Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 mgmonett

mgmonett

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 02 December 2013 - 11:24 AM

Hello. After reading other posts, I am fairly certain that I have also, unfortunately, become infected with this nasty virus. I have seen solutions that have been posted for other users with this, but there were warnings that these particular solutions/scripts were to be used solely by that user. My symptoms are as follows:

 

  • Cannot download. I get a dialogue box that states something to the effect that current security permissions do not allow these files to be downloaded. If a download does start, it is automatically deleted because "the file contained a virus."
  • Panda Cloud antivirus continuously reports 5 viruses originating at C:\Program Files(x86)\google\Install\{a7a5f.....d201}. When it reports them, they are deleted by the software, but within 5 minutes, the same process repeats.
  • If I attempt to delete this directory, Explorer crashes.
  • Clicking on the resulting link(s) of a Google search will sometimes take me to a random (or not so random) site.
  • The only action that I have taken thus far is to download and run Spybot S & D. It only found cookies, and deleted them. This has had no effect on fixing the issue(s) that I am having.

I have attached the following logs after running step 6 of the preparation guide. This is all that I can think to report. If there is any other information that I can provide, I will gladly supply that as well. Thank you in advance for reading this.

 

DDS.TXT LOGFILE:

-----------------------------------------------------------------------------------------------------------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.9.2
Run by Michael Monette at 10:41:51 on 2013-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3797.2379 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dleacoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Users\Michael Monette\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Michael Monette\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
dRunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
dRunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f
dRunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
dRunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f
dRunOnce: [panda4_1dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
dRunOnce: [panda4_1dn_XP] reg.exe delete "HKCU\Software\panda4_1dn" /f
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
LSP: mswsock.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D109BFDE-62E9-44EB-8442-D20E945C1B49} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-8-17 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-8-17 40064]
R0 PsBoot;Panda boot driver;C:\Windows\System32\drivers\PsBoot.sys [2013-12-2 40000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-22 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-6-20 46792]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2013-5-28 91368]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2013-5-28 122088]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2013-5-28 109288]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2013-5-28 114920]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2013-5-28 95464]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2013-5-28 119016]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2013-5-28 305896]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2013-5-28 118504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2013-5-28 114920]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2013-5-28 246504]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2013-5-28 106216]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2013-10-11 206056]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-16 244624]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2013-10-3 140768]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2013-10-17 169192]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2013-10-11 122600]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2013-10-11 124648]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2013-10-11 137960]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2013-10-19 37344]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-20 87168]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-20 188544]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-11-16 58808]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-16 533096]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2012-2-3 45224]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-11-29 1153368]
S3 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2013-10-11 105704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2013-5-28 69864]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-02 15:37:30 40000 ----a-w- C:\Windows\System32\drivers\PsBoot.sys
2013-11-29 20:06:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-11-29 20:06:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-29 19:12:19 -------- d-----w- C:\Users\Michael Monette\AppData\Roaming\Unyvmoy
2013-11-29 19:11:43 -------- d-----w- C:\Users\Michael Monette\AppData\Roaming\Wetezer
2013-11-29 19:08:29 126777 ----a-w- C:\Users\Michael Monette\5519363.exe
2013-11-27 16:03:09 -------- d-----w- C:\Program Files (x86)\MSECache
2013-11-17 07:59:17 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C9D1D17D-87EC-42F7-8C7D-523BAB2E5AA2}\offreg.dll
2013-11-17 04:32:12 58808 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2013-11-16 09:29:30 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C9D1D17D-87EC-42F7-8C7D-523BAB2E5AA2}\mpengine.dll
2013-11-12 19:40:29 -------- d-----w- C:\Users\Michael Monette\AppData\Local\panda4_1dn
2013-11-11 20:50:29 -------- d-----w- C:\Program Files (x86)\pandasecuritytb
.
==================== Find3M  ====================
.
2013-10-17 19:31:26 169192 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-11 09:46:22 137960 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2013-10-11 09:46:22 124648 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2013-10-11 09:46:22 105704 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2013-10-11 09:46:21 206056 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2013-10-11 09:46:21 122600 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2013-10-09 14:17:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 14:17:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-03 18:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 10:47:49.87 ===============

