Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a Zero Access rootkit


  • This topic is locked This topic is locked
11 replies to this topic

#1 Firefightertom1

Firefightertom1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 14 December 2013 - 08:56 PM

I am running windows vista. I am unable to backup or create a restore point. I also cannot download windows updates. I started out with a post in the vista section of forums and did as they requested. I was they directed to the Am I infected section and ran several scans. I was told that I have a Zero Access rootkit, that would require advanced assistance. I was then directed to download and run a DDS scan and post the result. Here are the results of that scan.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Amanda at 19:31:58 on 2013-12-14
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3454.2026 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Speccy\Speccy.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\7514d7d8-9a0a-4c93-8ea5-c894457ae3fd.exe /check
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\users\amanda\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{DED016E1-85DE-4016-81C9-1DDF14D8BBDB} : DHCPNameServer = 172.16.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-9 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-9 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-9 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-9 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-9 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-9 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-14 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-12-14 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-11-25 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-11-25 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-11-25 171416]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-14 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 gupdate1c9dd56b99d4eb0;Google Update Service (gupdate1c9dd56b99d4eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-25 133104]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-12-8 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-17 19968]
.
=============== Created Last 30 ================
.
2013-12-14 22:02:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-14 22:01:33 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-14 21:15:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-14 21:15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-14 19:27:42 -------- d-----w- c:\program files\wrapper_inst
2013-12-14 19:26:45 -------- d-----w- c:\users\amanda\appdata\roaming\LavasoftStatistics
2013-12-14 19:25:40 -------- d-----w- c:\users\amanda\appdata\roaming\SearchProtect
2013-12-14 19:25:39 -------- d-----w- c:\program files\Conduit
2013-12-14 19:25:36 -------- d-----w- c:\programdata\Conduit
2013-12-14 19:25:35 -------- d-----w- c:\users\amanda\appdata\local\Conduit
2013-12-13 18:49:28 -------- d-----w- C:\history
2013-12-13 18:40:43 -------- d-----w- c:\program files\Microsoft
2013-12-13 15:53:46 -------- d-----w- c:\windows\CheckSur
2013-12-12 17:35:36 -------- d-----w- c:\program files\Speccy
2013-12-12 08:04:55 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 08:04:55 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 08:04:54 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 08:04:54 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 08:04:53 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 08:04:53 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 08:04:53 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 08:04:53 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 08:04:53 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 08:04:52 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-09 17:22:37 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-12-09 16:39:10 -------- d-----w- c:\programdata\COMODO
2013-12-09 16:38:54 -------- d-----w- c:\users\amanda\appdata\local\Comodo
2013-12-09 16:38:40 -------- d-----w- c:\program files\Comodo
2013-12-09 14:58:36 -------- d-----w- c:\windows\Migration
2013-12-09 06:50:44 -------- d-----w- c:\windows\system32\MRT
2013-12-09 06:48:53 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-12-09 06:48:53 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-12-09 06:48:53 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-12-09 06:48:53 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-12-09 06:48:52 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-12-09 03:05:57 -------- d-----w- c:\users\amanda\appdata\local\ElevatedDiagnostics
2013-12-08 20:04:48 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-12-08 19:49:52 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-12-08 19:49:52 -------- d-----w- c:\users\amanda\appdata\local\SlimWare Utilities Inc
2013-12-08 19:49:43 -------- d-----w- c:\program files\DriverUpdate
2013-12-07 19:04:12 -------- d-----w- c:\users\amanda\appdata\roaming\AVAST Software
2013-11-27 03:06:55 -------- d-----w- c:\programdata\Elaborate Bytes
2013-11-26 04:47:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-11-26 02:21:46 -------- d-----w- c:\program files\common files\Palo Alto Software
2013-11-26 02:21:42 -------- d-----w- c:\program files\common files\Intuit
2013-11-26 02:21:34 -------- d-----w- c:\program files\Quicken
2013-11-25 20:34:20 -------- d-----w- c:\program files\Elaborate Bytes
2013-11-25 20:33:53 -------- d-----w- c:\program files\SlySoft
2013-11-25 20:05:10 -------- d-----w- c:\users\amanda\appdata\roaming\WinArchiver
2013-11-25 18:24:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-11-25 18:24:02 -------- d-----w- c:\windows\PCHEALTH
2013-11-25 18:24:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-11-25 18:22:58 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-11-25 18:22:22 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-11-25 18:10:23 -------- d-----w- c:\users\amanda\appdata\roaming\PowerISO
2013-11-25 18:07:49 -------- d-----w- c:\program files\Bench
.
==================== Find3M  ====================
.
2013-12-10 22:21:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 22:21:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-07 19:02:38 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-07 19:02:38 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-07 19:02:38 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-07 19:02:38 43152 ----a-w- c:\windows\avastSS.scr
2013-12-07 19:02:38 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-09 21:38:09 120488 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-09-30 23:38:16 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll
2013-09-20 16:49:30 18968 ----a-w- c:\windows\system32\sdnclean.exe
.
============= FINISH: 19:32:24.13 ===============
 

Attached Files


Edited by Firefightertom1, 14 December 2013 - 09:01 PM.


BC AdBot (Login to Remove)

 


#2 Firefightertom1

Firefightertom1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 14 December 2013 - 09:08 PM

Here is a link to the steps I took prior to staring a new post.

http://www.bleepingcomputer.com/forums/t/517475/i-suspect-my-computer-may-be-infected/



#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 15 December 2013 - 06:37 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 Firefightertom1

Firefightertom1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 15 December 2013 - 06:59 PM

