Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE and Word Crashes, Malware Bytes won't open, Chome can't DL any files.


  • This topic is locked This topic is locked
31 replies to this topic

#1 RPepster

RPepster

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 02 November 2013 - 01:45 PM

Hi guys,

    So recently my computer went nuts.  The title pretty much says it all, but it expand a bit.  Basically IE and Word both crash and Chrome will open, but when I try to download something it just stays in the "starting..." state and the download never begins.  I also tried to install HijackThis to get those logs and it will not install.  It keep saying it "must be installed on a local hard drive"  when the destination is a local hard drive.  Also I tried to run some anti-malware, MalwareBytes will install but won't open, Spybot installed but says "The application was unable to install correctly (0xc0000005)"  Below is the dds.txt and attached is the attach.txt.  Thank you in advance for any help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.40.2
Run by Ashlee at 11:22:43 on 2013-11-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{15948B86-69C3-4CD1-ABA1-BE51767A86F8} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{5B94342A-5C74-40BB-9F88-622D0DE3A898} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{5B94342A-5C74-40BB-9F88-622D0DE3A898}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{5B94342A-5C74-40BB-9F88-622D0DE3A898}\35355575C414E4 : DHCPNameServer = 130.157.27.50 130.157.30.50 137.145.46.102
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-11-02 17:43:50 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-11-02 17:43:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-11-02 17:43:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-02 17:42:11 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-02 17:34:23 98816 ----a-w- C:\Windows\sed.exe
2013-11-02 17:34:23 256000 ----a-w- C:\Windows\PEV.exe
2013-11-02 17:34:23 208896 ----a-w- C:\Windows\MBR.exe
2013-11-02 17:06:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-02 17:06:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-29 05:52:30 -------- d-----w- C:\Windows\pss
2013-10-29 04:43:40 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{646C7E06-1B5C-423A-85AB-EA6BA7C9AF0D}\mpengine.dll
2013-10-28 02:28:50 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 14:33:25 -------- d-----w- C:\Windows\CheckSur
2013-10-18 05:38:25 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F4233AA3-8A6D-419F-8610-833798265752}\gapaengine.dll
2013-10-09 03:09:02 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 03:09:02 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-09 03:09:00 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-09 03:09:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-10-09 03:09:00 41472 ----a-w- C:\Windows\System32\lpk.dll
2013-10-09 03:09:00 368128 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-09 03:09:00 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-09 03:09:00 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2013-10-09 03:09:00 14336 ----a-w- C:\Windows\System32\dciman32.dll
2013-10-09 03:09:00 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-10-09 03:09:00 100864 ----a-w- C:\Windows\System32\fontsub.dll
.
==================== Find3M  ====================
.
2013-09-26 19:32:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-26 19:31:56 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-26 19:31:56 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-26 19:10:48 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2013-09-26 19:10:48 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-09-26 17:36:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-26 17:36:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:23:13.96 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:04 PM

Posted 02 November 2013 - 04:15 PM

Hi RPepster and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 02 November 2013 - 08:09 PM

Hi seedy21,

   Thanks for taking the case.   I look forward to your response.



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:04 PM

Posted 03 November 2013 - 01:41 PM

Hello RPepster

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

Please disable Spybot S&D’s protection, because it is known to interfere with our fixes.

  • Open Spybot and click on 'Mode' then click 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Change the Services to Stop
  • Close down all the windows and reboot your computer.

 

 

Step 2

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

Ask Toolbar
Ask Toolbar Updater



Step 3

Download RogueKiller and save it to your desktop.

  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
  • A copy of the RKreport.txt can be found on your desktop.

    Note:
    If RogueKiller is blocked, do not hesitate to try running it again.
    If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Edited by seedy21, 03 November 2013 - 01:41 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 03 November 2013 - 08:51 PM

Thank you Seedy21,

 

I could not open Spybot to follow instructions in Step 1, so uninstalled it using the uninstall program that downloaded along with Spybot. I then restarted. When attempting to uninstall Ask Toolbar, the following message appeared:

 

Error 1719: Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

 

When attempting to uninstall Ask Toolbar Updater, the following message appeared:

 

You do not have sufficient access to uninstall Ask Toolbar Updater. Please contact your system administrator.