 

ATTACH.TXT LOGFILE

--------------------------------------------------------------------------------------------------------------------------------------------------------

 

l Date: 1/7/2012 8:44:50 PM
System Uptime: 12/2/2013 10:36:59 AM (0 hours ago)
.
Motherboard: Gateway |  | SX2370
Processor: AMD A6-3600 APU with Radeon™ HD Graphics | P0 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 847.121 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 10/12/2013 12:00:01 AM - Scheduled Checkpoint
RP104: 10/19/2013 12:00:01 AM - Scheduled Checkpoint
RP105: 10/27/2013 12:00:01 AM - Scheduled Checkpoint
RP106: 11/2/2013 11:00:04 PM - Scheduled Checkpoint
RP107: 11/10/2013 12:10:23 AM - Scheduled Checkpoint
RP108: 11/16/2013 4:24:50 AM - Windows Update
RP109: 11/24/2013 12:00:03 AM - Scheduled Checkpoint
RP110: 11/27/2013 11:03:19 AM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) MUI
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Best Buy pc app
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
Dell V310-V510 Series
Galerie de photos Windows Live
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotkey Utility
iCloud
Identity Card
iTunes
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Opera 12.02
Opera Labs OOPP 12.00 alpha build 1211
Panda Cloud Antivirus
Panda Security Toolbar
Panda Security URL Filtering
PokerStars.net
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Spybot - Search & Destroy
Toolbar Cleaner 1.0
UnfriendApp
Visual Studio C++ 10.0 Runtime
Vuze
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/2/2013 9:28:10 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
12/2/2013 9:23:43 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
12/2/2013 9:23:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/2/2013 9:23:40 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/2/2013 9:23:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/2/2013 9:23:26 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr Wanarpv6
12/2/2013 9:23:26 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/2/2013 9:23:10 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
12/2/2013 10:38:34 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/2/2013 10:37:18 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
12/2/2013 10:37:18 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
12/2/2013 10:37:18 AM, Error: Service Control Manager [7003]  - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
12/2/2013 10:37:18 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/2/2013 10:37:18 AM, Error: Service Control Manager [7000]  - The dleaCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/2/2013 10:37:17 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
12/1/2013 1:00:11 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user SPARROW\Guest SID (S-1-5-21-3848995675-3748690613-2203874693-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/29/2013 5:10:42 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/29/2013 4:14:18 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
11/29/2013 4:14:18 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
11/29/2013 12:52:38 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/29/2013 12:51:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/29/2013 12:51:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/29/2013 12:50:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/29/2013 12:50:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/29/2013 12:50:38 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache HssDRV6 NetBIOS NetBT NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC nsiproxy Psched PSINKNC rdbss spldr tdx Wanarpv6 WfpLwf
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/29/2013 12:50:20 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/29/2013 12:45:41 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user SPARROW\Michael Monette SID (S-1-5-21-3848995675-3748690613-2203874693-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/29/2013 12:45:41 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user SPARROW\Michael Monette SID (S-1-5-21-3848995675-3748690613-2203874693-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/29/2013 1:02:35 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 03 December 2013 - 03:38 AM





Hello mgmonett

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mgmonett

mgmonett
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 03 December 2013 - 06:57 AM

Hi Gringo. Thank you for your reply. As instructed, I have run the Farbar Recovery Scan Tool. As instructed in your reply, I will paste FRST.txt, and since I cannot locate an "Attachments" option, I will also paste Addition.txt. If you notice in the logs, I edited any instance of C:\Users\xxxx where xxxx was my full name. I replaced my full name with "name changed for security". Other than this change, the documents are in their original states. Thanks again.

