) C:\Users\TeeSupport\Desktop\NPE.exe
2013-10-21 16:56 - 2013-10-21 16:56 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Apple Computer
2013-10-21 14:31 - 2013-10-21 16:53 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-21 14:31 - 2013-10-21 16:53 - 00002501 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-21 14:31 - 2013-10-21 16:53 - 00002501 _____ C:\ProgramData\Desktop\Norton Internet Security.lnk
2013-10-21 14:31 - 2013-10-21 16:24 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-21 14:31 - 2013-10-21 16:24 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-21 14:31 - 2013-10-21 14:31 - 00000000 ____D C:\Program Files\Symantec
2013-10-21 14:31 - 2013-10-21 14:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-21 14:30 - 2013-10-21 16:54 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-21 14:30 - 2013-10-21 14:30 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-21 01:27 - 2013-10-21 01:27 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Hewlett-Packard_Company
2013-10-21 01:03 - 2013-10-21 01:03 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Hewlett-Packard
2013-10-21 01:01 - 2013-10-21 08:10 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Google
2013-10-21 01:01 - 2013-10-21 01:01 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{881832F5-817F-43C9-B328-0B236B14A673}
2013-10-21 01:01 - 2013-10-21 01:01 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Google
2013-10-21 01:00 - 2013-10-21 01:00 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Apple
2013-10-21 00:55 - 2013-10-21 01:27 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Hewlett-Packard
2013-10-21 00:43 - 2013-10-21 00:52 - 00064328 _____ C:\Users\TeeSupport\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 00:43 - 2013-10-21 00:43 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\ATI
2013-10-21 00:43 - 2013-10-21 00:43 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\ATI
2013-10-21 00:43 - 2013-10-21 00:43 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\AMD
2013-10-21 00:42 - 2013-10-21 16:56 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Apple Computer
2013-10-21 00:42 - 2013-10-21 00:42 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Synaptics
2013-10-21 00:42 - 2013-10-21 00:42 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\hpqLog
2013-10-21 00:41 - 2013-10-21 00:52 - 00000000 ___RD C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-21 00:41 - 2013-10-21 00:52 - 00000000 ___RD C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-21 00:41 - 2013-10-21 00:51 - 00001413 _____ C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-21 00:41 - 2013-10-21 00:41 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DBED4EDF-F1FC-4778-A02C-7147F04DD8CD}
2013-10-21 00:41 - 2013-10-21 00:41 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Adobe
2013-10-21 00:40 - 2013-10-21 00:40 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\VirtualStore
2013-10-21 00:39 - 2013-10-21 00:41 - 00000000 ____D C:\Users\TeeSupport
2013-10-21 00:39 - 2013-10-21 00:39 - 00000020 ___SH C:\Users\TeeSupport\ntuser.ini
2013-10-21 00:39 - 2013-01-14 17:15 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Macromedia
2013-10-21 00:39 - 2012-01-02 01:01 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Microsoft Help
2013-10-21 00:39 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-21 00:39 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-06 19:15 - 2013-10-21 08:11 - 00000004 _____ C:\Users\Fishman\AppData\Roaming\cache.ini
2013-10-06 19:14 - 2013-10-21 08:10 - 95025368 ____T C:\ProgramData\frwbnij60.pff
2013-10-06 19:14 - 2013-10-21 08:10 - 95025368 ____T C:\ProgramData\bafrj6jw7t.pff
2013-10-06 19:14 - 2013-10-21 01:25 - 00000405 _____ C:\ProgramData\bafrj6jw7t.reg
2013-10-06 19:14 - 2013-10-21 01:25 - 00000399 _____ C:\ProgramData\frwbnij60.reg
2013-10-06 19:14 - 2013-10-21 01:25 - 00000000 _____ C:\ProgramData\frwbnij60.ctrl
2013-10-06 19:14 - 2013-10-21 01:25 - 00000000 _____ C:\ProgramData\bafrj6jw7t.ctrl
2013-10-06 19:14 - 2013-10-06 19:14 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\frwbnij60.pzz
2013-10-06 19:14 - 2013-10-06 19:14 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\bafrj6jw7t.pzz
2013-10-06 18:46 - 2013-10-06 18:46 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-10-06 18:46 - 2013-10-06 18:46 - 00002185 _____ C:\ProgramData\Desktop\HP Support Assistant.lnk
2013-10-06 18:43 - 2013-10-06 18:43 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