 

Should I skip this step and still attempt to download RogueKiller? I still cannot download so would be downloading to another computer and transfering via flash drive.

 

Thank you again for your assistance.



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:04 PM

Posted 05 November 2013 - 04:26 AM

Hello RPepster

Lets not run this tool for now.

Step 1

For x32 (x86) bit systems:
download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

For x64 bit systems:
download Farbar Recovery Scan Tool 64-Bit
and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc.
    If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 06 November 2013 - 10:38 PM

Thank you very much for your reply. I am out of town currently and will not be able to post my logs until 11/11. I will reply then and hope to get this darn computer working.

 

Thanks again,

Ryan



#8 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 12 November 2013 - 02:25 AM

Hello again,

 

Thank you for your patience. I cannot enter system recovery options. From the boot menu, once I attempt to get into system recovery, it boots back into regular windows and does not give me the option of "repair your computer."

 

Next step?

 

Thank you,

Ryan



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:04 PM

Posted 13 November 2013 - 04:10 PM

Hi RPepster

Lets try another method as we seem to be having trouble to get a complete log .

Step 1

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it on your Desktop.
  • Double Click the Program to run (Vista and 7 Users will need to Right Click and select Run as Administrator.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on theDesktop . Please copy and paste it to your reply.
  • [/list]

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 14 November 2013 - 02:14 AM

Thank you,

 