I was unable to attach the additional file as an attachment. I copied and pasted it after the FRST scan. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-12-2013
Ran by Amanda (administrator) on TOMMY-PC on 15-12-2013 17:46:55
Running from C:\Users\Amanda\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\7514d7d8-9a0a-4c93-8ea5-c894457ae3fd.exe [180184 2013-11-25] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-07] (AVAST Software)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKCU\...\Winlogon: [Shell]
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
MountPoints2: {2983189b-260b-11de-acc9-001bb984259c} - K:\Imageviewer.exe
MountPoints2: {3dff13be-7799-11de-84be-001bb984259c} - F:\Setup_FlipShare.exe
MountPoints2: {40f52811-a8ac-11de-b182-001bb984259c} - F:\WDSetup.exe
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2007-03-12] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2007-03-12] (Hewlett-Packard)
Startup: C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope {E5A0D018-D7C8-4BC5-9027-E38ADC773E7D} URL =
SearchScopes: HKLM - {363C8E96-EF60-4142-A8BD-475473C5CD80} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {926F1A1A-02DB-406A-9EB4-4E84B90AF928} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {D66FFCD4-EF0E-43D5-99B3-416761A69338} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKCU - DefaultScope {E5A0D018-D7C8-4BC5-9027-E38ADC773E7D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279418&CUI=UN39366961942279116&UM=2
SearchScopes: HKCU - C2D5E21EE7E24B46AE406838F04E371B URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=219247&p={searchTerms}
SearchScopes: HKCU - {363C8E96-EF60-4142-A8BD-475473C5CD80} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {926F1A1A-02DB-406A-9EB4-4E84B90AF928} URL =
SearchScopes: HKCU - {D66FFCD4-EF0E-43D5-99B3-416761A69338} URL =
SearchScopes: HKCU - {E5A0D018-D7C8-4BC5-9027-E38ADC773E7D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279418&CUI=UN39366961942279116&UM=2
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {53707962-6F74-2D53-2644-206D7942484F} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-07] (AVAST Software)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [451904 2009-02-17] ()
S2 gupdate1c9dd56b99d4eb0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-25] (Google Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [120488 2013-11-09] (SlySoft, Inc.)
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-07] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-07] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-12-08] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S2 mrtRate; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-15 17:46 - 2013-12-15 17:47 - 00010716 _____ C:\Users\Amanda\Downloads\FRST.txt
2013-12-15 17:46 - 2013-12-15 17:46 - 00000000 ____D C:\FRST
2013-12-15 17:45 - 2013-12-15 17:45 - 01060903 _____ (Farbar) C:\Users\Amanda\Downloads\FRST.exe
2013-12-14 19:40 - 2013-12-14 19:40 - 00006893 _____ C:\Users\Amanda\Desktop\attach.txt
2013-12-14 19:40 - 2013-12-14 19:32 - 00015142 _____ C:\Users\Amanda\Desktop\dds.txt
2013-12-14 19:17 - 2013-12-14 19:17 - 00688992 ____R (Swearware) C:\Users\Amanda\Downloads\dds (1).com
2013-12-14 18:22 - 2013-12-14 18:22 - 00688992 ____R (Swearware) C:\Users\Amanda\Downloads\dds.com
2013-12-14 16:54 - 2013-12-14 16:54 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill (1).exe
2013-12-14 16:02 - 2013-12-14 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-14 16:01 - 2013-12-14 16:51 - 00000000 ____D C:\Users\Amanda\Desktop\mbar
2013-12-14 16:01 - 2013-12-14 16:15 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-14 16:00 - 2013-12-14 16:01 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Amanda\Downloads\mbar-1.07.0.1008.exe
2013-12-14 15:58 - 2013-12-14 15:58 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\iExplore.exe
2013-12-14 15:53 - 2013-12-14 15:53 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.exe
2013-12-14 15:38 - 2013-12-15 11:12 - 00008970 _____ C:\Windows\PFRO.log
2013-12-14 15:15 - 2013-12-14 15:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Amanda\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-14 15:15 - 2013-12-14 15:15 - 00000868 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 15:15 - 2013-12-14 15:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-14 15:15 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-14 15:08 - 2013-12-14 15:08 - 00760937 _____ (Farbar) C:\Users\Amanda\Downloads\MiniToolBox (1).exe
2013-12-14 15:06 - 2013-12-14 15:06 - 00708597 _____ (Farbar) C:\Users\Amanda\Downloads\FSS.exe
2013-12-14 14:59 - 2013-12-14 16:55 - 00000000 ____D C:\Users\Amanda\Desktop\Scan Results
2013-12-14 14:54 - 2013-12-14 14:54 - 00891200 _____ C:\Users\Amanda\Downloads\SecurityCheck.exe
2013-12-14 13:27 - 2013-12-14 13:27 - 00000000 ____D C:\Program Files\wrapper_inst
2013-12-14 13:26 - 2013-12-14 13:26 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\LavasoftStatistics
2013-12-14 13:25 - 2013-12-14 15:36 - 00000000 ____D C:\ProgramData\Conduit
2013-12-14 13:25 - 2013-12-14 13:28 - 00000000 ____D C:\Users\Amanda\AppData\Local\Conduit
2013-12-14 13:25 - 2013-12-14 13:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\SearchProtect
2013-12-14 13:25 - 2013-12-14 13:25 - 00000000 ____D C:\Program Files\Conduit
2013-12-13 12:49 - 2013-12-13 12:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-13 10:31 - 2013-12-13 10:34 - 147445671 _____ C:\Users\Amanda\Downloads\Windows6.0-KB947821-v32-x86 (1).msu
2013-12-13 09:53 - 2013-12-13 09:53 - 00000000 ____D C:\Windows\CheckSur
2013-12-13 09:51 - 2013-12-13 10:10 - 147445671 _____ C:\Users\Amanda\Downloads\Windows6.0-KB947821-v32-x86.msu
2013-12-13 09:38 - 2013-12-13 09:39 - 00280204 _____ C:\Users\Amanda\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-12-12 17:53 - 2013-12-12 17:53 - 00760937 _____ (Farbar) C:\Users\Amanda\Downloads\MiniToolBox.exe
2013-12-12 11:35 - 2013-12-13 09:05 - 00000738 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-12-12 11:35 - 2013-12-13 09:05 - 00000000 ____D C:\Program Files\Speccy
2013-12-12 11:35 - 2013-12-12 11:35 - 00000000 _____ C:\Windows\setuperr.log
2013-12-12 11:35 - 2013-12-12 11:35 - 00000000 _____ C:\Windows\setupact.log
2013-12-12 04:40 - 2013-12-12 04:40 - 00002035 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 03:03 - 2013-11-14 17:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:03 - 2013-11-14 16:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:03 - 2013-11-14 16:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:03 - 2013-11-14 16:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:03 - 2013-11-14 16:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:03 - 2013-11-14 16:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:03 - 2013-11-14 16:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 03:03 - 2013-11-14 16:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:03 - 2013-11-14 16:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 03:03 - 2013-11-14 16:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 03:03 - 2013-11-14 16:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:03 - 2013-11-14 16:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 03:03 - 2013-11-14 16:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:03 - 2013-11-14 16:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 03:03 - 2013-11-14 16:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:03 - 2013-11-14 16:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 02:04 - 2013-10-29 20:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 02:04 - 2013-10-29 19:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 02:04 - 2013-10-29 18:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 02:04 - 2013-10-29 18:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 02:04 - 2013-10-22 01:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 02:04 - 2013-10-10 20:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 02:04 - 2013-10-10 20:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 02:04 - 2013-10-10 20:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 02:04 - 2013-10-10 18:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 02:04 - 2013-10-10 18:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-09 11:25 - 2013-12-09 11:26 - 211388240 _____ (COMODO) C:\Users\Amanda\Downloads\cfw_installer.exe