==================== One Month Modified Files and Folders =======

2013-10-23 16:49 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 16:49 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 16:47 - 2013-10-23 16:47 - 00000000 ____D C:\FRST
2013-10-23 16:46 - 2013-10-23 16:46 - 01955374 _____ (Farbar) C:\Users\Fishman\Downloads\FRST64.exe
2013-10-23 16:46 - 2011-12-30 15:07 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2AB7079-9246-4788-8328-C9402F086BF9}
2013-10-23 16:46 - 2009-07-14 06:13 - 00788184 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 16:41 - 2011-12-30 15:47 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 16:40 - 2013-05-08 09:52 - 00007133 _____ C:\Windows\setupact.log
2013-10-23 16:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 10:08 - 2010-11-21 04:47 - 01326954 _____ C:\Windows\PFRO.log
2013-10-21 21:06 - 2011-12-30 15:47 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 21:03 - 2012-05-01 00:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 20:58 - 2013-10-21 20:57 - 00000000 ____D C:\Users\Fishman\AppData\Local\NPE
2013-10-21 20:53 - 2013-10-21 20:45 - 00076238 _____ C:\Users\Fishman\Desktop\dds.txt
2013-10-21 20:53 - 2013-10-21 20:45 - 00019736 _____ C:\Users\Fishman\Desktop\attach.txt
2013-10-21 20:42 - 2013-10-21 20:42 - 00688992 ____R (Swearware) C:\Users\Fishman\Downloads\dds.com
2013-10-21 20:39 - 2013-10-21 20:39 - 00000000 ____D C:\Users\Fishman\Downloads\dds
2013-10-21 20:38 - 2013-10-21 20:38 - 00686694 _____ C:\Users\Fishman\Downloads\dds.zip
2013-10-21 18:49 - 2013-10-21 17:00 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\NPE
2013-10-21 17:00 - 2011-11-09 19:19 - 00000000 ____D C:\ProgramData\Norton
2013-10-21 16:59 - 2013-10-21 16:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2013-10-21 16:57 - 2013-10-21 16:57 - 03053496 ____N (Symantec Corporation) C:\Users\TeeSupport\Desktop\NPE.exe
2013-10-21 16:56 - 2013-10-21 16:56 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Apple Computer
2013-10-21 16:56 - 2013-10-21 00:42 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Apple Computer
2013-10-21 16:56 - 2012-01-27 21:16 - 00002491 _____ C:\Users\Public\Desktop\Safari.lnk
2013-10-21 16:56 - 2012-01-27 21:16 - 00002491 _____ C:\ProgramData\Desktop\Safari.lnk
2013-10-21 16:54 - 2013-10-21 14:30 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2013-10-21 16:53 - 2013-10-21 14:31 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-10-21 16:53 - 2013-10-21 14:31 - 00002501 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-10-21 16:53 - 2013-10-21 14:31 - 00002501 _____ C:\ProgramData\Desktop\Norton Internet Security.lnk
2013-10-21 16:24 - 2013-10-21 14:31 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-10-21 16:24 - 2013-10-21 14:31 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-10-21 15:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-21 14:31 - 2013-10-21 14:31 - 00000000 ____D C:\Program Files\Symantec
2013-10-21 14:31 - 2013-10-21 14:31 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-10-21 14:30 - 2013-10-21 14:30 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-10-21 09:12 - 2011-12-30 15:47 - 00000000 ____D C:\Users\Fishman\AppData\Local\Google
2013-10-21 08:11 - 2013-10-06 19:15 - 00000004 _____ C:\Users\Fishman\AppData\Roaming\cache.ini
2013-10-21 08:10 - 2013-10-21 01:01 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Google
2013-10-21 08:10 - 2013-10-06 19:14 - 95025368 ____T C:\ProgramData\frwbnij60.pff
2013-10-21 08:10 - 2013-10-06 19:14 - 95025368 ____T C:\ProgramData\bafrj6jw7t.pff
2013-10-21 06:51 - 2012-03-05 00:06 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFishman
2013-10-21 06:51 - 2012-03-05 00:06 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForFishman.job
2013-10-21 02:03 - 2013-09-19 23:03 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-21 02:03 - 2012-05-01 00:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-21 02:03 - 2012-05-01 00:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-21 02:03 - 2012-01-11 23:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 01:27 - 2013-10-21 01:27 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Hewlett-Packard_Company