I have posted the log. At one point during the scan, an error message appeared, but once closed, the FRST scan continued.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Ashlee (administrator) on ASHLEE-PC on 13-11-2013 23:08:52
Running from C:\Users\Ashlee\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Users\Ashlee\AppData\Local\Autobahn\nexdef.exe
(Google Inc.) C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-07-04] (Google Inc.)
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Ashlee\AppData\Local\Autobahn\nexdef.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Ashlee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ashlee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Ashlee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Ashlee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Ashlee\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ashlee\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] ()
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-13 23:08 - 2013-11-13 23:10 - 00009508 _____ C:\Users\Ashlee\Desktop\FRST.txt
2013-11-13 23:08 - 2013-11-13 23:08 - 00000000 ____D C:\FRST
2013-11-13 23:06 - 2013-11-13 23:06 - 01957794 _____ (Farbar) C:\Users\Ashlee\Desktop\FRST64.exe
2013-11-13 23:06 - 2013-11-11 20:59 - 00000266 _____ C:\Users\Ashlee\Desktop\UsersscoespedDownloadsFRST64.exe.fileloc
2013-11-13 23:06 - 2013-10-29 00:33 - 01038584 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\rkill64.com
2013-11-11 23:08 - 2013-11-11 23:10 - 02460592 _____ C:\Users\Ashlee\Downloads\aelbknmfcacjffmgnoaaonhgoghlmlkp_51803 (1).crx
2013-11-11 20:57 - 2013-11-11 20:57 - 00000000 _____ C:\Users\Ashlee\Downloads\Unconfirmed 341821.crdownload
2013-11-11 20:40 - 2013-11-11 20:40 - 00000000 _____ C:\Users\Ashlee\Downloads\Unconfirmed 773492.crdownload
2013-11-03 17:31 - 2013-11-03 17:31 - 00000085 _____ C:\Windows\wininit.ini
2013-11-03 17:31 - 2013-11-03 17:31 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-02 10:23 - 2013-11-02 10:23 - 00007676 _____ C:\Users\Ashlee\Desktop\dds.txt
2013-11-02 10:23 - 2013-11-02 10:23 - 00004941 _____ C:\Users\Ashlee\Desktop\attach.txt
2013-11-02 10:21 - 2013-11-02 10:19 - 04745728 _____ (AVAST Software) C:\Users\Ashlee\Desktop\aswmbr.exe
2013-11-02 10:21 - 2013-11-02 10:18 - 00688992 ____R (Swearware) C:\Users\Ashlee\Desktop\dds.com
2013-11-02 10:10 - 2013-11-02 10:08 - 00374584 _____ C:\Users\Ashlee\Desktop\exe_fix.com
2013-11-02 10:10 - 2013-11-02 10:07 - 02218636 _____ C:\Users\Ashlee\Desktop\tdsskiller.zip
2013-11-02 10:00 - 2013-11-03 17:32 - 00003422 _____ C:\Windows\PFRO.log
2013-11-02 09:58 - 2013-11-02 09:52 - 01402880 _____ C:\Users\Ashlee\Desktop\HijackThis.msi
2013-11-02 09:57 - 2013-11-02 08:55 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\rkill.exe
2013-11-02 09:42 - 2013-11-02 09:42 - 00016069 _____ C:\ComboFix.txt
2013-11-02 09:34 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-02 09:34 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-02 09:34 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-02 09:34 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-02 09:34 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-02 09:34 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-02 09:34 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-02 09:34 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-02 09:29 - 2013-11-02 09:42 - 00000000 ____D C:\Qoobox
2013-11-02 09:29 - 2013-11-02 09:40 - 00000000 ____D C:\Windows\erdnt
2013-11-02 09:28 - 2013-11-02 09:26 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Ashlee\Desktop\spybot-2.2.exe
2013-11-02 09:28 - 2013-11-02 09:25 - 05143186 ____R (Swearware) C:\Users\Ashlee\Desktop\ComboFix.exe