 

FRST>TXT

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by name changed for security (administrator) on SPARROW on 03-12-2013 06:28:28
Running from C:\Users\name changed for security\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dleacoms.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
() C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
(Google Inc.) C:\Users\name changed for security\AppData\Local\Google\Update\GoogleUpdate.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Farbar) C:\Users\name changed for security\Desktop\FRST64_exe.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [dleamon.exe] - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe [139944 2011-01-23] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\name changed for security\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-06] (Google Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\name changed for security\AppData\Local\Temp\sqyidrv\sespqno\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\fbwuser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Leigh\...\RunOnce: [wkfzy] - C:\Users\Leigh\AppData\Local\wkfzy.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\UnfriendApp\IE\common.dll (UnfriendApp)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 01 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll [326144] ()
Winsock: Catalog9 02 mswsock.dll [326144] ()
Winsock: Catalog9 03 mswsock.dll [326144] ()
Winsock: Catalog9 04 mswsock.dll [326144] ()
Winsock: Catalog9 05 mswsock.dll [326144] ()
Winsock: Catalog9 06 mswsock.dll [326144] ()
Winsock: Catalog9 07 mswsock.dll [326144] ()
Winsock: Catalog9 08 mswsock.dll [326144] ()
Winsock: Catalog9 09 mswsock.dll [326144] ()
Winsock: Catalog9 10 mswsock.dll [326144] ()
Winsock: Catalog5-x64 01 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll [326144] ()
Winsock: Catalog9-x64 02 mswsock.dll [326144] ()
Winsock: Catalog9-x64 03 mswsock.dll [326144] ()
Winsock: Catalog9-x64 04 mswsock.dll [326144] ()
Winsock: Catalog9-x64 05 mswsock.dll [326144] ()
Winsock: Catalog9-x64 06 mswsock.dll [326144] ()
Winsock: Catalog9-x64 07 mswsock.dll [326144] ()
Winsock: Catalog9-x64 08 mswsock.dll [326144] ()
Winsock: Catalog9-x64 09 mswsock.dll [326144] ()
Winsock: Catalog9-x64 10 mswsock.dll [326144] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN38890997683144530&UM=2"
CHR Plugin: (Shockwave Flash) - C:\Users\name changed for security\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\name changed for security\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\name changed for security\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\name changed for security\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Babylon ToolBar) - C:\Users\name changed for security\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Google Update) - C:\Users\name changed for security\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (UnfriendApp) - C:\Users\MICHAE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.65267_0
CHR Extension: (Google Wallet) - C:\Users\MICHAE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\name changed for security\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx
CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\Program Files (x86)\UnfriendApp\Chrome\common.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
R2 dlea_device; C:\Windows\SysWow64\dleacoms.exe [598696 2010-05-21] ( )
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-06-20] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a7a5f625-71e1-c349-86f8-dbc37cf8d201}\   \...\???\{a7a5f625-71e1-c349-86f8-dbc37cf8d201}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-22] (DT Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-06-20] (AnchorFree Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [91368 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [122088 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109288 2013-05-28] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114920 2013-05-28] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-28] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69864 2013-05-28] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [119016 2013-05-28] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [305896 2013-05-28] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [118504 2013-05-28] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114920 2013-05-28] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [246504 2013-05-28] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106216 2013-05-28] (Panda Security, S.L.)
R0 PsBoot; C:\Windows\System32\Drivers\PsBoot.sys [40000 2013-07-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [169192 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [122600 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206056 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124648 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [137960 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [105704 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58808 2013-04-29] (Panda Security, S.L.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-03 06:28 - 2013-12-03 06:29 - 00017943 _____ C:\Users\name changed for security\Desktop\FRST.txt
2013-12-03 06:28 - 2013-12-03 06:28 - 00000000 ____D C:\FRST
2013-12-03 06:27 - 2013-12-03 06:27 - 00002978 _____ C:\Windows\System32\Tasks\{AA2C8AB8-C42F-4705-9C7F-E0D25E28E288}
2013-12-03 06:26 - 2013-07-04 03:40 - 00040000 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2013-12-03 06:24 - 2013-12-03 06:24 - 00000311 _____ C:\Users\name changed for security\Desktop\instructions.txt
2013-12-03 06:14 - 2013-12-03 06:14 - 01959434 _____ (Farbar) C:\Users\name changed for security\Desktop\FRST64_exe.exe
2013-12-02 10:48 - 2013-12-02 11:14 - 00020013 _____ C:\Users\name changed for security\Desktop\dds.txt
2013-12-02 10:48 - 2013-12-02 11:12 - 00016503 _____ C:\Users\name changed for security\Desktop\attach.txt
2013-12-02 10:32 - 2013-12-02 10:32 - 00688992 ____R (Swearware) C:\Users\name changed for security\Desktop\dds_com.exe
2013-12-02 10:23 - 2013-12-02 10:23 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\name changed for security\Desktop\rkill_exe
2013-12-02 09:03 - 2013-12-02 09:03 - 00000000 _____ C:\Users\name changed for security\Downloads\msert_exe.ydl83ks.partial
2013-11-29 16:59 - 2013-11-29 17:00 - 00000199 _____ C:\Windows\wininit.ini
2013-11-29 15:06 - 2013-11-29 17:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-29 15:06 - 2013-11-29 15:06 - 00001229 _____ C:\Users\name changed for security\Desktop\Spybot - Search & Destroy.lnk