2013-10-21 01:27 - 2013-10-21 00:55 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Hewlett-Packard
2013-10-21 01:27 - 2011-12-30 15:07 - 00003836 _____ C:\Windows\System32\Tasks\SetupManager
2013-10-21 01:25 - 2013-10-06 19:14 - 00000405 _____ C:\ProgramData\bafrj6jw7t.reg
2013-10-21 01:25 - 2013-10-06 19:14 - 00000399 _____ C:\ProgramData\frwbnij60.reg
2013-10-21 01:25 - 2013-10-06 19:14 - 00000000 _____ C:\ProgramData\frwbnij60.ctrl
2013-10-21 01:25 - 2013-10-06 19:14 - 00000000 _____ C:\ProgramData\bafrj6jw7t.ctrl
2013-10-21 01:11 - 2012-09-02 22:57 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-21 01:11 - 2012-09-02 22:57 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2013-10-21 01:03 - 2013-10-21 01:03 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Hewlett-Packard
2013-10-21 01:03 - 2012-04-28 23:18 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-21 01:03 - 2012-01-16 00:35 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-21 01:03 - 2011-08-25 05:36 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-10-21 01:01 - 2013-10-21 01:01 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{881832F5-817F-43C9-B328-0B236B14A673}
2013-10-21 01:01 - 2013-10-21 01:01 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Google
2013-10-21 01:01 - 2011-12-30 15:47 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-21 01:01 - 2011-12-30 15:47 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-21 01:00 - 2013-10-21 01:00 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\Apple
2013-10-21 00:52 - 2013-10-21 00:43 - 00064328 _____ C:\Users\TeeSupport\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 00:52 - 2013-10-21 00:41 - 00000000 ___RD C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-21 00:52 - 2013-10-21 00:41 - 00000000 ___RD C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-21 00:51 - 2013-10-21 00:41 - 00001413 _____ C:\Users\TeeSupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-21 00:43 - 2013-10-21 00:43 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\ATI
2013-10-21 00:43 - 2013-10-21 00:43 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\ATI
2013-10-21 00:43 - 2013-10-21 00:43 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\AMD
2013-10-21 00:42 - 2013-10-21 00:42 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Synaptics
2013-10-21 00:42 - 2013-10-21 00:42 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\hpqLog
2013-10-21 00:41 - 2013-10-21 00:41 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DBED4EDF-F1FC-4778-A02C-7147F04DD8CD}
2013-10-21 00:41 - 2013-10-21 00:41 - 00000000 ____D C:\Users\TeeSupport\AppData\Roaming\Adobe
2013-10-21 00:41 - 2013-10-21 00:39 - 00000000 ____D C:\Users\TeeSupport
2013-10-21 00:40 - 2013-10-21 00:40 - 00000000 ____D C:\Users\TeeSupport\AppData\Local\VirtualStore
2013-10-21 00:39 - 2013-10-21 00:39 - 00000020 ___SH C:\Users\TeeSupport\ntuser.ini
2013-10-06 19:34 - 2012-02-13 21:29 - 00000000 ____D C:\Users\Fishman\AppData\Local\CrashDumps
2013-10-06 19:14 - 2013-10-06 19:14 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\frwbnij60.pzz
2013-10-06 19:14 - 2013-10-06 19:14 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\bafrj6jw7t.pzz
2013-10-06 19:14 - 2011-12-30 15:07 - 00000000 ___RD C:\Users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-06 18:51 - 2011-08-25 05:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-06 18:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-10-06 18:46 - 2013-10-06 18:46 - 00002185 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2013-10-06 18:46 - 2013-10-06 18:46 - 00002185 _____ C:\ProgramData\Desktop\HP Support Assistant.lnk
2013-10-06 18:45 - 2011-08-25 05:25 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-10-06 18:43 - 2013-10-06 18:43 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-10-06 18:42 - 2011-02-10 20:23 - 00000000 ____D C:\SWSetup
2013-09-26 22:14 - 2011-12-30 15:40 - 00000000 ____D C:\Users\Fishman\Desktop\Chubbymonger