2013-12-09 11:22 - 2013-12-09 11:22 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2013-12-09 10:39 - 2013-12-14 19:25 - 00000000 ____D C:\ProgramData\COMODO
2013-12-09 10:38 - 2013-12-14 19:23 - 00000000 ____D C:\Program Files\Comodo
2013-12-09 10:38 - 2013-12-09 10:38 - 00000000 ____D C:\Users\Amanda\AppData\Local\Comodo
2013-12-09 10:35 - 2013-12-09 10:36 - 211388240 _____ (COMODO) C:\Users\Amanda\Downloads\cispremium_installer.exe
2013-12-09 09:52 - 2013-12-09 09:52 - 01059840 _____ C:\Users\Amanda\Downloads\MicrosoftFixit50981.msi
2013-12-09 00:50 - 2013-12-12 03:21 - 00000000 ____D C:\Windows\system32\MRT
2013-12-09 00:49 - 2013-10-10 20:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-09 00:49 - 2013-10-10 20:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-09 00:49 - 2013-10-10 18:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-12-09 00:49 - 2013-10-03 06:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-09 00:49 - 2013-08-26 20:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-12-09 00:49 - 2013-08-26 20:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-12-09 00:49 - 2013-08-26 20:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-12-09 00:49 - 2013-08-26 20:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-12-09 00:49 - 2013-08-26 19:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-12-09 00:49 - 2013-08-26 19:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-12-09 00:49 - 2013-08-26 19:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-12-09 00:49 - 2013-08-26 19:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-12-09 00:49 - 2013-08-26 19:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-12-09 00:49 - 2013-08-01 22:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-12-09 00:49 - 2013-07-31 21:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-09 00:49 - 2013-07-31 20:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-12-09 00:49 - 2013-07-20 04:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-09 00:49 - 2013-07-15 22:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-12-09 00:49 - 2013-07-10 03:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-12-09 00:49 - 2013-07-09 06:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-09 00:49 - 2013-07-07 22:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-09 00:49 - 2013-07-07 22:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-09 00:49 - 2013-07-04 22:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-09 00:49 - 2013-07-02 20:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-12-09 00:49 - 2013-07-02 20:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-09 00:49 - 2013-06-28 20:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-12-09 00:49 - 2013-06-28 20:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-12-09 00:49 - 2013-06-28 20:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-12-09 00:49 - 2013-06-28 20:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-12-09 00:49 - 2013-06-26 17:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-09 00:49 - 2013-06-15 07:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-12-09 00:49 - 2013-06-15 05:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-12-09 00:49 - 2013-06-03 22:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-09 00:49 - 2013-06-03 19:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-09 00:49 - 2013-05-31 22:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-12-09 00:49 - 2013-05-01 22:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-12-09 00:49 - 2013-05-01 22:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-12-09 00:49 - 2013-03-03 13:07 - 01082232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-12-09 00:49 - 2011-05-05 07:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-12-09 00:49 - 2011-05-05 07:54 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-12-09 00:48 - 2013-07-03 22:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-08 21:25 - 2013-12-08 21:25 - 00280204 _____ C:\Users\Amanda\Downloads\WindowsUpdateDiagnostic.diagcab
2013-12-08 21:03 - 2013-12-08 21:25 - 00347816 _____ (Microsoft Corporation) C:\Users\Amanda\Downloads\MicrosoftFixit.wu.LB.150309985184219734.1.1.Run.exe
2013-12-08 14:04 - 2013-12-08 14:20 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-08 13:49 - 2013-12-08 22:55 - 00000000 ____D C:\Program Files\DriverUpdate
2013-12-08 13:49 - 2013-12-08 13:49 - 00739648 _____ (SlimWare Utilities, Inc.) C:\Users\Amanda\Downloads\DriverUpdate-setup.exe
2013-12-08 13:49 - 2013-12-08 13:49 - 00013464 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-12-08 13:49 - 2013-12-08 13:49 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-12-08 13:49 - 2013-12-08 13:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\SlimWare Utilities Inc
2013-12-07 13:04 - 2013-12-07 13:04 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\AVAST Software
2013-12-07 01:35 - 2013-12-15 17:42 - 01847055 _____ C:\Windows\WindowsUpdate.log
2013-11-26 21:13 - 2013-11-26 21:14 - 00000000 ___RD C:\Users\Amanda\Desktop\Misc Stuff
2013-11-26 21:06 - 2013-11-26 21:06 - 00000254 _____ C:\Users\Amanda\Downloads\CloneDVD_Key_13241712.CloneDVD
2013-11-26 21:06 - 2013-11-26 21:06 - 00000000 ____D C:\ProgramData\Elaborate Bytes
2013-11-26 11:37 - 2013-11-26 11:37 - 00000856 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2013-11-26 00:09 - 2013-11-26 00:08 - 00450664 ____R C:\Windows\system32\Drivers\etc\hosts.20131126-000924.backup
2013-11-26 00:08 - 2012-11-13 16:57 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts.20131126-000848.backup
2013-11-25 23:15 - 2013-11-25 23:15 - 00000954 _____ C:\Users\Public\Desktop\CloneDVD2.lnk
2013-11-25 22:47 - 2013-11-25 22:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-11-25 22:47 - 2013-11-25 22:47 - 00001920 _____ C:\Users\Public\Desktop\Spybot-S&D.lnk
2013-11-25 22:40 - 2013-12-02 11:03 - 00002573 _____ C:\Users\Amanda\Desktop\Word 2010.lnk
2013-11-25 20:37 - 2013-12-08 13:16 - 00000078 _____ C:\Windows\qwimp.ini
2013-11-25 20:21 - 2013-12-08 22:53 - 00001332 _____ C:\Windows\QUICKEN.INI
2013-11-25 20:21 - 2013-11-25 20:21 - 00001547 _____ C:\Users\Public\Desktop\Quicken 2004.lnk
2013-11-25 20:21 - 2013-11-25 20:21 - 00000000 ____D C:\Program Files\Common Files\Palo Alto Software
2013-11-25 20:21 - 2013-11-25 20:21 - 00000000 ____D C:\Program Files\Common Files\Intuit
2013-11-25 14:44 - 2013-11-25 14:54 - 05185720 _____ C:\Users\Amanda\Downloads\SetupCloneDVD2.exe
2013-11-25 14:34 - 2013-11-26 21:14 - 00000125 ___SH C:\ProgramData\.zreglib
2013-11-25 14:34 - 2013-11-25 23:15 - 00000000 ____D C:\Program Files\Elaborate Bytes
2013-11-25 14:34 - 2013-11-25 14:34 - 00000000 ____D C:\Users\Amanda\Documents\AnyDVDHD
2013-11-25 14:33 - 2013-11-25 14:33 - 00000000 ____D C:\ProgramData\SlySoft
2013-11-25 14:33 - 2013-11-25 14:33 - 00000000 ____D C:\Program Files\SlySoft
2013-11-25 14:05 - 2013-11-25 14:05 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\WinArchiver
2013-11-25 12:25 - 2013-12-14 14:58 - 00002479 _____ C:\Users\Amanda\Desktop\Picture Manager.lnk
2013-11-25 12:25 - 2013-11-25 12:25 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-11-25 12:22 - 2013-11-25 12:24 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-25 12:22 - 2013-11-25 12:22 - 00000000 __RHD C:\MSOCache
2013-11-25 12:22 - 2013-11-25 12:22 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-11-25 12:22 - 2013-11-25 12:22 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-11-25 12:10 - 2013-11-25 12:10 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\PowerISO
2013-11-25 12:07 - 2013-12-14 15:36 - 00000000 ____D C:\Program Files\Bench

