Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess


  • This topic is locked This topic is locked
26 replies to this topic

#1 dbaker225

dbaker225

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 21 November 2013 - 08:10 PM

log files are attached

Attached File  attach.txt   7.45KB   1 downloadsAttached File  dds.txt   8.11KB   9 downloads



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 AM

Posted 22 November 2013 - 05:42 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 dbaker225

dbaker225
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 24 November 2013 - 11:53 AM

Attached File  Addition.txt   25.1KB   4 downloads

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013
Ran by Darlene (administrator) on BAKER-PC on 24-11-2013 10:28:11
Running from C:\Users\Darlene\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Could not list processes ===============
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Darlene\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKCU\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7a\aol.exe [72760 2013-09-07] (AOL Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: J - J:\AutoRun.exe
MountPoints2: {6488a701-03c6-11e0-a364-c574350eb3bb} - J:\AutoRun.exe
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1265749549\ee\aolsoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\Jack\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7a\aol.exe [72760 2013-09-07] (AOL Inc.)
HKU\Jack\...\Policies\system: [LogonHoursAction] 2
HKU\Jack\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Jack\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKU\Jack\...\Command Processor:  <===== ATTENTION!
HKU\Laura\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\Laura\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [42320 2012-01-31] (AOL Inc.)
HKU\Laura\...\RunOnce: [osk.exe] - C:\Windows\System32\osk.exe [692736 2009-07-13] (Microsoft Corporation)
HKU\Laura\...\Policies\system: [LogonHoursAction] 2
HKU\Laura\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqodr0.lnk
ShortcutTarget: odbmqodr0.lnk -> C:\PROGRA~3\0rdoqmbdo.plz (No File)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=2355&t=01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g106p0355v195r49l1s239
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80117&lng=en
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80117
URLSearchHook: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No File
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
URLSearchHook: HKCU - (No Name) - {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - No File
SearchScopes: HKLM-x32 - DefaultScope {BB513BC0-E612-4BA3-97DD-FC96EF274CE2} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.startsearcher.com/?q={searchTerms}&src=IETB
SearchScopes: HKCU - DefaultScope {BB513BC0-E612-4BA3-97DD-FC96EF274CE2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN39506037833851084&UM=2
SearchScopes: HKCU - {395cfbfb-4053-454c-883d-10bf819d83d2} URL = 
SearchScopes: HKCU - {415963C2-6A43-4D9F-9945-110A796C921F} URL = http://www.mysearchresults.com/search?c=2355&t=01&q={searchTerms}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {94bd6970-1a83-41dc-9be5-bf50b3d0238f} URL = 
SearchScopes: HKCU - {C658091F-8C50-4281-B459-34F67C8E8695} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123841&q={searchTerms}
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131118183150.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131118183150.dll (McAfee, Inc.)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jack\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: GetSavin 5.0 - {E012AC34-D206-49DB-8A2F-DB695A30C8E1} - C:\Users\Jack\AppData\Local\getsavin\ie\getsavin_1376643542.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {795828A9-F271-43A8-8536-4484BB991D3D} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {BD8006AA-6E85-4B36-BB42-7F97053D5B70} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e634aefd-ba47-4354-98e7-ed57c8675d3f&searchtype=hp&installDate=16/09/2013
CHR RestoreOnStartup: "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e634aefd-ba47-4354-98e7-ed57c8675d3f&searchtype=hp&installDate=16/09/2013"
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (MapsGalaxy Installer Plugin Stub) - C:\Program Files (x86)\MapsGalaxy_39EI\Installr\2.bin\NP39EISB.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (Windows Live\uFFFD Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SearchFlyBar2) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb\10.22.3.518_0
CHR Extension: (DefaultTab) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0
CHR Extension: (Google Wallet) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Jack\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
 