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1046591913-278054559-2318324696-1002\$141d4e73bb1ca222e373718785746887

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$141d4e73bb1ca222e373718785746887

Files to move or delete:
====================
C:\Users\Fishman\AppData\Roaming\cache.ini
ZeroAccess:
C:\Users\Fishman\AppData\Local\Google\Desktop\Install
C:\ProgramData\bafrj6jw7t.ctrl
C:\ProgramData\bafrj6jw7t.pff
C:\ProgramData\bafrj6jw7t.reg
C:\ProgramData\frwbnij60.ctrl
C:\ProgramData\frwbnij60.pff
C:\ProgramData\frwbnij60.reg

Some content of TEMP:
====================
C:\Users\Fishman\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Fishman\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Fishman\AppData\Local\Temp\ose00000.exe
C:\Users\Fishman\AppData\Local\Temp\Resource.exe
C:\Users\Fishman\AppData\Local\Temp\sp58915.exe
C:\Users\Fishman\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-10-21 02:29

==================== End Of Log ============================



#4 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 October 2013 - 11:03 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2013
Ran by Fishman at 2013-10-23 16:49:59
Running from C:\Users\Fishman\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AMD APP SDK Runtime (Version: 2.4.595.9)
AMD Fuel (Version: 2011.0401.2259.39449)
AMD System Monitor (x32 Version: 1.0.5)
AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.820.0)
AuthenTec TrueAPI (Version: 1.2.1.33)
Beatport Downloader (x32 Version: 1.4)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (x32 Version: 2.2.0.95)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.48.61)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center InstallProxy (x32 Version: 2011.0401.2259.39449)
Catalyst Control Center Localization All (x32 Version: 2011.0401.2259.39449)
CCC Help Chinese Standard (x32 Version: 2011.0401.2258.39449)
CCC Help Chinese Traditional (x32 Version: 2011.0401.2258.39449)
CCC Help Czech (x32 Version: 2011.0401.2258.39449)
CCC Help Danish (x32 Version: 2011.0401.2258.39449)
CCC Help Dutch (x32 Version: 2011.0401.2258.39449)
CCC Help English (x32 Version: 2011.0401.2258.39449)
CCC Help Finnish (x32 Version: 2011.0401.2258.39449)
CCC Help French (x32 Version: 2011.0401.2258.39449)
CCC Help German (x32 Version: 2011.0401.2258.39449)
CCC Help Greek (x32 Version: 2011.0401.2258.39449)
CCC Help Hungarian (x32 Version: 2011.0401.2258.39449)
CCC Help Italian (x32 Version: 2011.0401.2258.39449)
CCC Help Japanese (x32 Version: 2011.0401.2258.39449)
CCC Help Korean (x32 Version: 2011.0401.2258.39449)
CCC Help Norwegian (x32 Version: 2011.0401.2258.39449)
CCC Help Polish (x32 Version: 2011.0401.2258.39449)
CCC Help Portuguese (x32 Version: 2011.0401.2258.39449)
CCC Help Russian (x32 Version: 2011.0401.2258.39449)
CCC Help Spanish (x32 Version: 2011.0401.2258.39449)
CCC Help Swedish (x32 Version: 2011.0401.2258.39449)
CCC Help Thai (x32 Version: 2011.0401.2258.39449)
CCC Help Turkish (x32 Version: 2011.0401.2258.39449)
ccc-utility64 (Version: 2011.0401.2259.39449)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CyberLink PowerDVD (x32 Version: 10.0.3.3222)
CyberLink YouCam (x32 Version: 3.5.1.3922)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000)
Dora's World Adventure (x32 Version: 2.2.0.95)
Energy Star Digital Logo (x32 Version: 1.0.1)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979)
Ewisoft Website Builder (include eCommerce Builder) Version 6.1 (x32)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 30.0.1599.101)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.5.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (x32 Version: 4.1.23.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (Version: 14.0)
HP Documentation (x32 Version: 1.2.0.0)
HP DVB-T TV Tuner 8.0.64.43 (x32 Version: 8.0.64.43)
HP Games (x32 Version: 1.0.2.4)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.8)
HP Quick Launch (x32 Version: 2.6.3)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP SimplePass 2011 (x32 Version: 5.1.0.495)
HP Software Framework (x32 Version: 4.5.12.1)
HP Support Assistant (x32 Version: 7.0.39.15)
iCloud (Version: 3.0.2.163)
IDT Audio (x32 Version: 1.0.6345.0)
iTunes (Version: 11.1.0.126)
Jawbone Updater (x32 Version: 0.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
NETGEAR Genie (x32 Version: 2.2.25.6 )
Network64 (Version: 140.0.215.000)
Norton Internet Security (x32 Version: 20.4.0.40)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.83)
Recovery Manager (x32 Version: 2.0.0)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 140.0.80.000)
Slingo Supreme (x32 Version: 2.2.0.95)
Synaptics TouchPad Driver (Version: 15.3.11.0)
Toolbox (x32 Version: 140.0.428.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update Installer for WildTangent Games App (x32)
Validity WBF DDK (Version: 4.3.118.0)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