2013-11-29 15:06 - 2013-11-29 15:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-29 14:29 - 2013-11-29 14:29 - 00000000 _____ C:\Users\name changed for security\Desktop\msert_exe.6yykto2.partial
2013-11-29 14:12 - 2013-11-29 22:54 - 00000000 ____D C:\Users\name changed for security\AppData\Roaming\Unyvmoy
2013-11-29 14:11 - 2013-11-29 14:32 - 00000000 ____D C:\Users\name changed for security\AppData\Roaming\Wetezer
2013-11-29 14:08 - 2013-11-29 14:08 - 00126777 _____ C:\Users\name changed for security\5519363.exe
2013-11-27 11:03 - 2013-11-27 11:03 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-11-27 10:04 - 2013-11-27 10:04 - 01191834 _____ C:\Users\name changed for security\Downloads\ProcessExplorer.zip
2013-11-16 23:32 - 2013-04-29 02:17 - 00058808 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2013-11-16 04:36 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-16 04:36 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-16 04:36 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-16 04:36 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-16 04:36 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-16 04:36 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-16 04:36 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-16 04:36 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-16 04:36 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-16 04:36 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-16 04:36 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-16 04:36 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5330 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5329 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5328 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5327 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5326 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5325 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5324 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5323 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5321 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5320 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5319 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5316 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5315 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5309 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5308 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5306 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5305 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5304 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5303 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5302 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5301 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5330 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5329 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5328 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5327 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5326 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5325 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5324 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5323 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5321 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5320 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5319 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5316 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5315 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5309 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5308 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5306 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5305 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5304 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5303 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5302 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5301 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00000598 _____ C:\Users\Guest\Desktop\IMG_5325.JPG~RF6c6c7.TMP - Shortcut.lnk
2013-11-13 03:21 - 2013-11-13 03:21 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Panda Security
2013-11-13 03:21 - 2013-11-13 03:21 - 00000000 ____D C:\Users\Guest\AppData\Local\panda4_1dn
2013-11-12 18:59 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 18:59 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 18:59 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 18:59 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 18:59 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 18:59 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 18:59 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 18:59 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 18:59 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 18:59 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 18:59 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 18:59 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 18:59 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 18:59 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 18:59 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 18:59 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 18:59 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 18:59 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 18:59 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 18:59 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 18:59 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 18:59 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 18:59 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 18:59 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-11-12 18:59 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-11-12 18:59 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-11-12 18:59 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-11-12 18:59 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 14:40 - 2013-11-12 14:40 - 00000000 ____D C:\Users\name changed for security\AppData\Local\panda4_1dn
2013-11-11 15:50 - 2013-11-11 15:50 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2013-11-09 09:08 - 2013-11-09 09:08 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2013-11-09 03:59 - 2013-11-09 03:59 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Opera
2013-11-09 03:59 - 2013-11-09 03:59 - 00000000 ____D C:\Users\Guest\AppData\Local\Opera
2013-11-05 15:06 - 2013-11-05 15:06 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WinRAR
2013-11-04 14:51 - 2013-11-22 04:49 - 00000000 ____D C:\Users\name changed for security\Desktop\TIME SHEETS