==================== Services (Whitelisted) =================
 
S2 0319111385303434mcinstcleanup; C:\Windows\TEMP\031911~1.EXE [834664 2013-07-30] (McAfee, Inc.)
R2 DefaultTabUpdate; C:\Users\Jack\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-02] ()
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
R2 lxcy_device; C:\Windows\SysWow64\lxcycoms.exe [537520 2006-11-29] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [252928 2010-04-30] (Huawei Technologies Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 MODEMCSA; C:\Windows\system32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
S2 mdmxsdk; system32\DRIVERS\ACFSDK64.sys [x]
S2 XAudio; system32\DRIVERS\ACFXAU64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-24 10:28 - 2013-11-24 10:29 - 00017996 _____ C:\Users\Darlene\Desktop\FRST.txt
2013-11-24 10:28 - 2013-11-24 10:28 - 00000000 ____D C:\FRST
2013-11-24 10:26 - 2013-11-24 10:26 - 01958440 _____ (Farbar) C:\Users\Darlene\Desktop\FRST64.exe
2013-11-22 21:10 - 2013-11-22 21:10 - 00249175 _____ C:\Users\Darlene\Downloads\bakermaynard.zip
2013-11-21 05:42 - 2010-12-09 13:04 - 00001232 _____ C:\Users\Darlene\Desktop\Cricket CROSSWAVE - Copy.lnk
2013-11-18 21:59 - 2013-11-18 21:59 - 00578625 _____ C:\Users\Darlene\Downloads\mine2.zip
2013-11-18 19:38 - 2013-11-18 19:38 - 00008309 _____ C:\Users\Darlene\Desktop\dds.txt
2013-11-18 19:38 - 2013-11-18 19:38 - 00007631 _____ C:\Users\Darlene\Desktop\attach.txt
2013-11-18 19:37 - 2013-11-18 19:37 - 00688992 ____R (Swearware) C:\Users\Darlene\Downloads\dds.com
2013-11-18 07:38 - 2013-11-18 07:40 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-17 10:46 - 2013-11-17 10:46 - 02413912 _____ (Inbox.com, Inc.                                             ) C:\Users\Jack\TranslatorSetup.exe
2013-11-17 10:41 - 2013-11-17 10:41 - 03910208 _____ (Conduit) C:\Users\Jack\Produtools_Translator.exe
2013-11-17 07:41 - 2013-11-17 07:41 - 00000632 __RSH C:\Users\Laura\ntuser.pol
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\WhiteListing
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\TBHostSupport
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\NativeMessaging
2013-11-15 19:28 - 2013-11-15 19:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-15 19:27 - 2013-11-15 19:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-15 19:27 - 2013-11-15 19:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-15 19:27 - 2013-11-15 19:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-15 19:27 - 2013-11-15 19:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-14 20:08 - 2013-11-14 20:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-10 12:13 - 2013-11-10 12:14 - 04897880 _____ (Adobe Systems Inc.) C:\Users\Jack\Shockwave_Installer_Slim.exe
2013-11-02 21:24 - 2010-12-09 13:04 - 00001232 _____ C:\Users\Darlene\Desktop\Cricket CROSSWAVE.lnk
2013-10-29 18:05 - 2013-02-17 00:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-10-29 17:49 - 2013-10-29 17:49 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-29 17:49 - 2013-10-29 17:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-29 17:49 - 2013-10-29 17:49 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-29 17:49 - 2013-10-29 17:49 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-29 17:49 - 2013-10-29 17:49 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-29 17:49 - 2013-10-29 17:49 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-29 17:49 - 2013-10-29 17:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-29 17:49 - 2013-10-29 17:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-29 17:49 - 2013-10-29 17:49 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-29 17:49 - 2013-10-29 17:49 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-29 17:49 - 2013-10-29 17:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-29 17:45 - 2013-10-29 17:45 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-29 17:38 - 2013-10-29 18:05 - 00008956 _____ C:\Windows\IE10_main.log
2013-10-27 20:42 - 2013-10-27 20:42 - 00249178 _____ C:\Users\Jack\Downloads\bakermaynard.zip
2013-10-27 17:45 - 2013-10-27 17:45 - 00000537 _____ C:\Users\Jack\Downloads\tng.kml
 