2013-11-02 09:17 - 2013-11-02 09:10 - 00294400 _____ C:\Users\Ashlee\Desktop\exeHelper.com
2013-11-02 09:06 - 2013-11-02 09:06 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-02 09:06 - 2013-11-02 09:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-02 09:06 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-02 08:53 - 2013-11-02 08:53 - 00038891 _____ C:\Users\Ashlee\Downloads\Unconfirmed 302939.crdownload
2013-10-28 23:48 - 2013-10-28 23:47 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-28 23:41 - 2013-10-28 23:54 - 00491168 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 551544.crdownload
2013-10-28 23:34 - 2013-10-28 23:34 - 00000000 ____D C:\Users\Ashlee\Desktop\Malwarebytes' Anti-Malware
2013-10-28 23:34 - 2013-10-28 23:20 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\rkill.com
2013-10-28 23:33 - 2013-11-02 11:11 - 00002664 _____ C:\Users\Ashlee\Desktop\Rkill.txt
2013-10-28 23:33 - 2013-10-28 23:33 - 00000000 ____D C:\Users\Ashlee\Desktop\rkill
2013-10-28 22:25 - 2013-10-28 22:25 - 00034547 _____ C:\Users\Ashlee\Downloads\Unconfirmed 883866.crdownload
2013-10-28 21:58 - 2013-10-28 21:58 - 00034559 _____ C:\Users\Ashlee\Downloads\Unconfirmed 840576.crdownload
2013-10-28 21:52 - 2013-11-02 10:58 - 00000000 ____D C:\Windows\pss
2013-10-28 21:41 - 2013-10-28 21:42 - 00555165 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 427701.crdownload
2013-10-28 20:40 - 2013-10-28 20:42 - 00147456 _____ C:\Users\Ashlee\Downloads\AAC AYALA.ppt.crdownload
2013-10-27 21:59 - 2013-10-27 21:59 - 00050817 _____ C:\Users\Ashlee\Downloads\Unconfirmed 268511.crdownload
2013-10-27 21:53 - 2013-10-27 21:54 - 00040400 _____ C:\Users\Ashlee\Downloads\SST REQUEST.docx.crdownload
2013-10-27 21:44 - 2013-10-27 21:45 - 00266882 _____ C:\Users\Ashlee\Downloads\Unconfirmed 702576.crdownload
2013-10-27 20:58 - 2013-10-27 20:58 - 00004468 _____ C:\Users\Ashlee\Documents\cc_20131027_215816.reg
2013-10-27 20:52 - 2013-11-11 21:51 - 00002062 _____ C:\Windows\setupact.log
2013-10-27 20:52 - 2013-10-27 20:52 - 00000000 _____ C:\Windows\setuperr.log
2013-10-27 20:44 - 2013-10-27 20:45 - 00094462 _____ (Mozilla) C:\Users\Ashlee\Downloads\Unconfirmed 32370.crdownload
2013-10-27 20:41 - 2013-10-27 20:43 - 00431877 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 537139.crdownload
2013-10-27 20:34 - 2013-11-13 23:10 - 00698805 _____ C:\Windows\WindowsUpdate.log
2013-10-27 20:28 - 2013-10-27 20:29 - 00241101 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 85481.crdownload
2013-10-27 19:06 - 2013-10-27 19:26 - 00998513 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 703567.crdownload
2013-10-27 19:03 - 2013-10-27 19:03 - 00079030 _____ C:\Users\Ashlee\Documents\cc_20131027_200308.reg
2013-10-27 18:49 - 2013-10-27 18:54 - 00357417 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 571308.crdownload
2013-10-27 18:35 - 2013-10-27 18:42 - 00037677 _____ C:\Users\Ashlee\Downloads\Unconfirmed 806380.crdownload
2013-10-27 16:29 - 2013-10-27 16:29 - 00335144 _____ C:\Users\Ashlee\Downloads\Setup.exe
2013-10-24 21:35 - 2013-10-24 21:35 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Mozilla
2013-10-22 19:51 - 2013-10-22 19:52 - 00120832 _____ C:\Users\Ashlee\Downloads\MMMSprogrampathway.pub
2013-10-18 14:33 - 2013-10-18 14:33 - 01553408 _____ C:\Users\Ashlee\Downloads\EDSP 426 lect 6  (1).ppt
2013-10-18 14:32 - 2013-10-18 14:32 - 01552896 _____ C:\Users\Ashlee\Downloads\EDSP 426 lect 6 .ppt
2013-10-18 06:33 - 2013-10-18 06:33 - 00000000 ____D C:\Windows\CheckSur
2013-10-17 15:50 - 2013-10-17 15:50 - 00260608 _____ C:\Users\Ashlee\Downloads\EDSP 400 EBD F13.ppt
 