==================== One Month Modified Files and Folders =======

2013-12-15 17:47 - 2013-12-15 17:46 - 00010716 _____ C:\Users\Amanda\Downloads\FRST.txt
2013-12-15 17:46 - 2013-12-15 17:46 - 00000000 ____D C:\FRST
2013-12-15 17:45 - 2013-12-15 17:45 - 01060903 _____ (Farbar) C:\Users\Amanda\Downloads\FRST.exe
2013-12-15 17:42 - 2013-12-07 01:35 - 01847055 _____ C:\Windows\WindowsUpdate.log
2013-12-15 17:38 - 2009-06-30 16:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 17:21 - 2013-04-18 13:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 16:00 - 2006-11-02 06:47 - 00003568 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 16:00 - 2006-11-02 06:47 - 00003568 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 12:08 - 2013-03-29 09:28 - 00006390 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-15 12:00 - 2013-04-18 15:58 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-12-15 12:00 - 2009-06-30 16:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 12:00 - 2007-07-10 13:38 - 00000000 ____D C:\Windows\SMINST
2013-12-15 12:00 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 12:00 - 2006-11-02 06:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-15 11:35 - 2006-11-02 07:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-15 11:12 - 2013-12-14 15:38 - 00008970 _____ C:\Windows\PFRO.log
2013-12-14 19:40 - 2013-12-14 19:40 - 00006893 _____ C:\Users\Amanda\Desktop\attach.txt
2013-12-14 19:32 - 2013-12-14 19:40 - 00015142 _____ C:\Users\Amanda\Desktop\dds.txt
2013-12-14 19:25 - 2013-12-09 10:39 - 00000000 ____D C:\ProgramData\COMODO
2013-12-14 19:23 - 2013-12-09 10:38 - 00000000 ____D C:\Program Files\Comodo
2013-12-14 19:17 - 2013-12-14 19:17 - 00688992 ____R (Swearware) C:\Users\Amanda\Downloads\dds (1).com
2013-12-14 18:22 - 2013-12-14 18:22 - 00688992 ____R (Swearware) C:\Users\Amanda\Downloads\dds.com
2013-12-14 16:55 - 2013-12-14 14:59 - 00000000 ____D C:\Users\Amanda\Desktop\Scan Results
2013-12-14 16:54 - 2013-12-14 16:54 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill (1).exe
2013-12-14 16:51 - 2013-12-14 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-14 16:51 - 2013-12-14 16:01 - 00000000 ____D C:\Users\Amanda\Desktop\mbar
2013-12-14 16:15 - 2013-12-14 16:01 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-14 16:01 - 2013-12-14 16:00 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Amanda\Downloads\mbar-1.07.0.1008.exe
2013-12-14 15:58 - 2013-12-14 15:58 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\iExplore.exe
2013-12-14 15:53 - 2013-12-14 15:53 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Amanda\Downloads\rkill.exe
2013-12-14 15:38 - 2012-11-11 23:26 - 00000000 ____D C:\Windows\Hewlett-Packard
2013-12-14 15:36 - 2013-12-14 13:25 - 00000000 ____D C:\ProgramData\Conduit
2013-12-14 15:36 - 2013-11-25 12:07 - 00000000 ____D C:\Program Files\Bench
2013-12-14 15:15 - 2013-12-14 15:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Amanda\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-14 15:15 - 2013-12-14 15:15 - 00000868 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 15:15 - 2013-12-14 15:15 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-14 15:08 - 2013-12-14 15:08 - 00760937 _____ (Farbar) C:\Users\Amanda\Downloads\MiniToolBox (1).exe
2013-12-14 15:06 - 2013-12-14 15:06 - 00708597 _____ (Farbar) C:\Users\Amanda\Downloads\FSS.exe
2013-12-14 14:58 - 2013-11-25 12:25 - 00002479 _____ C:\Users\Amanda\Desktop\Picture Manager.lnk
2013-12-14 14:54 - 2013-12-14 14:54 - 00891200 _____ C:\Users\Amanda\Downloads\SecurityCheck.exe
2013-12-14 13:28 - 2013-12-14 13:25 - 00000000 ____D C:\Users\Amanda\AppData\Local\Conduit
2013-12-14 13:27 - 2013-12-14 13:27 - 00000000 ____D C:\Program Files\wrapper_inst
2013-12-14 13:26 - 2013-12-14 13:26 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\LavasoftStatistics
2013-12-14 13:25 - 2013-12-14 13:25 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\SearchProtect
2013-12-14 13:25 - 2013-12-14 13:25 - 00000000 ____D C:\Program Files\Conduit
2013-12-14 13:25 - 2013-04-20 13:34 - 00000009 _____ C:\end
2013-12-14 13:21 - 2011-02-24 09:21 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-14 13:20 - 2006-11-02 05:18 - 00000000 ___RD C:\Users\Public
2013-12-13 12:49 - 2013-12-13 12:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-13 10:34 - 2013-12-13 10:31 - 147445671 _____ C:\Users\Amanda\Downloads\Windows6.0-KB947821-v32-x86 (1).msu
2013-12-13 10:10 - 2013-12-13 09:51 - 147445671 _____ C:\Users\Amanda\Downloads\Windows6.0-KB947821-v32-x86.msu
2013-12-13 09:53 - 2013-12-13 09:53 - 00000000 ____D C:\Windows\CheckSur
2013-12-13 09:39 - 2013-12-13 09:38 - 00280204 _____ C:\Users\Amanda\Downloads\WindowsUpdateDiagnostic (1).diagcab
2013-12-13 09:05 - 2013-12-12 11:35 - 00000738 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-12-13 09:05 - 2013-12-12 11:35 - 00000000 ____D C:\Program Files\Speccy
2013-12-12 17:53 - 2013-12-12 17:53 - 00760937 _____ (Farbar) C:\Users\Amanda\Downloads\MiniToolBox.exe
2013-12-12 11:35 - 2013-12-12 11:35 - 00000000 _____ C:\Windows\setuperr.log
2013-12-12 11:35 - 2013-12-12 11:35 - 00000000 _____ C:\Windows\setupact.log
2013-12-12 04:40 - 2013-12-12 04:40 - 00002035 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 04:40 - 2007-10-03 17:43 - 00000000 ____D C:\Program Files\Google
2013-12-12 03:44 - 2006-11-02 06:47 - 02368968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:41 - 2007-07-10 12:53 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-12 03:21 - 2013-12-09 00:50 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 03:02 - 2007-07-10 13:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 22:59 - 2012-11-13 20:27 - 00000000 ____D C:\found.007
2013-12-11 22:59 - 2012-11-13 14:41 - 00000000 ____D C:\found.002
2013-12-11 10:46 - 2013-04-18 15:58 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-12-10 16:21 - 2013-04-18 13:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 16:21 - 2013-04-18 13:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-09 11:31 - 2007-09-08 12:52 - 00000000 ____D C:\Users\Amanda
2013-12-09 11:26 - 2013-12-09 11:25 - 211388240 _____ (COMODO) C:\Users\Amanda\Downloads\cfw_installer.exe
2013-12-09 11:22 - 2013-12-09 11:22 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2013-12-09 10:38 - 2013-12-09 10:38 - 00000000 ____D C:\Users\Amanda\AppData\Local\Comodo
2013-12-09 10:36 - 2013-12-09 10:35 - 211388240 _____ (COMODO) C:\Users\Amanda\Downloads\cispremium_installer.exe
2013-12-09 10:17 - 2011-02-25 20:37 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-12-09 09:52 - 2013-12-09 09:52 - 01059840 _____ C:\Users\Amanda\Downloads\MicrosoftFixit50981.msi
2013-12-09 09:08 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-09 08:06 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\rescache
2013-12-09 01:25 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-12-09 01:24 - 2007-09-14 20:55 - 00000000 ____D C:\Users\Amanda\AppData\Local\Microsoft Games
2013-12-09 01:06 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-08 22:55 - 2013-12-08 13:49 - 00000000 ____D C:\Program Files\DriverUpdate
2013-12-08 22:53 - 2013-11-25 20:21 - 00001332 _____ C:\Windows\QUICKEN.INI
2013-12-08 21:25 - 2013-12-08 21:25 - 00280204 _____ C:\Users\Amanda\Downloads\WindowsUpdateDiagnostic.diagcab
2013-12-08 21:25 - 2013-12-08 21:03 - 00347816 _____ (Microsoft Corporation) C:\Users\Amanda\Downloads\MicrosoftFixit.wu.LB.150309985184219734.1.1.Run.exe
2013-12-08 14:20 - 2013-12-08 14:04 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-12-08 13:49 - 2013-12-08 13:49 - 00739648 _____ (SlimWare Utilities, Inc.) C:\Users\Amanda\Downloads\DriverUpdate-setup.exe
2013-12-08 13:49 - 2013-12-08 13:49 - 00013464 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-12-08 13:49 - 2013-12-08 13:49 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-12-08 13:49 - 2013-12-08 13:49 - 00000000 ____D C:\Users\Amanda\AppData\Local\SlimWare Utilities Inc
2013-12-08 13:16 - 2013-11-25 20:37 - 00000078 _____ C:\Windows\qwimp.ini
2013-12-08 10:14 - 2007-10-03 17:54 - 00000000 ____D C:\Users\Amanda\AppData\Local\Google
2013-12-07 13:04 - 2013-12-07 13:04 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\AVAST Software
2013-12-07 13:02 - 2013-04-09 11:14 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-07 13:02 - 2013-04-09 11:14 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-07 13:02 - 2013-04-09 11:14 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-07 13:02 - 2013-04-09 11:14 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-07 13:02 - 2013-04-09 11:14 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-07 13:02 - 2013-04-09 11:14 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-07 13:02 - 2013-04-09 11:14 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-12-07 13:02 - 2013-04-09 11:14 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-07 13:02 - 2013-04-09 11:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-07 13:02 - 2013-04-09 11:14 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-07 13:00 - 2011-02-25 17:28 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-07 13:00 - 2006-11-02 04:23 - 00002577 _____ C:\Windows\system32\config.nt
2013-12-07 12:58 - 2007-09-21 21:53 - 00000000 ____D C:\Users\Amanda\AppData\Local\Adobe
2013-12-07 09:39 - 2010-05-10 16:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-02 11:03 - 2013-11-25 22:40 - 00002573 _____ C:\Users\Amanda\Desktop\Word 2010.lnk
2013-12-02 10:16 - 2009-05-19 17:30 - 00000000 ____D C:\Users\Amanda\Desktop\not my stuff
2013-12-01 14:42 - 2006-11-02 04:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-01 14:18 - 2013-04-18 15:58 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-11-26 21:14 - 2013-11-26 21:13 - 00000000 ___RD C:\Users\Amanda\Desktop\Misc Stuff
2013-11-26 21:14 - 2013-11-25 14:34 - 00000125 ___SH C:\ProgramData\.zreglib
2013-11-26 21:06 - 2013-11-26 21:06 - 00000254 _____ C:\Users\Amanda\Downloads\CloneDVD_Key_13241712.CloneDVD
2013-11-26 21:06 - 2013-11-26 21:06 - 00000000 ____D C:\ProgramData\Elaborate Bytes
2013-11-26 11:37 - 2013-11-26 11:37 - 00000856 _____ C:\Users\Public\Desktop\AnyDVD.lnk
2013-11-26 00:09 - 2006-11-02 04:23 - 00450664 ____R C:\Windows\system32\Drivers\etc\hosts.20131207-123033.backup
2013-11-26 00:08 - 2013-11-26 00:09 - 00450664 ____R C:\Windows\system32\Drivers\etc\hosts.20131126-000924.backup
2013-11-25 23:15 - 2013-11-25 23:15 - 00000954 _____ C:\Users\Public\Desktop\CloneDVD2.lnk
2013-11-25 23:15 - 2013-11-25 14:34 - 00000000 ____D C:\Program Files\Elaborate Bytes
2013-11-25 22:52 - 2013-11-25 22:47 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-11-25 22:47 - 2013-11-25 22:47 - 00001920 _____ C:\Users\Public\Desktop\Spybot-S&D.lnk
2013-11-25 20:22 - 2007-07-10 12:53 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-11-25 20:21 - 2013-11-25 20:21 - 00001547 _____ C:\Users\Public\Desktop\Quicken 2004.lnk
2013-11-25 20:21 - 2013-11-25 20:21 - 00000000 ____D C:\Program Files\Common Files\Palo Alto Software
2013-11-25 20:21 - 2013-11-25 20:21 - 00000000 ____D C:\Program Files\Common Files\Intuit
2013-11-25 14:54 - 2013-11-25 14:44 - 05185720 _____ C:\Users\Amanda\Downloads\SetupCloneDVD2.exe
2013-11-25 14:53 - 2007-09-14 21:01 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\Real
2013-11-25 14:34 - 2013-11-25 14:34 - 00000000 ____D C:\Users\Amanda\Documents\AnyDVDHD
2013-11-25 14:33 - 2013-11-25 14:33 - 00000000 ____D C:\ProgramData\SlySoft
2013-11-25 14:33 - 2013-11-25 14:33 - 00000000 ____D C:\Program Files\SlySoft
2013-11-25 14:05 - 2013-11-25 14:05 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\WinArchiver
2013-11-25 14:01 - 2012-11-13 17:49 - 00126192 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-11-25 12:25 - 2013-11-25 12:25 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-11-25 12:25 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\MSBuild
2013-11-25 12:25 - 2006-11-02 05:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Windows\PCHEALTH
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2013-11-25 12:24 - 2013-11-25 12:24 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-11-25 12:24 - 2013-11-25 12:22 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-25 12:24 - 2007-07-10 13:22 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-11-25 12:24 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\ShellNew
2013-11-25 12:22 - 2013-11-25 12:22 - 00000000 __RHD C:\MSOCache
2013-11-25 12:22 - 2013-11-25 12:22 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2013-11-25 12:22 - 2013-11-25 12:22 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2013-11-25 12:22 - 2006-11-02 05:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-25 12:22 - 2006-11-02 04:23 - 00000219 _____ C:\Windows\win.ini
2013-11-25 12:10 - 2013-11-25 12:10 - 00000000 ____D C:\Users\Amanda\AppData\Roaming\PowerISO