01-08-2013 22:04:29 Scheduled Checkpoint
06-10-2013 17:43:56 Installed HP Support Assistant
06-10-2013 17:48:28 Windows Modules Installer
06-10-2013 17:49:37 Windows Modules Installer
21-10-2013 01:36:08 Scheduled Checkpoint
21-10-2013 16:06:28 Norton_Power_Eraser_20131021170624553
21-10-2013 16:15:00 Removed Java™ 6 Update 24 (64-bit)
21-10-2013 16:17:03 Removed Java™ 6 Update 30

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {091027C5-7524-4035-9FDA-886F6D57016F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {2E095689-1FCC-430F-BC79-4325E8EBDD14} - System32\Tasks\{90F02136-2860-47CF-9730-ECB962708B29} => C:\Program Files (x86)\iTunes\iTunes.exe [2013-09-17] (Apple Inc.)
Task: {3C05FBB6-DEDB-46D2-967C-179C9EE49AE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-21] (Adobe Systems Incorporated)
Task: {46C9F7FD-12B8-4C55-97E8-A61FE3B34BBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4B768010-3BC4-4ACB-8BB2-AAE71A9BAA7A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {76FE572B-F924-4A1A-A6CF-7E4F2BA7DC7F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {8404F186-E396-4861-B337-133CAB80E369} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-09-14] (Apple Inc.)
Task: {8E216A07-FDD7-4B2C-A2F2-FE479D8FFA62} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
Task: {926D6B4E-3F11-460A-AEE4-9131FF26D459} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-09-17] (Microsoft)
Task: {97CD3E3A-9B50-42DC-BE42-AAAE907491A8} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-03-04] (Microsoft)
Task: {B0CA3AE3-1814-4EBF-AC4B-3C6AC4DF811C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30] (Google Inc.)
Task: {B8FB96A2-B41C-4C87-8504-7E22E825A477} - System32\Tasks\HPCeeScheduleForFishman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {BA28977E-500F-44C8-A89A-65F8A770B504} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {C1ACA906-FD1D-4FC4-92FC-977640380976} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {C837566C-CD29-4E8C-9054-EC4B48904E43} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {E033DE4D-7A7A-48BA-99F8-7752D0D283DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {E5CB0F9E-65EB-4115-B75F-377395DD8C20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30] (Google Inc.)
Task: {E9F317BF-ECF4-4F45-92CA-D62B27B2D75B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F744CBE7-E6F2-46DE-BA8F-95C3546ACA90} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {FBC3A051-61A8-4598-B101-B18E7A188EB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFishman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-07-30 04:39 - 2010-07-30 04:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-04-02 08:06 - 2011-04-02 08:06 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-04 21:25 - 2011-03-04 21:25 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-02 07:57 - 2011-04-02 07:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-04-27 17:05 - 2011-04-27 17:05 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2012-08-27 22:33 - 2012-08-27 22:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 22:33 - 2012-08-27 22:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 02537472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00011362 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00043008 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 09814016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 01140224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
2012-03-20 03:54 - 2012-03-20 03:54 - 01327616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00399360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00083456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00287232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
2012-03-13 02:58 - 2012-03-13 02:58 - 00217088 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2012-03-20 06:55 - 2012-03-20 06:55 - 01139200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2012-03-20 06:14 - 2012-03-20 06:14 - 02582016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2012-03-12 02:49 - 2012-03-12 02:49 - 00467456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2012-03-12 02:49 - 2012-03-12 02:49 - 00186368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2012-03-20 03:57 - 2012-03-20 03:57 - 01110016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2012-03-20 07:20 - 2012-03-20 07:20 - 06586368 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2012-03-12 08:17 - 2012-03-12 08:17 - 00914432 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2012-03-07 08:42 - 2012-03-07 08:42 - 00613888 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2012-03-07 08:55 - 2012-03-07 08:55 - 00643072 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2012-03-20 06:55 - 2012-03-20 06:55 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2012-03-20 06:55 - 2012-03-20 06:55 - 00150528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00489472 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00116224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2012-03-07 07:36 - 2012-03-07 07:36 - 00076288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2012-03-14 07:16 - 2012-03-14 07:16 - 00394240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_TrafficMeter.dll
2012-03-20 03:56 - 2012-03-20 03:56 - 00261632 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_FirmwareUpdate.dll
2012-03-20 06:14 - 2012-03-20 06:14 - 00081920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.DLL
2012-03-20 06:14 - 2012-03-20 06:14 - 00083968 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2012-03-13 02:58 - 2012-03-13 02:58 - 00138752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2011-04-27 17:05 - 2011-04-27 17:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2013 04:41:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2013 10:09:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