==================== One Month Modified Files and Folders =======
 
2013-11-13 23:10 - 2013-11-13 23:08 - 00009508 _____ C:\Users\Ashlee\Desktop\FRST.txt
2013-11-13 23:10 - 2013-10-27 20:34 - 00698805 _____ C:\Windows\WindowsUpdate.log
2013-11-13 23:08 - 2013-11-13 23:08 - 00000000 ____D C:\FRST
2013-11-13 23:06 - 2013-11-13 23:06 - 01957794 _____ (Farbar) C:\Users\Ashlee\Desktop\FRST64.exe
2013-11-13 22:55 - 2012-07-04 10:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 22:55 - 2011-11-16 16:47 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000UA.job
2013-11-11 23:10 - 2013-11-11 23:08 - 02460592 _____ C:\Users\Ashlee\Downloads\aelbknmfcacjffmgnoaaonhgoghlmlkp_51803 (1).crx
2013-11-11 21:59 - 2009-07-13 21:13 - 00717892 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 21:59 - 2009-07-13 20:45 - 00014272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 21:59 - 2009-07-13 20:45 - 00014272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 21:52 - 2012-07-04 10:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 21:52 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 21:51 - 2013-10-27 20:52 - 00002062 _____ C:\Windows\setupact.log
2013-11-11 20:59 - 2013-11-13 23:06 - 00000266 _____ C:\Users\Ashlee\Desktop\UsersscoespedDownloadsFRST64.exe.fileloc
2013-11-11 20:57 - 2013-11-11 20:57 - 00000000 _____ C:\Users\Ashlee\Downloads\Unconfirmed 341821.crdownload
2013-11-11 20:40 - 2013-11-11 20:40 - 00000000 _____ C:\Users\Ashlee\Downloads\Unconfirmed 773492.crdownload
2013-11-03 17:32 - 2013-11-02 10:00 - 00003422 _____ C:\Windows\PFRO.log
2013-11-03 17:31 - 2013-11-03 17:31 - 00000085 _____ C:\Windows\wininit.ini
2013-11-03 17:31 - 2013-11-03 17:31 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-11-02 11:11 - 2013-10-28 23:33 - 00002664 _____ C:\Users\Ashlee\Desktop\Rkill.txt
2013-11-02 10:58 - 2013-10-28 21:52 - 00000000 ____D C:\Windows\pss
2013-11-02 10:58 - 2011-11-16 16:22 - 00000000 ___RD C:\Users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 10:23 - 2013-11-02 10:23 - 00007676 _____ C:\Users\Ashlee\Desktop\dds.txt
2013-11-02 10:23 - 2013-11-02 10:23 - 00004941 _____ C:\Users\Ashlee\Desktop\attach.txt
2013-11-02 10:19 - 2013-11-02 10:21 - 04745728 _____ (AVAST Software) C:\Users\Ashlee\Desktop\aswmbr.exe
2013-11-02 10:18 - 2013-11-02 10:21 - 00688992 ____R (Swearware) C:\Users\Ashlee\Desktop\dds.com
2013-11-02 10:08 - 2013-11-02 10:10 - 00374584 _____ C:\Users\Ashlee\Desktop\exe_fix.com
2013-11-02 10:07 - 2013-11-02 10:10 - 02218636 _____ C:\Users\Ashlee\Desktop\tdsskiller.zip
2013-11-02 09:52 - 2013-11-02 09:58 - 01402880 _____ C:\Users\Ashlee\Desktop\HijackThis.msi
2013-11-02 09:42 - 2013-11-02 09:42 - 00016069 _____ C:\ComboFix.txt
2013-11-02 09:42 - 2013-11-02 09:29 - 00000000 ____D C:\Qoobox
2013-11-02 09:40 - 2013-11-02 09:29 - 00000000 ____D C:\Windows\erdnt
2013-11-02 09:39 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-11-02 09:26 - 2013-11-02 09:28 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Ashlee\Desktop\spybot-2.2.exe
2013-11-02 09:25 - 2013-11-02 09:28 - 05143186 ____R (Swearware) C:\Users\Ashlee\Desktop\ComboFix.exe
2013-11-02 09:10 - 2013-11-02 09:17 - 00294400 _____ C:\Users\Ashlee\Desktop\exeHelper.com
2013-11-02 09:06 - 2013-11-02 09:06 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-02 09:06 - 2013-11-02 09:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-02 08:55 - 2013-11-02 09:57 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\rkill.exe