==================== One Month Modified Files and Folders =======
 
2013-11-24 10:29 - 2013-11-24 10:28 - 00017996 _____ C:\Users\Darlene\Desktop\FRST.txt
2013-11-24 10:28 - 2013-11-24 10:28 - 00000000 ____D C:\FRST
2013-11-24 10:26 - 2013-11-24 10:26 - 01958440 _____ (Farbar) C:\Users\Darlene\Desktop\FRST64.exe
2013-11-24 09:58 - 2010-02-12 13:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-24 09:31 - 2012-04-19 18:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 08:30 - 2011-01-16 18:09 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-11-24 08:29 - 2011-03-19 05:42 - 00001837 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-11-24 08:29 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 08:29 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 08:27 - 2012-02-22 20:47 - 00000000 ____D C:\ProgramData\Kodak
2013-11-24 08:26 - 2013-08-29 16:05 - 00000370 _____ C:\Windows\Tasks\MyTurboPC Startup.job
2013-11-24 08:26 - 2010-02-12 13:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-24 08:26 - 2010-02-09 01:54 - 00000000 ____D C:\Users\Darlene\Tracing
2013-11-24 08:26 - 2009-12-15 03:36 - 01708606 _____ C:\Windows\WindowsUpdate.log
2013-11-24 08:22 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 08:22 - 2009-07-13 22:51 - 00249273 _____ C:\Windows\setupact.log
2013-11-23 08:54 - 2009-11-24 11:13 - 00515876 _____ C:\Windows\PFRO.log
2013-11-22 21:10 - 2013-11-22 21:10 - 00249175 _____ C:\Users\Darlene\Downloads\bakermaynard.zip
2013-11-22 21:10 - 2010-05-07 20:28 - 01142784 _____ C:\Users\Jack\Documents\bakermaynard.paf
2013-11-21 18:00 - 2013-08-29 16:05 - 00000474 _____ C:\Windows\Tasks\MyTurboPC.com Registration3.job
2013-11-21 17:32 - 2011-02-14 23:10 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4544B39-4C14-486C-AB0F-DDB2A4B439BD}
2013-11-20 19:01 - 2010-02-08 18:51 - 00000000 ____D C:\Users\Darlene\AppData\Local\Adobe
2013-11-20 19:00 - 2012-04-19 18:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-20 19:00 - 2012-04-19 18:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-20 19:00 - 2011-05-13 13:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-20 11:25 - 2010-03-02 12:28 - 00007621 _____ C:\Users\Jack\AppData\Local\Resmon.ResmonCfg
2013-11-19 20:36 - 2010-05-07 20:48 - 02273280 _____ C:\Users\Darlene\Documents\mine2.paf
2013-11-19 18:51 - 2010-02-08 20:21 - 00014876 _____ C:\Users\Darlene\AppData\Roaming\wklnhst.dat
2013-11-19 18:51 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-19 03:34 - 2013-08-19 07:22 - 00000000 ____D C:\Users\Jack\New folder (2)
2013-11-19 03:19 - 2010-02-08 20:59 - 00000000 ____D C:\Users\Jack
2013-11-18 21:59 - 2013-11-18 21:59 - 00578625 _____ C:\Users\Darlene\Downloads\mine2.zip
2013-11-18 19:38 - 2013-11-18 19:38 - 00008309 _____ C:\Users\Darlene\Desktop\dds.txt
2013-11-18 19:38 - 2013-11-18 19:38 - 00007631 _____ C:\Users\Darlene\Desktop\attach.txt
2013-11-18 19:37 - 2013-11-18 19:37 - 00688992 ____R (Swearware) C:\Users\Darlene\Downloads\dds.com
2013-11-18 18:03 - 2010-02-09 16:50 - 00000000 ____D C:\Users\Darlene\Documents\Girl Scouts
2013-11-18 07:40 - 2013-11-18 07:38 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-18 05:52 - 2013-08-02 14:36 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-11-17 10:46 - 2013-11-17 10:46 - 02413912 _____ (Inbox.com, Inc.                                             ) C:\Users\Jack\TranslatorSetup.exe
2013-11-17 10:41 - 2013-11-17 10:41 - 03910208 _____ (Conduit) C:\Users\Jack\Produtools_Translator.exe
2013-11-17 07:44 - 2010-02-09 17:18 - 00094952 _____ C:\Users\Laura\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-17 07:41 - 2013-11-17 07:41 - 00000632 __RSH C:\Users\Laura\ntuser.pol
2013-11-17 07:41 - 2010-02-09 17:08 - 00001422 _____ C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-17 07:41 - 2010-02-09 17:08 - 00000000 ___RD C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-17 07:41 - 2010-02-09 17:08 - 00000000 ___RD C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-17 07:41 - 2010-02-09 17:08 - 00000000 ____D C:\Users\Laura