==================== One Month Modified Files and Folders =======

2013-12-03 06:29 - 2013-12-03 06:28 - 00017943 _____ C:\Users\name changed for security\Desktop\FRST.txt
2013-12-03 06:28 - 2013-12-03 06:28 - 00000000 ____D C:\FRST
2013-12-03 06:27 - 2013-12-03 06:27 - 00002978 _____ C:\Windows\System32\Tasks\{AA2C8AB8-C42F-4705-9C7F-E0D25E28E288}
2013-12-03 06:26 - 2012-11-11 00:09 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 06:26 - 2012-11-11 00:09 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 06:26 - 2012-09-06 22:10 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3848995675-3748690613-2203874693-1000UA.job
2013-12-03 06:26 - 2012-09-06 22:10 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3848995675-3748690613-2203874693-1000Core.job
2013-12-03 06:26 - 2012-06-11 16:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 06:26 - 2012-02-03 22:30 - 00149630 _____ C:\ProgramData\dleascan.log
2013-12-03 06:26 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 06:26 - 2009-07-13 23:51 - 00067329 _____ C:\Windows\setupact.log
2013-12-03 06:24 - 2013-12-03 06:24 - 00000311 _____ C:\Users\name changed for security\Desktop\instructions.txt
2013-12-03 06:14 - 2013-12-03 06:14 - 01959434 _____ (Farbar) C:\Users\name changed for security\Desktop\FRST64_exe.exe
2013-12-02 11:14 - 2013-12-02 10:48 - 00020013 _____ C:\Users\name changed for security\Desktop\dds.txt
2013-12-02 11:12 - 2013-12-02 10:48 - 00016503 _____ C:\Users\name changed for security\Desktop\attach.txt
2013-12-02 10:44 - 2009-07-13 23:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 10:44 - 2009-07-13 23:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 10:41 - 2009-07-14 00:13 - 00725952 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 10:32 - 2013-12-02 10:32 - 00688992 ____R (Swearware) C:\Users\name changed for security\Desktop\dds_com.exe
2013-12-02 10:23 - 2013-12-02 10:23 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\name changed for security\Desktop\rkill_exe
2013-12-02 09:23 - 2010-11-20 22:47 - 00442620 _____ C:\Windows\PFRO.log
2013-12-02 09:03 - 2013-12-02 09:03 - 00000000 _____ C:\Users\name changed for security\Downloads\msert_exe.ydl83ks.partial
2013-11-29 22:54 - 2013-11-29 14:12 - 00000000 ____D C:\Users\name changed for security\AppData\Roaming\Unyvmoy
2013-11-29 22:51 - 2013-05-04 11:46 - 00000000 ____D C:\Users\Guest\AppData\Local\Deployment
2013-11-29 22:50 - 2013-05-04 11:45 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-29 22:50 - 2013-05-04 11:45 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-29 19:27 - 2012-03-27 22:00 - 00000000 ____D C:\Users\name changed for security\AppData\Local\CrashDumps
2013-11-29 17:06 - 2013-11-29 15:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-29 17:00 - 2013-11-29 16:59 - 00000199 _____ C:\Windows\wininit.ini
2013-11-29 15:06 - 2013-11-29 15:06 - 00001229 _____ C:\Users\name changed for security\Desktop\Spybot - Search & Destroy.lnk
2013-11-29 15:06 - 2013-11-29 15:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-29 14:32 - 2013-11-29 14:11 - 00000000 ____D C:\Users\name changed for security\AppData\Roaming\Wetezer
2013-11-29 14:29 - 2013-11-29 14:29 - 00000000 _____ C:\Users\name changed for security\Desktop\msert_exe.6yykto2.partial
2013-11-29 14:09 - 2012-05-11 17:18 - 00000000 ____D C:\Users\name changed for security\AppData\Roaming\Panda Security
2013-11-29 14:08 - 2013-11-29 14:08 - 00126777 _____ C:\Users\name changed for security\5519363.exe
2013-11-29 14:08 - 2012-01-07 20:44 - 00000000 ____D C:\Users\name changed for security
2013-11-29 11:39 - 2012-11-11 00:09 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-29 11:39 - 2011-10-20 19:50 - 01477945 _____ C:\Windows\WindowsUpdate.log
2013-11-27 11:03 - 2013-11-27 11:03 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-11-27 11:01 - 2012-05-22 20:59 - 00000000 ____D C:\Users\name changed for security\AppData\Local\Microsoft Help
2013-11-27 10:04 - 2013-11-27 10:04 - 01191834 _____ C:\Users\name changed for security\Downloads\ProcessExplorer.zip
2013-11-22 04:49 - 2013-11-04 14:51 - 00000000 ____D C:\Users\name changed for security\Desktop\TIME SHEETS
2013-11-18 12:53 - 2012-01-07 20:46 - 00000000 ___RD C:\Users\name changed for security\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-18 12:53 - 2012-01-07 20:44 - 00000000 ___RD C:\Users\name changed for security\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-17 00:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-16 23:29 - 2009-07-13 23:45 - 00461768 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5330 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5329 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5328 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5327 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5326 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5325 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5324 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5323 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5321 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5320 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5319 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5316 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5315 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5309 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5308 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5306 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5305 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5304 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5303 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5302 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001276 _____ C:\Users\Guest\Desktop\IMG_5301 - Shortcut.lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5330 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5329 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5328 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5327 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5326 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5325 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5324 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5323 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5321 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5320 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5319 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5316 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5315 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5309 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5308 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5306 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5305 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5304 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5303 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5302 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00001246 _____ C:\Users\Guest\Desktop\IMG_5301 - Shortcut (2).lnk
2013-11-13 04:01 - 2013-11-13 04:01 - 00000598 _____ C:\Users\Guest\Desktop\IMG_5325.JPG~RF6c6c7.TMP - Shortcut.lnk
2013-11-13 04:00 - 2013-07-23 20:22 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2013-11-13 03:21 - 2013-11-13 03:21 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Panda Security
2013-11-13 03:21 - 2013-11-13 03:21 - 00000000 ____D C:\Users\Guest\AppData\Local\panda4_1dn
2013-11-13 03:21 - 2013-05-04 11:46 - 00108840 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-12 14:40 - 2013-11-12 14:40 - 00000000 ____D C:\Users\name changed for security\AppData\Local\panda4_1dn
2013-11-12 10:18 - 2012-05-11 17:17 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-11-11 15:58 - 2012-01-07 20:45 - 00108840 _____ C:\Users\name changed for security\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-11 15:50 - 2013-11-11 15:50 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2013-11-09 09:08 - 2013-11-09 09:08 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2013-11-09 03:59 - 2013-11-09 03:59 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Opera
2013-11-09 03:59 - 2013-11-09 03:59 - 00000000 ____D C:\Users\Guest\AppData\Local\Opera
2013-11-05 15:06 - 2013-11-05 15:06 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WinRAR
2013-11-04 15:00 - 2013-07-07 21:57 - 00000000 ____D C:\Users\name changed for security\AppData\Roaming\uTorrent
2013-11-03 13:20 - 2013-11-02 16:21 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Google
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Alureon:
C:\Users\name changed for security\AppData\Local\Temp\sqyidrv\sespqno\wow.dll