2013-11-02 08:53 - 2013-11-02 08:53 - 00038891 _____ C:\Users\Ashlee\Downloads\Unconfirmed 302939.crdownload
2013-10-29 00:33 - 2013-11-13 23:06 - 01038584 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\rkill64.com
2013-10-28 23:54 - 2013-10-28 23:41 - 00491168 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 551544.crdownload
2013-10-28 23:47 - 2013-10-28 23:48 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-28 23:34 - 2013-10-28 23:34 - 00000000 ____D C:\Users\Ashlee\Desktop\Malwarebytes' Anti-Malware
2013-10-28 23:33 - 2013-10-28 23:33 - 00000000 ____D C:\Users\Ashlee\Desktop\rkill
2013-10-28 23:20 - 2013-10-28 23:34 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Ashlee\Desktop\rkill.com
2013-10-28 22:25 - 2013-10-28 22:25 - 00034547 _____ C:\Users\Ashlee\Downloads\Unconfirmed 883866.crdownload
2013-10-28 21:58 - 2013-10-28 21:58 - 00034559 _____ C:\Users\Ashlee\Downloads\Unconfirmed 840576.crdownload
2013-10-28 21:42 - 2013-10-28 21:41 - 00555165 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 427701.crdownload
2013-10-28 20:42 - 2013-10-28 20:40 - 00147456 _____ C:\Users\Ashlee\Downloads\AAC AYALA.ppt.crdownload
2013-10-27 21:59 - 2013-10-27 21:59 - 00050817 _____ C:\Users\Ashlee\Downloads\Unconfirmed 268511.crdownload
2013-10-27 21:54 - 2013-10-27 21:53 - 00040400 _____ C:\Users\Ashlee\Downloads\SST REQUEST.docx.crdownload
2013-10-27 21:45 - 2013-10-27 21:44 - 00266882 _____ C:\Users\Ashlee\Downloads\Unconfirmed 702576.crdownload
2013-10-27 20:58 - 2013-10-27 20:58 - 00004468 _____ C:\Users\Ashlee\Documents\cc_20131027_215816.reg
2013-10-27 20:52 - 2013-10-27 20:52 - 00000000 _____ C:\Windows\setuperr.log
2013-10-27 20:45 - 2013-10-27 20:44 - 00094462 _____ (Mozilla) C:\Users\Ashlee\Downloads\Unconfirmed 32370.crdownload
2013-10-27 20:43 - 2013-10-27 20:41 - 00431877 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 537139.crdownload
2013-10-27 20:29 - 2013-10-27 20:28 - 00241101 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 85481.crdownload
2013-10-27 19:26 - 2013-10-27 19:06 - 00998513 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 703567.crdownload
2013-10-27 19:03 - 2013-10-27 19:03 - 00079030 _____ C:\Users\Ashlee\Documents\cc_20131027_200308.reg
2013-10-27 18:59 - 2011-11-16 16:10 - 00000000 ____D C:\Windows\Panther
2013-10-27 18:54 - 2013-10-27 18:49 - 00357417 _____ (Malwarebytes Corporation                                    ) C:\Users\Ashlee\Downloads\Unconfirmed 571308.crdownload
2013-10-27 18:42 - 2013-10-27 18:35 - 00037677 _____ C:\Users\Ashlee\Downloads\Unconfirmed 806380.crdownload
2013-10-27 16:29 - 2013-10-27 16:29 - 00335144 _____ C:\Users\Ashlee\Downloads\Setup.exe
2013-10-27 10:46 - 2011-11-16 16:47 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000Core.job
2013-10-24 21:35 - 2013-10-24 21:35 - 00000000 ____D C:\Users\Ashlee\AppData\Roaming\Mozilla
2013-10-22 19:52 - 2013-10-22 19:51 - 00120832 _____ C:\Users\Ashlee\Downloads\MMMSprogrampathway.pub
2013-10-22 19:52 - 2013-09-04 20:21 - 00000000 ____D C:\Users\Ashlee\Desktop\SSU
2013-10-18 14:33 - 2013-10-18 14:33 - 01553408 _____ C:\Users\Ashlee\Downloads\EDSP 426 lect 6  (1).ppt
2013-10-18 14:32 - 2013-10-18 14:32 - 01552896 _____ C:\Users\Ashlee\Downloads\EDSP 426 lect 6 .ppt
2013-10-18 06:33 - 2013-10-18 06:33 - 00000000 ____D C:\Windows\CheckSur
2013-10-17 15:50 - 2013-10-17 15:50 - 00260608 _____ C:\Users\Ashlee\Downloads\EDSP 400 EBD F13.ppt
2013-10-17 13:18 - 2011-11-16 16:47 - 00002335 _____ C:\Users\Ashlee\Desktop\Google Chrome.lnk
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-03 18:12
 