Some content of TEMP:
====================
C:\Users\Amanda\AppData\Local\Temp\oi_{F3BF27F9-8D33-46E7-98B2-5247B095AE48}.exe
C:\Users\Amanda\AppData\Local\Temp\PCPerformerSetup.exe
C:\Users\Amanda\AppData\Local\Temp\shieldsetup.exe
C:\Users\Amanda\AppData\Local\Temp\tbappb.dll
C:\Users\Amanda\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-15 12:06

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-12-2013
Ran by Amanda at 2013-12-15 17:47:46
Running from C:\Users\Amanda\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Leawo DVD Creator version  2.6.0.0
Adobe AIR (Version: 1.5.2.8870)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 8.1.1 (Version: 8.1.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
AnyDVD (Version: 7.3.7.0)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 9.0.2008)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.04)
CloneDVD2 (Version: 2.9.3.0)
Connect (Version: 1.0.0.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Enhanced Multimedia Keyboard Solution
Epson Event Manager (Version: 2.40.0004)
eReg (Version: 1.20.138.34)
FlipShare (Version: 4.1.0.33644)
Google Earth (Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.22.3)
Google Updater (Version: 2.4.1591.6512)
HP Customer Experience Enhancements (Version: 5.1.0.2264)
HP Customer Feedback (Version: 1.0.0)
HP Easy Setup - Frontend (Version: 5.1.0.2269)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0 (Version: 2.0)
HP Photosmart Essential2.5 (Version: 1.00.0000)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Total Care Advisor (Version: 1.1.17)
HP Update (Version: 5.003.001.001)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 37 (Version: 6.0.370)
Java™ 6 Update 5 (Version: 1.6.0.50)
K-Lite Codec Pack 6.1.0 (Basic) (Version: 6.1.0)
kuler (Version: 2.0)
LightScribe  1.4.142.1 (Version: 1.4.142.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ Run Time  Lib Setup (Version: 1.0.0)
Microsoft Works (Version: 08.05.0818)
Move Media Player
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPCMPQ1701)
NVIDIA Drivers (Version: 1.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PaperPort (Version: 9.02.0814)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
PSSWCORE (Version: 2.00.5000)
Python 2.4.3 (Version: 2.4.3150)
Quicken 2004 (Version: 13.00.0000)
QuickTime (Version: 7.73.80.64)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.559)
Snapfish Media Detector (Version: 1.7.0.15)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
Sony Picture Utility (Version: 2.0.06.13151)
Sony USB Driver (Version: 2.00)
Speccy (Version: 1.24)
Spybot - Search & Destroy (Version: 2.2.25)
Starry Night Pro
Suite Shared Configuration CS4 (Version: 1.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Yahoo! ¤u¨ã¦C
Yahoo! Install Manager
Yahoo! Widgets (Version: 4.5.2.0)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 04:23 - 2013-12-07 12:30 - 00450664 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {3AAAF630-5A31-46FC-9983-9B9F22573DEF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Amanda => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4E230A96-87F7-4864-AD1E-078EBC8F7136} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6D177D8A-15C7-44B7-9073-547BA4E5B693} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {730DD6D9-D1DD-4051-86D7-CFC5C441D9E6} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7D69E3D4-96CB-46DD-AF34-F42A19910D23} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8C2355E5-5514-4AFF-9D0D-C5D9AD166FC1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-07] (AVAST Software)
Task: {8E032FB1-EFA6-4436-A50A-7D52D2B5F0A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-25] (Google Inc.)
Task: {91E5B218-2AFC-464F-84A9-8779EA11F2D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {995C6FD4-A714-4409-BE5C-E8646A9A6C61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {9BAFC15B-7F42-4C07-8BF3-1620608F9D5D} - \Microsoft\Windows Defender\MP Scheduled Signature Update No Task File
Task: {A1868F64-ED08-49A9-9F86-F62ED855AFFD} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {ACA3FE64-2BA5-4FC6-B010-C91C73F919D5} - System32\Tasks\HPCeeScheduleForAmanda => C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-03-07] (Hewlett-Packard)
Task: {B1632F5A-E6F2-42B8-ABF7-6F1AEBAD4ABD} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25] (Google)
Task: {B28C4408-011E-4DE3-AE84-2C13E130A4D0} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1400775539-2395408986-3811654977-1000 => Rundll32.exe portabledeviceapi.dll,#1
Task: {C0F49970-DD52-4B0B-A74D-5EDAD8664272} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {E303AB2F-ACC2-46F2-95C2-5E51ABA81B0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-25] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {F509B8D9-C330-42FC-89AA-20D2C1BB63DD} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Google Software Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAmanda.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-25 22:47 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-25 22:47 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-07 13:02 - 2013-12-07 13:02 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-01-08 16:50 - 2008-01-08 16:50 - 00349147 _____ () C:\Program Files\Yahoo!\Widgets\sqlite3.dll
2008-03-18 18:21 - 2008-03-18 18:21 - 00512000 _____ () C:\Program Files\Yahoo!\Widgets\js32.dll
2008-03-18 18:21 - 2008-03-18 18:21 - 00094208 _____ () C:\Program Files\Yahoo!\Widgets\jsd.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2013 01:19:06 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x8000ffff).