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\WhiteListing
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\TBHostSupport
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\NativeMessaging
2013-11-15 19:28 - 2013-11-15 19:28 - 00000000 ____D C:\ProgramData\Oracle
2013-11-15 19:27 - 2013-11-15 19:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-15 19:27 - 2013-11-15 19:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-15 19:27 - 2013-11-15 19:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-15 19:27 - 2013-11-15 19:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-14 20:08 - 2013-11-14 20:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 20:08 - 2013-08-05 03:38 - 00001940 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-14 16:01 - 2012-01-04 12:52 - 00002152 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-11 05:53 - 2011-09-11 08:50 - 00000000 ____D C:\Users\Darlene\Documents\Class of 2014
2013-11-11 05:53 - 2011-03-22 04:34 - 00000000 ____D C:\Users\Darlene\Documents\signupsheet
2013-11-10 12:14 - 2013-11-10 12:13 - 04897880 _____ (Adobe Systems Inc.) C:\Users\Jack\Shockwave_Installer_Slim.exe
2013-11-09 12:45 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-06 06:38 - 2009-07-13 23:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-05 00:42 - 2013-10-21 08:21 - 00000000 ____D C:\Program Files (x86)\AOL Toolbar
2013-11-03 14:16 - 2013-08-04 14:02 - 00249180 _____ C:\Users\Darlene\Documents\bakermaynard.zip
2013-11-03 01:00 - 2013-08-29 16:05 - 00000332 _____ C:\Windows\Tasks\MyTurboPC.job
2013-11-01 16:20 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-10-29 18:51 - 2010-02-08 21:00 - 00001422 _____ C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-29 18:12 - 2010-02-08 18:40 - 00001422 _____ C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-29 18:05 - 2013-10-29 17:38 - 00008956 _____ C:\Windows\IE10_main.log
2013-10-29 18:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-10-29 18:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-10-29 18:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-10-29 18:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-10-29 18:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-29 17:49 - 2013-10-29 17:49 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-29 17:49 - 2013-10-29 17:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-29 17:49 - 2013-10-29 17:49 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-29 17:49 - 2013-10-29 17:49 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-29 17:49 - 2013-10-29 17:49 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-10-29 17:49 - 2013-10-29 17:49 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-10-29 17:49 - 2013-10-29 17:49 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-29 17:49 - 2013-10-29 17:49 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-29 17:49 - 2013-10-29 17:49 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-10-29 17:49 - 2013-10-29 17:49 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-10-29 17:49 - 2013-10-29 17:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-29 17:49 - 2013-10-29 17:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-29 17:49 - 2013-10-29 17:49 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-29 17:45 - 2013-10-29 17:45 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-29 17:45 - 2013-10-29 17:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-10-29 14:05 - 2010-02-09 16:35 - 00000000 ____D C:\Users\Jack\AppData\Local\Adobe
2013-10-27 20:42 - 2013-10-27 20:42 - 00249178 _____ C:\Users\Jack\Downloads\bakermaynard.zip
2013-10-27 17:45 - 2013-10-27 17:45 - 00000537 _____ C:\Users\Jack\Downloads\tng.kml
 