==================== End Of Log ============================


#11 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 14 November 2013 - 02:16 AM

And this is the Addition Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Ashlee at 2013-11-13 23:10:40
Running from C:\Users\Ashlee\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.15.25.0)
Ask Toolbar Updater (HKCU Version: 1.2.6.36191)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.20)
CDBurnerXP (Version: 4.3.9.2783)
Combined Community Codec Pack 2011-11-11 (x32 Version: 2011.11.11.0)
ENE CIR Receiver Driver (Version: 2.7.4.0)
Epson Connect (x32)
Epson Customer Participation (Version: 1.0.0.0)
Epson Easy Photo Print 2 (x32 Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Event Manager (x32 Version: 2.50.0000)
EPSON NX210 Series Printer Uninstall
EPSON NX230 Series Printer Uninstall
EPSON Scan (x32)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Talk Plugin (x32 Version: 4.8.2.15856)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
HP MediaSmart Webcam (x32 Version: 4.0.2626)
HP Quick Launch Buttons (x32 Version: 6.50.12.1)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2413)
IrfanView (remove only) (x32 Version: 4.32)
iTunes (Version: 11.1.0.126)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.1 (x32 Version: 2.1.1)
JMicron Flash Media Controller Driver (x32 Version: 1.0.63.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 2.1.121.2)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
NexDef Plug-in (x32)
QLBCASL (x32 Version: 6.40.17.2)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
 
==================== Restore Points  =========================
 
26-09-2013 19:26:53 Installed Java 7 Update 40
26-09-2013 19:30:40 Removed Java 7 Update 40
26-09-2013 19:31:31 Installed Java 7 Update 40
29-09-2013 01:30:18 Windows Update
03-10-2013 00:29:07 Windows Update
06-10-2013 09:20:57 Windows Update
10-10-2013 00:07:59 Windows Update
14-10-2013 19:42:24 Windows Modules Installer
14-10-2013 20:10:07 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2013-11-02 09:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {088C3D38-5CF5-4C87-84FD-FC27092E598E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {2067F0BB-92B9-4F6D-8421-6AE6D4032BB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04] (Google Inc.)
Task: {2798AA75-E33B-4019-9DD6-FEB03ECA8060} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000Core => C:\Users\Ashlee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31] (Google Inc.)
Task: {49B5BD33-F8EF-4C43-86AF-26DCA853BB69} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
Task: {8418BD8F-A367-48A2-95B0-05931611A251} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000UA => C:\Users\Ashlee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31] (Google Inc.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR
Task: {BE8F2626-CE29-4213-A812-AD3C1300B607} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {CB69C9EE-AD91-4AEF-8A3D-8DF0736D88DC} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000Core.job => C:\Users\Ashlee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000UA.job => C:\Users\Ashlee\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2013 11:11:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0x9e4
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:10:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0x5dc
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:09:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0x8a0
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:08:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0x5dc
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:08:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: UpdateTask.exe, version: 0.0.0.0, time stamp: 0x5179cbb5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0xe28
Faulting application start time: 0xUpdateTask.exe0
Faulting application path: UpdateTask.exe1
Faulting module path: UpdateTask.exe2
Report Id: UpdateTask.exe3
 
Error: (11/13/2013 11:07:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0x36c
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:06:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0x430
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:05:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0xcdc
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:04:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0xa28
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
Error: (11/13/2013 11:03:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: AppleMobileDeviceService.exe, version: 17.323.0.9, time stamp: 0x4fb5bca5
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072
Exception code: 0xc0000005
Fault offset: 0x0005af3d
Faulting process id: 0x128
Faulting application start time: 0xAppleMobileDeviceService.exe0
Faulting application path: AppleMobileDeviceService.exe1
Faulting module path: AppleMobileDeviceService.exe2
Report Id: AppleMobileDeviceService.exe3
 
 
System errors:
=============
Error: (11/13/2013 11:11:32 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 16 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:10:31 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 15 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:09:31 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 14 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:08:30 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 13 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:07:30 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 12 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:06:30 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 11 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:05:30 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 10 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:04:29 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 9 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:03:29 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 8 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/13/2013 11:02:29 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 7 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/28/2013 08:59:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/28/2013 08:57:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/28/2013 08:56:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/28/2013 08:56:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 480 seconds with 360 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-02 10:39:12.635
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-02 10:39:12.526
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 3998.96 MB
Available physical RAM: 2047.02 MB
Total Pagefile: 7996.11 MB
Available Pagefile: 5883.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:382.43 GB) NTFS
Drive e: () (Removable) (Total:1.85 GB) (Free:1.55 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 27265BBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 000F71FA)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
 
==================== End Of Log ============================


#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:04 PM

Posted 14 November 2013 - 12:25 PM

Hi RPepster

Step 1

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

Ask Toolbar (x32 Version: 1.15.25.0)
Ask Toolbar Updater (HKCU Version: 1.2.6.36191)


Step 2

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Step 3

I can see that you have run Combofix on your machine. I would like to see the log that it produced.