Error: (10/21/2013 09:09:32 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU failed to post message to CCC

System errors:
=============
Error: (10/23/2013 04:42:26 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (10/23/2013 04:42:26 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (10/23/2013 04:42:18 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service hung on starting.

Error: (10/23/2013 04:42:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/23/2013 04:40:56 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (10/23/2013 04:40:56 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (10/23/2013 04:40:55 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (10/23/2013 04:40:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/23/2013 10:28:58 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (10/23/2013 10:28:58 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Microsoft Office Sessions:
=========================
Error: (08/31/2012 08:18:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 89 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/06/2012 00:17:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/18/2012 00:55:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 450 seconds with 360 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-05-12 14:32:09.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-12 14:32:09.210
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-12 14:32:04.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-12 14:32:04.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-12 14:32:04.362
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-12 14:32:04.284
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-14 16:32:16.394
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-14 16:32:16.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3561.91 MB
Available physical RAM: 2145.5 MB
Total Pagefile: 7122 MB
Available Pagefile: 5439.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:914.06 GB) (Free:842.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.15 GB) (Free:1.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 90453111)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================



#5 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 25 October 2013 - 03:17 AM

Hi Marius what do I do next?? 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 26 October 2013 - 03:51 AM

You are infected with the so called ZeroAccess rootkit...

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$141d4e73bb1ca222e373718785746887\n. ATTENTION! ====> ZeroAccess?
    HKCU\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
    Startup: C:\Users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bafrj6jw7t.lnk
    ShortcutTarget: bafrj6jw7t.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\t7wj6jrfab.plz (No File)
    Startup: C:\Users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frwbnij60.lnk
    ShortcutTarget: frwbnij60.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\06jinbwrf.plz (No File)
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    
    C:\Users\Fishman\AppData\Local\Google\Desktop
    C:\Users\Fishman\AppData\Roaming\cache.ini
    C:\ProgramData\frwbnij60.pff
    C:\ProgramData\bafrj6jw7t.pff
    C:\ProgramData\bafrj6jw7t.reg
    C:\ProgramData\frwbnij60.reg
    C:\ProgramData\frwbnij60.ctrl
    C:\ProgramData\bafrj6jw7t.ctrl
    C:\ProgramData\frwbnij60.pzz
    C:\ProgramData\bafrj6jw7t.pzz
    C:\$Recycle.Bin\S-1-5-18\$141d4e73bb1ca222e373718785746887
    C:\Users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bafrj6jw7t.lnk
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\t7wj6jrfab.plz
    C:\Users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\frwbnij60.lnk
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\06jinbwrf.plz
    
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    
    CMD: netsh winsock reset
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 26 October 2013 - 04:05 PM

not sure where to save it to? I don't understand the wording, anywhere I save it then frst says the fixlist doesn't exist so clearly im putting it in the wrong place 



#8 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 27 October 2013 - 09:19 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2013
Ran by Fishman at 2013-10-27 14:17:26 Run:1
Running from C:\Users\Fishman\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

*****************

==== End of Fixlog ====



#9 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 27 October 2013 - 10:05 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Fishman :: FISHMAN-HP [administrator]

Protection: Enabled

27/10/2013 14:54:56
mbam-log-2013-10-27 (14-54-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230388
Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\bafrj6jw7t.pzz (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\ProgramData\frwbnij60.pzz (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Fishman\AppData\Local\Temp\qvpedo (Malware.Packer.GPC) -> Quarantined and deleted successfully.

