Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Zeroaccess Variation / Rootkit, Trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 badkore

badkore

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 18 December 2013 - 12:22 AM

I was informed that my dads system was infected by something, he attempted repair and was unable to do it so I am requesting assistance.  I am currently installing Microsoft Security Essentials as he had no antivirus.

 

Here is my DDS as of this moment.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.45.2
Run by jd thornton at 21:19:49 on 2013-12-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3003.1288 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WALLPA~1.LNK - C:\Program Files (x86)\AzureBay\AzureBay Screen Saver\WPChanger.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E3B03CB4-3A5A-4CE4-9FB6-AA6096CD1EA5} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E3B03CB4-3A5A-4CE4-9FB6-AA6096CD1EA5}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{E3B03CB4-3A5A-4CE4-9FB6-AA6096CD1EA5}\35A434F454D27457563747 : DHCPNameServer = 204.129.128.10
TCP: Interfaces\{E3B03CB4-3A5A-4CE4-9FB6-AA6096CD1EA5}\4527166756C6F6467656 : DHCPNameServer = 216.86.176.70 216.86.176.71
TCP: Interfaces\{E3B03CB4-3A5A-4CE4-9FB6-AA6096CD1EA5}\84F6A4F65487072756373735561637964656 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{E3B03CB4-3A5A-4CE4-9FB6-AA6096CD1EA5}\A444D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E3B03CB4-3A5A-4CE4-9FB6-AA6096CD1EA5}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-5 144896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-20 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-27 1088544]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-12-18 04:04:46 -------- d-----w- C:\FRST
2013-12-18 03:55:59 -------- d-----w- C:\Users\jd thornton\AppData\Local\Google
2013-12-18 03:55:16 -------- d-----w- C:\Users\jd thornton\AppData\Local\Apps
2013-12-18 03:55:15 -------- d-----w- C:\Users\jd thornton\AppData\Local\Deployment
2013-12-18 03:32:37 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-12-18 02:26:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-18 02:26:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 02:22:25 -------- d-----w- C:\ProgramData\Oracle
2013-12-18 02:21:52 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 02:17:28 -------- d-----w- C:\Program Files\CCleaner
2013-12-18 01:56:42 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-12-18 01:53:52 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-18 01:07:08 98816 ----a-w- C:\Windows\sed.exe
2013-12-18 01:07:08 256000 ----a-w- C:\Windows\PEV.exe
2013-12-18 01:07:08 208896 ----a-w- C:\Windows\MBR.exe
2013-12-18 00:54:42 -------- d-----w- C:\Windows\ERUNT
2013-12-18 00:35:29 -------- d-----w- C:\Program Files (x86)\ESET
2013-12-18 00:24:00 -------- d-----w- C:\AdwCleaner
2013-12-18 00:21:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-18 00:11:06 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2013-12-17 23:34:30 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D8B5F9F-F8EE-48CC-8454-178B9DB8B5D2}\mpengine.dll
2013-12-17 23:18:02 -------- d-----w- C:\Users\jd thornton\AppData\Roaming\Malwarebytes
2013-12-17 23:17:54 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-17 23:17:45 -------- d-----w- C:\Users\jd thornton\AppData\Local\Programs
.
==================== Find3M  ====================
.
2013-12-18 00:21:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:20:03.59 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 badkore

badkore
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 18 December 2013 - 12:34 AM