Files to move or delete:
====================
C:\Users\name changed for security\5519363.exe

Some content of TEMP:
====================
C:\Users\Kuroneko\AppData\Local\Temp\COMAP.EXE
C:\Users\Leigh\AppData\Local\Temp\COMAP.EXE
C:\Users\name changed for security\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-30 00:13

==================== End Of Log ============================

 

ADDITION.TXT

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2013
Ran by name changed for security at 2013-12-03 06:30:15
Running from C:\Users\name changed for security\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.2146.41621)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.6) MUI (x32 Version: 10.1.6)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.1219.1521.27485)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Best Buy pc app (Version: 3.2.2.0)
Best Buy pc app (x32 Version: 3.2.2.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CyberLink PowerDVD 10 (x32 Version: 10.0.2531.52)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.4.0315)
Dell V310-V510 Series
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Gateway Recovery Management (x32 Version: 5.00.3502)
Gateway Registration (x32 Version: 1.04.3503)
Gateway ScreenSaver (x32 Version: 1.1.0225.2011)
Gateway Updater (x32 Version: 1.02.3500)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Hotkey Utility (x32 Version: 2.05.3505)
iCloud (Version: 2.1.2.8)
Identity Card (x32 Version: 1.00.3501)
iTunes (Version: 11.0.4.4)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero BackItUp 10 (x32 Version: 5.8.11000.8.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Control Center 10 (x32 Version: 10.6.12700.0.7)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Core Components 10 (x32 Version: 2.0.19900.9.11)
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Express 10 (x32 Version: 10.6.10700.5.100)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300)
Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.10900.31.0)
Opera 12.02 (x32 Version: 12.02.1578)
Opera Labs OOPP 12.00 alpha build 1211 (Version: 12.00.1211)
Panda Cloud Antivirus (Version: 6.06.00.0000)
Panda Cloud Antivirus (x32 Version: 2.1.0)
Panda Security Toolbar (x32 Version: 4.1.0.5)
Panda Security URL Filtering (x32 Version: 2.0.0.13)
PokerStars.net (x32)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6392)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Toolbar Cleaner 1.0 (x32)
UnfriendApp (x32 Version: 2.5.65)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
Vuze (x32 Version: 4.8.1.0)
Welcome Center (x32 Version: 1.02.3503)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (x32 Version: 4.11.0)