(end)

 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 28 October 2013 - 04:23 AM

Please download the attached file and save it to the same location as frst.exe.

Then run FRST and hit Fix.

 

Post up fixlog.txt

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 29 October 2013 - 03:28 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Fishman at 2013-10-29 20:28:04 Run:7
Running from C:\Users\Fishman\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
 
*****************
 
 
==== End of Fixlog ====


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 30 October 2013 - 03:10 AM

FRST didn´t find fixlist.txt.

Move FRST and the fixlist.txt to your desktop and run the fix again.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 30 October 2013 - 03:02 PM

Moved both to desktop and when I click fix on frst it doesn't find the fixlist



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 31 October 2013 - 03:06 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!
  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe
When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 dodgypaul

dodgypaul
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 November 2013 - 04:38 PM

ComboFix 13-11-01.03 - Fishman 01/11/2013  21:15:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3562.2039 [GMT 0:00]
Running from: c:\users\Fishman\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fishman\AppData\Local\Google\Desktop\Install
c:\users\Fishman\AppData\Local\Google\Desktop\Install\{141d4e73-bb1c-a222-e373-718785746887}\2E2F~1\28F0~1\E628~1\{141d4e73-bb1c-a222-e373-718785746887}\@
c:\users\Fishman\AppData\Local\Google\Desktop\Install\{141d4e73-bb1c-a222-e373-718785746887}\2E2F~1\28F0~1\E628~1\{141d4e73-bb1c-a222-e373-718785746887}\L\76603ac3
c:\users\Fishman\AppData\Roaming\poclbm
c:\users\Fishman\AppData\Roaming\poclbm\poclbm.ini
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-01 to 2013-11-01  )))))))))))))))))))))))))))))))
.
.
2013-11-01 21:24 . 2013-11-01 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-27 14:52 . 2013-10-27 14:52 -------- d-----w- c:\users\Fishman\AppData\Roaming\Malwarebytes
2013-10-27 14:52 . 2013-10-27 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-27 14:52 . 2013-10-27 14:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-27 14:52 . 2013-04-04 14:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-23 15:47 . 2013-10-23 15:47 -------- d-----w- C:\FRST
2013-10-21 19:57 . 2013-10-21 19:58 -------- d-----w- c:\users\Fishman\AppData\Local\NPE
2013-10-21 14:35 . 2013-10-21 14:35 -------- d-----w- c:\users\Fishman\AppData\Local\ElevatedDiagnostics
2013-10-20 23:39 . 2013-10-20 23:41 -------- d-----w- c:\users\TeeSupport
2013-10-06 18:14 . 2013-10-21 00:25 399 ----a-w- c:\documents and settings\All Users\Application Data\frwbnij60.reg
2013-10-06 18:14 . 2013-10-21 00:25 405 ----a-w- c:\documents and settings\All Users\Application Data\bafrj6jw7t.reg
2013-10-06 17:43 . 2013-10-06 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-21 01:03 . 2012-04-30 23:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-21 01:03 . 2012-01-11 22:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-21 01:03 . 2013-09-19 22:03 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-30 39408]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-09-04 1315144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-06-25 75048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-17 152392]
.
c:\users\Fishman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
bafrj6jw7t.lnk - c:\windows\System32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\t7wj6jrfab.plz,GL300 [2009-7-13 45568]
frwbnij60.lnk - c:\windows\System32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\06jinbwrf.plz,GL300 [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/25 22:08;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-21 00:06 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 01:03]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 14:47]
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 14:47]
.
2013-10-27 c:\windows\Tasks\HPCeeScheduleForFishman.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-06-25 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-KiesTrayAgent - c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-11-01  21:34:16 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-01 21:34
.
Pre-Run: 903,016,402,944 bytes free
Post-Run: 903,477,612,544 bytes free
.
- - End Of File - - FB0A050F0D169F89496ABACF10F214CD
A36C5E4F47E84449FF07ED3517B43A31
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users