Error: (12/15/2013 01:19:06 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x8000ffff).

Error: (12/15/2013 01:19:06 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80004002.

Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (12/15/2013 01:19:06 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.

Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (12/15/2013 01:19:06 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154.

Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (12/15/2013 01:19:06 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered.  This will prevent any
VSS writers from receiving events.  This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.

Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (12/15/2013 00:07:59 PM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (12/15/2013 00:07:59 PM) (Source: LoadPerf) (User: )
Description: Performance16

Error: (12/15/2013 11:19:45 AM) (Source: LoadPerf) (User: )
Description: WmiApRplWmiApRpl8

Error: (12/15/2013 11:19:45 AM) (Source: LoadPerf) (User: )
Description: Performance16

System errors:
=============
Error: (12/15/2013 05:38:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (12/15/2013 05:37:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/15/2013 05:28:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (12/15/2013 05:27:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/15/2013 05:17:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (12/15/2013 05:17:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/15/2013 05:07:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (12/15/2013 05:07:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/15/2013 04:57:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (12/15/2013 04:57:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (12/15/2013 01:19:06 PM) (Source: System Restore)(User: )
Description: 0x8000ffff

Error: (12/15/2013 01:19:06 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8000ffff

Error: (12/15/2013 01:19:06 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80004002

Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (12/15/2013 01:19:06 PM) (Source: VSS)(User: )
Description: Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (12/15/2013 01:19:06 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154

Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (12/15/2013 01:19:06 PM) (Source: VSS)(User: )
Description: Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (12/15/2013 00:07:59 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (12/15/2013 00:07:59 PM) (Source: LoadPerf)(User: )
Description: Performance16

Error: (12/15/2013 11:19:45 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl8

Error: (12/15/2013 11:19:45 AM) (Source: LoadPerf)(User: )
Description: Performance16

CodeIntegrity Errors:
===================================
  Date: 2013-12-15 17:47:30.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 17:47:29.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 17:47:29.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 17:47:28.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 17:47:27.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 17:47:27.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 17:47:26.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-15 17:47:25.997
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-14 16:17:41.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-14 16:17:40.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 3453.57 MB
Available physical RAM: 2265.19 MB
Total Pagefile: 7131.63 MB
Available Pagefile: 5909.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.77 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:903.86 GB) (Free:634.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:27.65 GB) (Free:19.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=904 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=28 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 15 December 2013 - 08:09 PM

Please do this next:
 
icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK 
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
  •  
    icon11.gif  Download Combofix from HERE, and save it to your desktop.  
     
    **Note:  It is important that it is saved directly to your desktop**
     
    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
    --------------------------------------------------------------------
     
    Double click on ComboFix.exe & follow the prompts. 
    • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
  • .
    Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.
     
    Please include the following in your next post:
    • TDSSKiller log
  • ComboFix log

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #6 Firefightertom1

    Firefightertom1
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Local time:06:11 AM

    Posted 15 December 2013 - 10:52 PM

    21:00:12.0884 0x10ec  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
    21:00:22.0930 0x10ec  ============================================================
    21:00:22.0930 0x10ec  Current date / time: 2013/12/15 21:00:22.0930
    21:00:22.0930 0x10ec  SystemInfo:
    21:00:22.0930 0x10ec 
    21:00:22.0930 0x10ec  OS Version: 6.0.6002 ServicePack: 2.0
    21:00:22.0930 0x10ec  Product type: Workstation
    21:00:22.0930 0x10ec  ComputerName: TOMMY-PC
    21:00:22.0930 0x10ec  UserName: Amanda
    21:00:22.0930 0x10ec  Windows directory: C:\Windows
    21:00:22.0930 0x10ec  System windows directory: C:\Windows
    21:00:22.0930 0x10ec  Processor architecture: Intel x86
    21:00:22.0930 0x10ec  Number of processors: 2
    21:00:22.0930 0x10ec  Page size: 0x1000
    21:00:22.0930 0x10ec  Boot type: Normal boot
    21:00:22.0930 0x10ec  ============================================================
    21:00:23.0024 0x10ec  KLMD registered as C:\Windows\system32\drivers\95129893.sys
    21:00:23.0164 0x10ec  System UUID: {A1A43C39-A82E-91A6-8086-289B5C600DB0}
    21:00:23.0757 0x10ec  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:00:23.0819 0x10ec  ============================================================
    21:00:23.0819 0x10ec  \Device\Harddisk0\DR0:
    21:00:23.0819 0x10ec  MBR partitions:
    21:00:23.0819 0x10ec  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x70FB6BE8
    21:00:23.0819 0x10ec  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x70FB6C27, BlocksNum 0x374ED9A
    21:00:23.0819 0x10ec  ============================================================
    21:00:23.0866 0x10ec  C: <-> \Device\Harddisk0\DR0\Partition1
    21:00:23.0897 0x10ec  D: <-> \Device\Harddisk0\DR0\Partition2
    21:00:23.0897 0x10ec  ============================================================
    21:00:23.0897 0x10ec  Initialize success
    21:00:23.0897 0x10ec  ============================================================
    21:00:48.0304 0x11a0  ============================================================
    21:00:48.0304 0x11a0  Scan started
    21:00:48.0304 0x11a0  Mode: Manual; TDLFS;
    21:00:48.0304 0x11a0  ============================================================
    21:00:48.0304 0x11a0  KSN ping started
    21:01:04.0395 0x11a0  KSN ping finished: true
    21:01:04.0707 0x11a0  ================ Scan system memory ========================
    21:01:04.0707 0x11a0  Scan was interrupted by user!
    21:01:04.0753 0x11a0  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2008.177 ), 0x41000 ( enabled : updated )
    21:01:04.0753 0x11a0  Win FW state via NFP2: enabled
    21:01:10.0323 0x11a0  ============================================================
    21:01:10.0323 0x11a0  Scan finished
    21:01:10.0323 0x11a0  ============================================================
    21:01:10.0338 0x11ac  Detected object count: 0
    21:01:10.0338 0x11ac  Actual detected object count: 0
    21:01:16.0329 0x0764  Deinitialize success
     