Files to move or delete:
====================
C:\Users\Jack\AppData\Roaming\skype.ini
C:\ProgramData\i8jz.exe
C:\ProgramData\odbmqodr0.ctrl
C:\ProgramData\odbmqodr0.pff
C:\Users\Darlene\speeditup.exe
C:\Users\Jack\MoveMediaPlayerWin_071502000008.exe
C:\Users\Jack\Produtools_Translator.exe
C:\Users\Jack\Shockwave_Installer_Slim.exe
C:\Users\Jack\TranslatorSetup.exe
 
 
Some content of TEMP:
====================
C:\Users\Darlene\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 20:10
 
==================== End Of Log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 AM

Posted 24 November 2013 - 05:47 PM

Hello,

 

 

I didn't notice ZeroAccess on the computer but you have a lot of unwanted applications on board!

 

Next please download => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 dbaker225

dbaker225
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 November 2013 - 08:24 PM

had this error popup:  Line 16092 (File"C\Users\Darlene\Desktop\First64.exe")
ERROR:  Subscript used with non-Array variable.    I clicked ok button. 
 
Also I was wondering if you had caught that I changed for Windows Defender name to Windows Defender old.  I did this before we started doing all of this.
.   
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by Darlene at 2013-11-26 19:17:34 Run:1
Running from C:\Users\Darlene\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Darlene\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\Jack\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKU\Jack\...\Command Processor:  <===== ATTENTION!
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqodr0.lnk
ShortcutTarget: odbmqodr0.lnk -> C:\PROGRA~3\0rdoqmbdo.plz (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=2355&t=01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17360210g106p0355v195r49l1s239
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80117&lng=en
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80117
URLSearchHook: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
C:\Program Files (x86)\Zynga\tbZyng.dll
URLSearchHook: HKCU - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No File
URLSearchHook: HKCU - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
URLSearchHook: HKCU - (No Name) - {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - No File
SearchScopes: HKLM-x32 - DefaultScope {BB513BC0-E612-4BA3-97DD-FC96EF274CE2} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.startsearcher.com/?q={searchTerms}&src=IETB
SearchScopes: HKCU - DefaultScope {BB513BC0-E612-4BA3-97DD-FC96EF274CE2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN39506037833851084&UM=2
SearchScopes: HKCU - {395cfbfb-4053-454c-883d-10bf819d83d2} URL = 
SearchScopes: HKCU - {415963C2-6A43-4D9F-9945-110A796C921F} URL = http://www.mysearchresults.com/search?c=2355&t=01&q={searchTerms}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = 
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {94bd6970-1a83-41dc-9be5-bf50b3d0238f} URL = 
SearchScopes: HKCU - {C658091F-8C50-4281-B459-34F67C8E8695} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123841&q={searchTerms}
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -  No File
BHO-x32: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
BHO-x32: GetSavin 5.0 - {E012AC34-D206-49DB-8A2F-DB695A30C8E1} - C:\Users\Jack\AppData\Local\getsavin\ie\getsavin_1376643542.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {795828A9-F271-43A8-8536-4484BB991D3D} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {BD8006AA-6E85-4B36-BB42-7F97053D5B70} -  No File
CHR HomePage: hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e634aefd-ba47-4354-98e7-ed57c8675d3f&searchtype=hp&installDate=16/09/2013
CHR RestoreOnStartup: "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e634aefd-ba47-4354-98e7-ed57c8675d3f&searchtype=hp&installDate=16/09/2013"
CHR Extension: (SearchFlyBar2) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb\10.22.3.518_0
CHR Extension: (DefaultTab) - C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0
CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Jack\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
R2 DefaultTabUpdate; C:\Users\Jack\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-08-02] ()
C:\Users\Jack\AppData\Roaming\DefaultTab
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\WhiteListing
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\TBHostSupport
2013-11-15 19:53 - 2013-11-15 19:53 - 00000000 ____D C:\Users\Darlene\AppData\Local\NativeMessaging