==================== Restore Points  =========================

27-10-2013 04:00:01 Scheduled Checkpoint
03-11-2013 04:00:04 Scheduled Checkpoint
10-11-2013 05:10:23 Scheduled Checkpoint
16-11-2013 09:24:50 Windows Update
24-11-2013 05:00:03 Scheduled Checkpoint
27-11-2013 16:03:19 Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1E471C14-B18E-4BC8-8702-FA183FC7C18E} - \NBAgent No Task File
Task: {454ADACB-52AE-4DF5-A77F-BE8042498A59} - System32\Tasks\{AA2C8AB8-C42F-4705-9C7F-E0D25E28E288} => C:\Users\name changed for security\Desktop\FRST64_exe.exe [2013-12-03] (Farbar)
Task: {745687C5-9E87-4874-B87F-F2E808056E9C} - \Adobe Flash Player Updater No Task File
Task: {7B3D0474-908B-44FF-8666-2D6599E87787} - \GoogleUpdateTaskMachineCore No Task File
Task: {9300C4C9-39EC-44D8-A63E-A4C9DFCB8AA3} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2011-06-17] (Acer)
Task: {AF110ED0-2CDA-4E3B-BEBB-9D112AA3F893} - \GoogleUpdateTaskUserS-1-5-21-3848995675-3748690613-2203874693-1000UA No Task File
Task: {AF27C99B-A1C2-4ACE-B410-224EE529F0B5} - \Adobe Reader Speed Launcher No Task File
Task: {B8890B62-A8F4-4893-ACEF-1B8756D3BC40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2592DEC-AD3F-47B4-BE25-BCB253E4ABC2} - \Adobe ARM No Task File
Task: {C2A3C8EE-5D01-4647-8E3D-EB9BAAAECF92} - \GoogleUpdateTaskMachineUA No Task File
Task: {CDE23BAD-4BBC-4150-8BFA-2A4B4CDAD921} - \GoogleUpdateTaskUserS-1-5-21-3848995675-3748690613-2203874693-1000Core No Task File
Task: {FFAFBAE0-B0AF-4174-BEBE-68D1F86052ED} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3848995675-3748690613-2203874693-1000Core.job => C:\Users\name changed for security\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3848995675-3748690613-2203874693-1000UA.job => C:\Users\name changed for security\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-11-20 22:24 - 2010-11-20 22:24 - 00326144 _____ () C:\Windows\system32\mswsock.dll
2012-04-19 17:56 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2012-12-19 15:32 - 2012-12-19 15:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2012-02-03 22:27 - 2009-11-26 03:49 - 00086180 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2012-02-03 22:28 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2012-02-03 22:27 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2012-02-03 22:27 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2012-02-03 22:27 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2012-02-03 22:27 - 2009-03-05 12:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2012-02-03 22:27 - 2009-06-22 08:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2012-02-03 22:27 - 2009-06-22 08:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2012-02-03 22:27 - 2009-06-22 08:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2012-02-03 22:27 - 2009-06-22 08:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2012-02-03 22:27 - 2009-06-22 08:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2012-02-03 22:27 - 2009-06-22 08:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2012-02-03 22:27 - 2009-06-22 08:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2012-02-03 22:27 - 2009-06-22 08:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2012-02-03 22:27 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2012-02-03 22:28 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2011-08-10 22:57 - 2011-08-10 22:57 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2013 06:27:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 00:34:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/02/2013 05:18:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73eec9f5
Faulting process id: 0x248c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (12/02/2013 01:12:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2013 01:12:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2013 10:38:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 10:18:46 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16736 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15b4