    ComboFix 13-12-13.01 - Amanda 12/15/2013  21:20:55.1.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3454.2258 [GMT -6:00]
    Running from: c:\users\Amanda\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Amanda\5-8.jpg
    c:\users\Amanda\86.gif
    c:\windows\$NtUninstallKB9283$
    c:\windows\$NtUninstallKB9283$\1110599281\@
    c:\windows\$NtUninstallKB9283$\1110599281\Desktop.ini
    c:\windows\$NtUninstallKB9283$\1110599281\L\00000004.@
    c:\windows\$NtUninstallKB9283$\1110599281\L\201d3dde
    c:\windows\$NtUninstallKB9283$\1110599281\L\76603ac3
    c:\windows\$NtUninstallKB9283$\1110599281\L\lqtfmuya
    c:\windows\$NtUninstallKB9283$\1110599281\U\00000004.@
    c:\windows\$NtUninstallKB9283$\1110599281\U\00000008.@
    c:\windows\$NtUninstallKB9283$\1110599281\U\000000cb.@
    c:\windows\$NtUninstallKB9283$\1110599281\U\80000000.@
    c:\windows\$NtUninstallKB9283$\1110599281\U\80000032.@
    c:\windows\$NtUninstallKB9283$\784951127
    c:\windows\system32\service
    c:\windows\system32\service\14052009_TIS17_SfFniAU.log
    c:\windows\system32\service\15072010_TIS17_SfFniAU.log
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-11-16 to 2013-12-16  )))))))))))))))))))))))))))))))
    .
    .
    2013-12-16 03:30 . 2013-12-16 03:34 -------- d-----w- c:\users\Amanda\AppData\Local\temp
    2013-12-16 03:30 . 2013-12-16 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-16 03:03 . 2013-12-16 03:03 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-12-16 03:02 . 2013-12-16 03:02 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-12-15 23:46 . 2013-12-15 23:46 -------- d-----w- C:\FRST
    2013-12-14 22:02 . 2013-12-14 22:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-12-14 22:01 . 2013-12-14 22:15 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-14 21:15 . 2013-12-14 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-12-14 21:15 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-14 19:27 . 2013-12-14 19:27 -------- d-----w- c:\program files\wrapper_inst
    2013-12-14 19:26 . 2013-12-14 19:26 -------- d-----w- c:\users\Amanda\AppData\Roaming\LavasoftStatistics
    2013-12-14 19:25 . 2013-12-14 19:25 -------- d-----w- c:\users\Amanda\AppData\Roaming\SearchProtect
    2013-12-14 19:25 . 2013-12-14 19:25 -------- d-----w- c:\program files\Conduit
    2013-12-14 19:25 . 2013-12-14 21:36 -------- d-----w- c:\programdata\Conduit
    2013-12-14 19:25 . 2013-12-14 19:28 -------- d-----w- c:\users\Amanda\AppData\Local\Conduit
    2013-12-13 18:49 . 2013-12-13 18:49 -------- d-----w- c:\program files\Microsoft Silverlight
    2013-12-13 18:49 . 2013-12-13 18:49 -------- d-----w- C:\history
    2013-12-13 18:40 . 2013-12-14 00:47 -------- d-----w- c:\program files\Microsoft
    2013-12-13 15:53 . 2013-12-13 15:53 -------- d-----w- c:\windows\CheckSur
    2013-12-12 17:35 . 2013-12-13 15:05 -------- d-----w- c:\program files\Speccy
    2013-12-12 08:04 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
    2013-12-12 08:04 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
    2013-12-12 08:04 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
    2013-12-12 08:04 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
    2013-12-12 08:04 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
    2013-12-12 08:04 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
    2013-12-12 08:04 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
    2013-12-12 08:04 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
    2013-12-12 08:04 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
    2013-12-12 08:04 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
    2013-12-09 17:22 . 2013-12-09 17:22 1700352 ----a-w- c:\windows\system32\gdiplus.dll
    2013-12-09 16:39 . 2013-12-15 01:25 -------- d-----w- c:\programdata\COMODO
    2013-12-09 16:38 . 2013-12-09 16:38 -------- d-----w- c:\users\Amanda\AppData\Local\Comodo
    2013-12-09 16:38 . 2013-12-15 01:23 -------- d-----w- c:\program files\Comodo
    2013-12-09 14:58 . 2013-12-09 14:58 -------- d-----w- c:\windows\Migration
    2013-12-09 06:50 . 2013-12-12 09:21 -------- d-----w- c:\windows\system32\MRT
    2013-12-09 06:48 . 2013-07-04 04:21 532480 ----a-w- c:\windows\system32\comctl32.dll
    2013-12-09 06:48 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2013-12-09 06:48 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2013-12-09 06:48 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2013-12-09 06:48 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2013-12-09 03:05 . 2013-12-09 03:05 -------- d-----w- c:\users\Amanda\AppData\Local\ElevatedDiagnostics
    2013-12-08 20:04 . 2013-12-08 20:20 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
    2013-12-08 19:49 . 2013-12-08 19:49 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-12-08 19:49 . 2013-12-08 19:49 -------- d-----w- c:\users\Amanda\AppData\Local\SlimWare Utilities Inc
    2013-12-08 19:49 . 2013-12-09 04:55 -------- d-----w- c:\program files\DriverUpdate
    2013-12-07 19:04 . 2013-12-07 19:04 -------- d-----w- c:\users\Amanda\AppData\Roaming\AVAST Software
    2013-11-27 03:06 . 2013-11-27 03:06 -------- d-----w- c:\programdata\Elaborate Bytes
    2013-11-26 04:47 . 2013-11-26 04:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-11-26 02:21 . 2013-11-26 02:21 -------- d-----w- c:\program files\Common Files\Palo Alto Software
    2013-11-26 02:21 . 2013-11-26 02:21 -------- d-----w- c:\program files\Common Files\Intuit
    2013-11-26 02:21 . 2013-12-15 17:35 -------- d-----w- c:\program files\Quicken
    2013-11-25 20:34 . 2013-11-26 05:15 -------- d-----w- c:\program files\Elaborate Bytes
    2013-11-25 20:33 . 2013-11-25 20:33 -------- d-----w- c:\programdata\SlySoft
    2013-11-25 20:33 . 2013-11-25 20:33 -------- d-----w- c:\program files\SlySoft
    2013-11-25 20:05 . 2013-11-25 20:05 -------- d-----w- c:\users\Amanda\AppData\Roaming\WinArchiver
    2013-11-25 18:24 . 2013-11-25 18:24 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2013-11-25 18:24 . 2013-11-25 18:24 -------- d-----w- c:\windows\PCHEALTH
    2013-11-25 18:24 . 2013-11-25 18:24 -------- d-----w- c:\program files\Microsoft Sync Framework
    2013-11-25 18:24 . 2013-11-25 18:24 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2013-11-25 18:22 . 2013-11-25 18:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2013-11-25 18:22 . 2013-11-25 18:22 -------- d-----w- c:\program files\Microsoft Analysis Services
    2013-11-25 18:22 . 2013-11-25 18:22 -------- d-----r- C:\MSOCache
    2013-11-25 18:10 . 2013-11-25 18:10 -------- d-----w- c:\users\Amanda\AppData\Roaming\PowerISO
    2013-11-25 18:07 . 2013-12-14 21:36 -------- d-----w- c:\program files\Bench
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-10 22:21 . 2013-04-18 19:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-12-10 22:21 . 2013-04-18 19:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-12-07 19:02 . 2013-04-09 17:14 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-12-07 19:02 . 2013-04-09 17:14 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-12-07 19:02 . 2013-04-09 17:14 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-12-07 19:02 . 2013-04-09 17:14 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-12-07 19:02 . 2013-04-09 17:14 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-12-07 19:02 . 2013-04-09 17:14 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-12-07 19:02 . 2013-04-09 17:14 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-07 19:02 . 2013-04-09 17:14 269216 ----a-w- c:\windows\system32\aswBoot.exe
    2013-12-07 19:02 . 2013-04-09 17:14 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-07 19:02 . 2013-04-09 17:14 43152 ----a-w- c:\windows\avastSS.scr
    2013-11-09 21:38 . 2013-11-09 21:38 120488 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2013-10-30 02:13 . 2006-11-02 10:25 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
    2013-09-30 23:38 . 2013-09-30 23:38 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll
    2013-09-20 16:49 . 2013-04-18 21:58 18968 ----a-w- c:\windows\system32\sdnclean.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-12-07 19:02 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 13797992]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-07 3568312]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
    .
    c:\users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-18 22:21]
    .
    2013-12-16 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-11-26 16:57]
    .
    2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 16:34]
    .
    2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 16:34]
    .
    2011-05-16 c:\windows\Tasks\HPCeeScheduleForAmanda.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-10 18:56]
    .
    2013-12-11 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-11-26 16:49]
    .
    2013-12-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-11-26 16:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 172.16.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-12-15 21:33
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4016)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\ehome\ehRecvr.exe
    c:\windows\ehome\ehsched.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
    c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2013-12-15  21:40:22 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-12-16 03:40
    .
    Pre-Run: 681,522,774,016 bytes free
    Post-Run: 682,059,493,376 bytes free
    .
    - - End Of File - - 115EC1A2B1777F2C2A9E53737876919B
    8913823FF508CCF109DB74B636C301DA
     