2013-11-18 05:52 - 2013-08-02 14:36 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-11-05 00:42 - 2013-10-21 08:21 - 00000000 ____D C:\Program Files (x86)\AOL Toolbar
2013-11-24 08:26 - 2013-08-29 16:05 - 00000370 _____ C:\Windows\Tasks\MyTurboPC Startup.job
2013-11-21 18:00 - 2013-08-29 16:05 - 00000474 _____ C:\Windows\Tasks\MyTurboPC.com Registration3.job
2013-11-03 01:00 - 2013-08-29 16:05 - 00000332 _____ C:\Windows\Tasks\MyTurboPC.job
Task: {006684D0-1B30-4E9A-8C73-EC75F3724259} - System32\Tasks\MyTurboPC Startup => C:\Users\Jack\Desktop\MyTurboPC\mtpc.exe
Task: {72B93F01-DB8C-48B3-B03B-2813D59CC6AF} - System32\Tasks\{FD4232A4-13E5-4839-8833-8F8C8EFC967A} => C:\Users\Darlene\AppData\Local\Temp\roadie.exe
Task: {73DC6921-F910-416A-A896-BBB4939BA635} - System32\Tasks\MyTurboPC.com Update3 => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\Update3.exe [2013-01-15] (MyTurboPC.com)
Task: {919D550A-2A66-4C8B-B078-33BA2EAD9006} - System32\Tasks\MyTurboPC.com Registration3 => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll [2013-01-15] (MyTurboPC.com)
Task: {99CE24E6-FB71-4ADD-9C1C-58A79B820E24} - System32\Tasks\MyTurboPC => C:\Users\Jack\Desktop\MyTurboPC\mtpc.exe
Task: {B3357273-C78D-49B2-BEAE-93997182357B} - System32\Tasks\{385492CA-4FD9-4FE8-B88E-9717C70F77B6} => C:\Users\Darlene\AppData\Local\Temp\roadie.exe
Task: {CB85846C-BD74-45A2-8104-4E374C4A5627} - System32\Tasks\{1AC3E2A0-E67E-4CEA-B994-19442754B587} => C:\Users\Darlene\AppData\Local\Temp\roadie.exe
Task: C:\Windows\Tasks\MyTurboPC Startup.job => C:\Users\Jack\Desktop\MyTurboPC\mtpc.exe
Task: C:\Windows\Tasks\MyTurboPC.com Registration3.job => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll
Task: C:\Windows\Tasks\MyTurboPC.com Update3.job => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC.job => C:\Users\Jack\Desktop\MyTurboPC\mtpc.exe
C:\Users\Jack\AppData\Roaming\skype.ini
C:\ProgramData\i8jz.exe
C:\ProgramData\odbmqodr0.ctrl
C:\ProgramData\odbmqodr0.pff
C:\Users\Darlene\speeditup.exe
C:\Users\Jack\MoveMediaPlayerWin_071502000008.exe
C:\Users\Jack\Produtools_Translator.exe
C:\Users\Jack\Shockwave_Installer_Slim.exe
C:\Users\Jack\TranslatorSetup.exe
C:\Users\Darlene\AppData\Local\Temp
end
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
HKU\Jack\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Jack\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odbmqodr0.lnk => Moved successfully.
C:\PROGRA~3\0rdoqmbdo.plz not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\SearchAssistant => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\CustomizeSearch => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key deleted successfully.
C:\Program Files (x86)\Zynga\tbZyng.dll => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bd8006aa-6e85-4b36-bb42-7f97053d5b70} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{395cfbfb-4053-454c-883d-10bf819d83d2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{395cfbfb-4053-454c-883d-10bf819d83d2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{94bd6970-1a83-41dc-9be5-bf50b3d0238f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{94bd6970-1a83-41dc-9be5-bf50b3d0238f} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{395cfbfb-4053-454c-883d-10bf819d83d2} => Key deleted successfully.
HKCR\CLSID\{395cfbfb-4053-454c-883d-10bf819d83d2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{415963C2-6A43-4D9F-9945-110A796C921F} => Key deleted successfully.
HKCR\CLSID\{415963C2-6A43-4D9F-9945-110A796C921F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key deleted successfully.
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key deleted successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{94bd6970-1a83-41dc-9be5-bf50b3d0238f} => Key deleted successfully.
HKCR\CLSID\{94bd6970-1a83-41dc-9be5-bf50b3d0238f} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB513BC0-E612-4BA3-97DD-FC96EF274CE2} => Key deleted successfully.
HKCR\CLSID\{BB513BC0-E612-4BA3-97DD-FC96EF274CE2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C658091F-8C50-4281-B459-34F67C8E8695} => Key deleted successfully.
HKCR\CLSID\{C658091F-8C50-4281-B459-34F67C8E8695} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E012AC34-D206-49DB-8A2F-DB695A30C8E1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E012AC34-D206-49DB-8A2F-DB695A30C8E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => Value deleted successfully.
HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => Value deleted successfully.
HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Value deleted successfully.