Start Time: 01ceef6b3a4f07f7

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (12/02/2013 09:27:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:24:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2013 06:05:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73cec9f5
Faulting process id: 0x84c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

System errors:
=============
Error: (12/03/2013 06:27:29 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/03/2013 06:26:13 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (12/03/2013 06:26:13 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/03/2013 06:26:13 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/03/2013 06:26:13 AM) (Source: Service Control Manager) (User: )
Description: The dleaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (12/03/2013 06:26:13 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.

Error: (12/03/2013 06:26:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (12/03/2013 06:11:33 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/03/2013 06:11:33 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/02/2013 11:14:33 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3796.93 MB
Available physical RAM: 2321.43 MB
Total Pagefile: 7592.04 MB
Available Pagefile: 5822.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:917.41 GB) (Free:850.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 29C08B4E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 03 December 2013 - 08:28 PM

Hello mgmonett



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.39KB   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mgmonett

mgmonett
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 04 December 2013 - 06:35 AM

Hello Gringo, as instructed, I saved fixlist.txt in the same directory as Farbar Recovery Scan Tool. I also ran FSRT again, and pressed the Fix button. The script completed, and after it finished, it prompted me to restart to complete. The restart did not complete. After waiting several minutes I did a hard power-cycle. After booting up, there was a new file, fixlog.txt in the directory that fixlist.txt and FRST are located. No longer is PandaCloud antivirus reporting viruses originating in Desktop.ini, or in C:\Program Files(x86)\Google\Desktop\Install\...

 

Once again, I have altered my name with "xxxx". That stated, here is the content of FIXLOG.TXT:

 

FIXLOG.TXT

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2013
Ran by xxxx at 2013-12-04 06:12:55 Run:1
Running from C:\Users\xxxx\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\xxxx\AppData\Local\Temp\sqyidrv\sespqno\wow.dll ATTENTION! ====> ZeroAccess?
HKU\Leigh\...\RunOnce: [wkfzy] - C:\Users\Leigh\AppData\Local\wkfzy.exe
Winsock: Catalog5 01 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll [326144] () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2013-11-29 14:12 - 2013-11-29 22:54 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Unyvmoy
2013-11-29 14:11 - 2013-11-29 14:32 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Wetezer
2013-11-29 14:08 - 2013-11-29 14:08 - 00126777 _____ C:\Users\xxxx\5519363.exe
C:\Program Files (x86)\Google\Desktop\Install
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\xxxx\AppData\Local\Temp\sqyidrv\sespqno\wow.dll
C:\Users\xxxx\5519363.exe
C:\Users\Kuroneko\AppData\Local\Temp\COMAP.EXE
C:\Users\Leigh\AppData\Local\Temp\COMAP.EXE
C:\Users\xxxx\AppData\Local\Temp\ose00000.exe

*****************

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKU\Leigh\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wkfzy => Value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\Users\xxxx\AppData\Roaming\Unyvmoy => Moved successfully.
C:\Users\xxxx\AppData\Roaming\Wetezer => Moved successfully.
C:\Users\xxxx\5519363.exe => Moved successfully.

"C:\Program Files (x86)\Google\Desktop\Install" directory move:

Could not move "C:\Program Files (x86)\Google\Desktop\Install" directory. => Scheduled to move on reboot.

C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move "C:\Windows\assembly\GAC_64\Desktop.ini" => Scheduled to move on reboot.
C:\Users\xxxx\AppData\Local\Temp\sqyidrv\sespqno\wow.dll => Moved successfully.
"C:\Users\xxxx\5519363.exe" => File/Directory not found.
C:\Users\Kuroneko\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Leigh\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\xxxx\AppData\Local\Temp\ose00000.exe => Moved successfully.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 04 December 2013 - 01:21 PM



Hello mgmonett

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 07 December 2013 - 03:01 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 10 December 2013 - 03:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users