    #7 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:08:11 AM

    Posted 15 December 2013 - 11:33 PM

    Please do this next:
    icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

    Open MBAM
    • Click the Update tab
    • Click Check for Updates
    • If an update is found, it will download and install the latest version.
    • The program will close to update and reopen.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
    • Make sure that everything else is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

    Please include the following in your next post:
    • adwCleaner log
    • MBAM log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #8 Firefightertom1

    Firefightertom1
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Local time:06:11 AM

    Posted 16 December 2013 - 02:11 AM

    # AdwCleaner v3.015 - Report created 15/12/2013 at 23:34:36
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
    # Username : Amanda - TOMMY-PC
    # Running from : C:\Users\Amanda\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Windows\System32\Tasks\NCH Software
    Folder Found C:\Program Files\Bench
    Folder Found C:\Program Files\Conduit
    Folder Found C:\ProgramData\AVG SafeGuard toolbar
    Folder Found C:\ProgramData\Conduit
    Folder Found C:\ProgramData\NCH Software
    Folder Found C:\Users\Amanda\AppData\Local\Conduit
    Folder Found C:\Users\Amanda\AppData\LocalLow\Conduit
    Folder Found C:\Users\Amanda\AppData\LocalLow\PriceGong
    Folder Found C:\Users\Amanda\AppData\Roaming\NCH Software
    Folder Found C:\Users\Amanda\AppData\Roaming\Searchprotect

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\Search Settings
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AVG SafeGuard toolbar
    Key Found : HKCU\Software\Classes\pokki
    Key Found : HKCU\Software\Iminent
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\NCH Software
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279418
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A32C0542-50F1-4454-A85A-E53E8C9BD0C7}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Found : HKLM\Software\PerformerSoft

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526

    *************************

    AdwCleaner[R0].txt - [8317 octets] - [15/12/2013 23:26:38]
    AdwCleaner[R1].txt - [8373 octets] - [15/12/2013 23:29:48]
    AdwCleaner[R2].txt - [8291 octets] - [15/12/2013 23:34:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [8351 octets] ##########

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.16.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Amanda :: TOMMY-PC [administrator]

    12/15/2013 11:39:03 PM
    mbam-log-2013-12-15 (23-39-03).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 455877
    Time elapsed: 1 hour(s), 16 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    #9 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:08:11 AM

    Posted 16 December 2013 - 01:51 PM

    How is your computer running now?  Please do this next:

    icon11.gif  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.  Please go to www.java.com and press the "Free Java Download" button near the center of the page.  Follow the prompts to install the latest version. Once it completes a web page should open that will verify that you have the latest version.  Below that is a box with a link to remove older, insecure versions.  Click that and follow the prompts.

    icon11.gif  Double click on AdwCleaner.exe to run the tool again.

    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
      <-Uncheck any items related to toolbars or software that you wish to keep->
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

    Please include the following in your next post:
    • How is the computer running now?
    • adwCleaner log
    • ESET log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #10 Firefightertom1

    Firefightertom1
    • Topic Starter

    • Members
    • 13 posts
    • OFFLINE
    •  
    • Local time:06:11 AM

    Posted 18 December 2013 - 11:41 AM

    Sorry for the delayed response. My computer has lot improved. I still cannot backup, set a restore point, or update security updates. Her are the logs you requested. Both came back with no infections found?

     

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
     

     

    # AdwCleaner v3.015 - Report created 15/12/2013 at 23:34:36
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
    # Username : Amanda - TOMMY-PC
    # Running from : C:\Users\Amanda\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Windows\System32\Tasks\NCH Software
    Folder Found C:\Program Files\Bench
    Folder Found C:\Program Files\Conduit
    Folder Found C:\ProgramData\AVG SafeGuard toolbar
    Folder Found C:\ProgramData\Conduit
    Folder Found C:\ProgramData\NCH Software
    Folder Found C:\Users\Amanda\AppData\Local\Conduit
    Folder Found C:\Users\Amanda\AppData\LocalLow\Conduit
    Folder Found C:\Users\Amanda\AppData\LocalLow\PriceGong
    Folder Found C:\Users\Amanda\AppData\Roaming\NCH Software
    Folder Found C:\Users\Amanda\AppData\Roaming\Searchprotect

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\Search Settings
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AVG SafeGuard toolbar
    Key Found : HKCU\Software\Classes\pokki
    Key Found : HKCU\Software\Iminent
    Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\NCH Software
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279418
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A32C0542-50F1-4454-A85A-E53E8C9BD0C7}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Found : HKLM\Software\PerformerSoft

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526

    *************************

    AdwCleaner[R0].txt - [8317 octets] - [15/12/2013 23:26:38]
    AdwCleaner[R1].txt - [8373 octets] - [15/12/2013 23:29:48]
    AdwCleaner[R2].txt - [8291 octets] - [15/12/2013 23:34:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [8351 octets] ##########



    #11 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:08:11 AM

    Posted 18 December 2013 - 08:32 PM

    You chose not to remove any of those adwCleaner detections. Was that intentional?  If so, that is fine.  If not, take another look at my last instructions for that tool and confirm that you followed them correctly.  Please do this next:

    icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and locate the plugins folder
    • In that folder you will find fixdamage.exe - Please run it, reboot, then see if you can use system restore and Windows Update.

     

    Please include the following in your next post:

    • adwCleaner log
    • Advise on the status of system restore and Windows Updates

     


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #12 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:08:11 AM

    Posted 31 December 2013 - 10:06 AM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users