HKCR\CLSID\{BA00B7B1-0351-477A-B948-23E3EE5A73D4} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => Value deleted successfully.
HKCR\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{795828A9-F271-43A8-8536-4484BB991D3D} => Value deleted successfully.
HKCR\CLSID\{795828A9-F271-43A8-8536-4484BB991D3D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BD8006AA-6E85-4B36-BB42-7F97053D5B70} => Value deleted successfully.
HKCR\CLSID\{BD8006AA-6E85-4B36-BB42-7F97053D5B70} => Key not found.
CHR HomePage: hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e634aefd-ba47-4354-98e7-ed57c8675d3f&searchtype=hp&installDate=16/09/2013 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e634aefd-ba47-4354-98e7-ed57c8675d3f&searchtype=hp&installDate=16/09/2013" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (Web) - http://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=e634aefd-ba47-4354-98e7-ed57c8675d3f&searchtype=ds&q={searchTerms}&installDate=16/09/2013 ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiifhjbblnglipdbpdgagphlcbililb => Moved successfully.
C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb => Key deleted successfully.
C:\Users\Jack\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc => Key deleted successfully.
C:\Program Files (x86)\DefaultTab\DefaultTab.crx => Moved successfully.
DefaultTabUpdate => Service deleted successfully.
C:\Users\Jack\AppData\Roaming\DefaultTab => Moved successfully.
C:\Users\Darlene\AppData\Local\WhiteListing => Moved successfully.
C:\Users\Darlene\AppData\Local\TBHostSupport => Moved successfully.
C:\Users\Darlene\AppData\Local\NativeMessaging => Moved successfully.
C:\Program Files (x86)\DefaultTab => Moved successfully.
C:\Program Files (x86)\AOL Toolbar => Moved successfully.
C:\Windows\Tasks\MyTurboPC Startup.job => Moved successfully.
C:\Windows\Tasks\MyTurboPC.com Registration3.job => Moved successfully.
C:\Windows\Tasks\MyTurboPC.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{006684D0-1B30-4E9A-8C73-EC75F3724259} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{006684D0-1B30-4E9A-8C73-EC75F3724259} => Key deleted successfully.
C:\Windows\System32\Tasks\MyTurboPC Startup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC Startup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72B93F01-DB8C-48B3-B03B-2813D59CC6AF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72B93F01-DB8C-48B3-B03B-2813D59CC6AF} => Key deleted successfully.
C:\Windows\System32\Tasks\{FD4232A4-13E5-4839-8833-8F8C8EFC967A} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD4232A4-13E5-4839-8833-8F8C8EFC967A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73DC6921-F910-416A-A896-BBB4939BA635} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73DC6921-F910-416A-A896-BBB4939BA635} => Key deleted successfully.
C:\Windows\System32\Tasks\MyTurboPC.com Update3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Update3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{919D550A-2A66-4C8B-B078-33BA2EAD9006} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{919D550A-2A66-4C8B-B078-33BA2EAD9006} => Key deleted successfully.
C:\Windows\System32\Tasks\MyTurboPC.com Registration3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Registration3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99CE24E6-FB71-4ADD-9C1C-58A79B820E24} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CE24E6-FB71-4ADD-9C1C-58A79B820E24} => Key deleted successfully.
C:\Windows\System32\Tasks\MyTurboPC => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3357273-C78D-49B2-BEAE-93997182357B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3357273-C78D-49B2-BEAE-93997182357B} => Key deleted successfully.
C:\Windows\System32\Tasks\{385492CA-4FD9-4FE8-B88E-9717C70F77B6} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{385492CA-4FD9-4FE8-B88E-9717C70F77B6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB85846C-BD74-45A2-8104-4E374C4A5627} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB85846C-BD74-45A2-8104-4E374C4A5627} => Key deleted successfully.
C:\Windows\System32\Tasks\{1AC3E2A0-E67E-4CEA-B994-19442754B587} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1AC3E2A0-E67E-4CEA-B994-19442754B587} => Key deleted successfully.
C:\Windows\Tasks\MyTurboPC Startup.job not found.
C:\Windows\Tasks\MyTurboPC.com Registration3.job not found.
C:\Windows\Tasks\MyTurboPC.com Update3.job => Moved successfully.
C:\Windows\Tasks\MyTurboPC.job not found.
C:\Users\Jack\AppData\Roaming\skype.ini => Moved successfully.
C:\ProgramData\i8jz.exe => Moved successfully.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 AM