Please go to C:\ComboFix.txt and post the content of that log.

Attached Files


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 15 November 2013 - 01:29 AM

Hi and Thank You, 

 

I still cannot uninstall Ask toolbar or the Ask Toolbar Updater as it provides Error 1719 each time. 

 

Should I run Step 2?

 

Here is the combofix log:

 

ComboFix 13-11-01.03 - Ashlee 11/14/2013  22:14:50.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3999.2292 [GMT -8:00]
Running from: c:\users\Ashlee\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-15 to 2013-11-15  )))))))))))))))))))))))))))))))
.
.
2013-11-15 06:19 . 2013-11-15 06:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-14 07:15 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73E1C922-3FA7-4D08-9C02-5BA1DD08F0C7}\mpengine.dll
2013-11-14 07:08 . 2013-11-14 07:08 -------- d-----w- C:\FRST
2013-11-12 04:55 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-02 17:06 . 2013-11-02 17:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-02 17:06 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-18 14:33 . 2013-10-18 14:33 -------- d-----w- c:\windows\CheckSur
2013-10-18 05:38 . 2013-10-18 05:38 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4233AA3-8A6D-419F-8610-833798265752}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-26 19:32 . 2013-09-26 19:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-26 19:31 . 2012-06-15 06:39 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-26 19:31 . 2011-11-17 00:49 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-26 19:10 . 2013-09-26 19:11 973736 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-26 19:10 . 2013-09-26 19:11 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-26 17:36 . 2012-08-03 02:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-26 17:36 . 2011-11-17 00:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-07 01:00 . 2012-02-10 06:03 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-04 12:12 . 2013-10-09 03:08 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 03:08 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 03:08 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 03:08 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 03:08 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 03:08 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 03:08 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-28 01:21 . 2013-10-09 03:08 3155968 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-26 00:36 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-26 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-26 1648264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Ashlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Ashlee\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 18:28]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-04 18:28]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000Core.job
- c:\users\Ashlee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 06:15]
.
2013-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2943186461-1596822720-3537856548-1000UA.job
- c:\users\Ashlee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 386840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-14  22:22:37
ComboFix-quarantined-files.txt  2013-11-15 06:22
ComboFix2.txt  2013-11-02 17:42
.
Pre-Run: 411,758,026,752 bytes free
Post-Run: 411,456,315,392 bytes free
.
- - End Of File - - 92716FD2E3C3D8BF7D43A13AE8628F91
A36C5E4F47E84449FF07ED3517B43A31


#14 RPepster

RPepster
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 15 November 2013 - 01:46 AM

OK, I downloaded an uninstaller for Ask Toolbar and it seems to have worked. 

 

I ran step 2

 

Here are the logs

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2013
Ran by Ashlee at 2013-11-14 22:44:26 Run:1
Running from C:\Users\Ashlee\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] -
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {CB69C9EE-AD91-4AEF-8A3D-8DF0736D88DC} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-04-25] ()
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Ashlee\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [] - => Value not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB69C9EE-AD91-4AEF-8A3D-8DF0736D88DC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB69C9EE-AD91-4AEF-8A3D-8DF0736D88DC} => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Key not found.
C:\Users\Ashlee\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx => Moved successfully.
 
==== End of Fixlog ====


#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:04 PM

Posted 16 November 2013 - 06:06 AM

Hi RPepster

Please delete any old copies of combofix.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Then:

    Double click on Combo-Fix.exe & follow the prompts.

    Vista/Win7 users should right click on the icon and select Run as Administrator.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users