Posted 27 November 2013 - 05:18 AM

Hello,

 

 

The log is cut off. Can you attach the whole log to your next reply?

 

Also go ahead and reset Google Chrome settings to defaults:

 

https://support.google.com/chrome/answer/3296214

 

 

had this error popup:  Line 16092 (File"C\Users\Darlene\Desktop\First64.exe")
ERROR:  Subscript used with non-Array variable.    I clicked ok button.

 

Please download the latest version from the link above, then rename Windows Defender back to its original name and run a new scan with FRST. Attach the newest logs to your next reply as well.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 dbaker225

dbaker225
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 December 2013 - 07:08 PM

Here is log file attached.

 

 

Attached Files



#8 dbaker225

dbaker225
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 02 December 2013 - 07:28 PM

Attached File  FRST.txt   21.93KB   4 downloads    Here is new FRST log.



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 AM

Posted 03 December 2013 - 07:03 AM

Hello,

 

 

Next please download => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Also please do the following:

 

 

STEP 1


  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#10 dbaker225

dbaker225
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 03 December 2013 - 08:40 PM

Farbar Service Scanner Version: 23-11-2013
Ran by Darlene (administrator) on 03-12-2013 at 19:27:56
Running from "C:\Users\Darlene\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
 
winmgmt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open winmgmt registry key. The service key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

Attached Files



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 AM

Posted 04 December 2013 - 05:03 PM

Hello,

 

 

Next let's try to fix the broken services.


Backup Your Registry

 


 

Now download the following files and save them to your desktop:

mpsdrv.reg

 

BFE.reg

 

iphlpsvc.reg

 

MpsSvc.reg

 

WinDefend.reg

 

Winmgmt.reg

 

wscsvc.reg

 

SharedAccess.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please attach fresh logs from the following 2 tools - RKILL and Farbar Service Scanner.

 

 

Regards,

Georgi


cXfZ4wS.png


#12 dbaker225

dbaker225
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 December 2013 - 07:31 AM

here are my new results: 

Attached Files



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 AM

Posted 11 December 2013 - 07:53 AM

Hello,

 
Great work! :)
 
Please download the latest version of FRST from the link above and run a new scan with FRST. Attach the newest logs to your next reply as well.
 
Also let's check for leftovers.
The most of them should take no more than 15 minutes each.

 

 

STEP 1

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 5

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 AM

Posted 16 December 2013 - 03:59 AM

Hi,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#15 dbaker225

dbaker225
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 16 December 2013 - 01:41 PM

yes i am still here. I am at work. Will send all info tonight.

 

Thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users