I noticed most of the first replies are "Run FarBar" so here that is :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 02
Ran by jd thornton (administrator) on SJCEA1 on 17-12-2013 21:31:25
Running from C:\Users\jd thornton\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AzureBay) C:\Program Files (x86)\AzureBay\AzureBay Screen Saver\WPChanger.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-02-20] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-11-05] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {5720EA13-D46D-465F-A38D-0749C736B62F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {5720EA13-D46D-465F-A38D-0749C736B62F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {5720EA13-D46D-465F-A38D-0749C736B62F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\jd thornton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\jd thornton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\jd thornton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\jd thornton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\jd thornton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\jd thornton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-17 21:31 - 2013-12-17 21:31 - 00009444 _____ C:\Users\jd thornton\Downloads\FRST.txt
2013-12-17 21:21 - 2013-12-17 21:21 - 00003539 _____ C:\Users\jd thornton\Desktop\attach.zip
2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\Users\jd thornton\AppData\Roaming\WinRAR
2013-12-17 21:20 - 2013-12-17 21:20 - 00014525 _____ C:\Users\jd thornton\Desktop\dds.txt
2013-12-17 21:20 - 2013-12-17 21:20 - 00012443 _____ C:\Users\jd thornton\Desktop\attach.txt
2013-12-17 21:19 - 2013-12-17 21:19 - 00688992 ____R (Swearware) C:\Users\jd thornton\Downloads\dds.com
2013-12-17 21:17 - 2013-12-17 21:18 - 01928214 _____ (Farbar) C:\Users\jd thornton\Downloads\FRST64.exe
2013-12-17 21:15 - 2013-12-17 21:15 - 00000000 ____D C:\Users\jd thornton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-17 21:15 - 2013-12-17 21:15 - 00000000 ____D C:\Program Files\WinRAR
2013-12-17 21:09 - 2013-12-17 21:10 - 02347384 _____ (ESET) C:\Users\jd thornton\Downloads\esetsmartinstaller_enu.exe
2013-12-17 21:08 - 2013-12-17 21:12 - 13670584 _____ (Microsoft Corporation) C:\Users\jd thornton\Downloads\mseinstall.exe
2013-12-17 20:22 - 2013-12-17 21:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-17 20:22 - 2013-12-17 20:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-17 20:22 - 2013-12-17 20:22 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-17 20:04 - 2013-12-17 20:04 - 00000000 ____D C:\FRST
2013-12-17 20:02 - 2013-12-17 20:02 - 00002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-17 19:56 - 2013-12-17 20:27 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-17 19:55 - 2013-12-17 20:02 - 00000000 ____D C:\Users\jd thornton\AppData\Local\Google
2013-12-17 19:55 - 2013-12-17 20:02 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 19:55 - 2013-12-17 19:55 - 00000000 ____D C:\Users\jd thornton\AppData\Local\Deployment
2013-12-17 19:55 - 2013-12-17 19:55 - 00000000 ____D C:\Users\jd thornton\AppData\Local\Apps\2.0
2013-12-17 19:32 - 2013-12-17 19:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-17 19:06 - 2013-12-17 20:17 - 00002688 _____ C:\Windows\PFRO.log
2013-12-17 19:06 - 2013-12-17 20:17 - 00000224 _____ C:\Windows\setupact.log
2013-12-17 19:06 - 2013-12-17 19:06 - 00000000 _____ C:\Windows\setuperr.log
2013-12-17 18:26 - 2013-12-17 18:26 - 00001065 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-17 18:26 - 2013-12-17 18:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-17 18:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-17 18:23 - 2013-12-17 18:23 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\ProgramData\Oracle
2013-12-17 18:22 - 2013-12-17 18:21 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-17 18:21 - 2013-12-17 18:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-17 18:21 - 2013-12-17 18:21 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-17 18:21 - 2013-12-17 18:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-17 18:21 - 2013-12-17 18:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-17 18:17 - 2013-12-17 18:17 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-17 18:17 - 2013-12-17 18:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-17 18:17 - 2013-12-17 18:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-17 18:14 - 2013-12-17 18:14 - 01069568 _____ (Solid State Networks) C:\Users\jd thornton\Desktop\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
2013-12-17 17:56 - 2013-12-17 17:56 - 00001220 _____ C:\Users\jd thornton\Desktop\Revo Uninstaller.lnk
2013-12-17 17:56 - 2013-12-17 17:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-17 17:53 - 2013-12-17 17:53 - 00013679 _____ C:\ComboFix.txt
2013-12-17 17:22 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-17 17:07 - 2013-12-17 17:53 - 00000000 ____D C:\Qoobox
2013-12-17 17:07 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-17 17:07 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-17 17:07 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-17 17:07 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-17 17:07 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-17 17:07 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-17 17:07 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-17 17:06 - 2013-12-17 17:16 - 00000000 ____D C:\Windows\erdnt
2013-12-17 16:54 - 2013-12-17 16:54 - 00000000 ____D C:\Windows\ERUNT
2013-12-17 16:47 - 2013-12-17 16:48 - 05155004 ____R (Swearware) C:\Users\jd thornton\Desktop\ComboFix.exe
2013-12-17 16:35 - 2013-12-17 18:44 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-17 16:24 - 2013-12-17 20:36 - 00000000 ____D C:\AdwCleaner
2013-12-17 16:21 - 2013-12-17 16:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-17 16:21 - 2013-12-17 16:21 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-17 16:11 - 2013-12-17 16:11 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-12-17 15:18 - 2013-12-17 15:18 - 00000000 ____D C:\Users\jd thornton\AppData\Roaming\Malwarebytes
2013-12-17 15:17 - 2013-12-17 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
 
==================== One Month Modified Files and Folders =======
 
2013-12-17 21:31 - 2013-12-17 21:31 - 00009444 _____ C:\Users\jd thornton\Downloads\FRST.txt
2013-12-17 21:27 - 2013-12-17 20:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-17 21:21 - 2013-12-17 21:21 - 00003539 _____ C:\Users\jd thornton\Desktop\attach.zip
2013-12-17 21:21 - 2013-12-17 21:21 - 00000000 ____D C:\Users\jd thornton\AppData\Roaming\WinRAR
2013-12-17 21:20 - 2013-12-17 21:20 - 00014525 _____ C:\Users\jd thornton\Desktop\dds.txt
2013-12-17 21:20 - 2013-12-17 21:20 - 00012443 _____ C:\Users\jd thornton\Desktop\attach.txt
2013-12-17 21:19 - 2013-12-17 21:19 - 00688992 ____R (Swearware) C:\Users\jd thornton\Downloads\dds.com
2013-12-17 21:18 - 2013-12-17 21:17 - 01928214 _____ (Farbar) C:\Users\jd thornton\Downloads\FRST64.exe
2013-12-17 21:15 - 2013-12-17 21:15 - 00000000 ____D C:\Users\jd thornton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-17 21:15 - 2013-12-17 21:15 - 00000000 ____D C:\Program Files\WinRAR
2013-12-17 21:12 - 2013-12-17 21:08 - 13670584 _____ (Microsoft Corporation) C:\Users\jd thornton\Downloads\mseinstall.exe
2013-12-17 21:10 - 2013-12-17 21:09 - 02347384 _____ (ESET) C:\Users\jd thornton\Downloads\esetsmartinstaller_enu.exe
2013-12-17 20:36 - 2013-12-17 16:24 - 00000000 ____D C:\AdwCleaner
2013-12-17 20:27 - 2013-12-17 19:56 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-17 20:24 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-17 20:24 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-17 20:22 - 2013-12-17 20:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-17 20:22 - 2013-12-17 20:22 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-17 20:22 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 20:20 - 2010-04-27 00:19 - 01213702 _____ C:\Windows\WindowsUpdate.log
2013-12-17 20:17 - 2013-12-17 19:06 - 00002688 _____ C:\Windows\PFRO.log
2013-12-17 20:17 - 2013-12-17 19:06 - 00000224 _____ C:\Windows\setupact.log
2013-12-17 20:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-17 20:04 - 2013-12-17 20:04 - 00000000 ____D C:\FRST
2013-12-17 20:02 - 2013-12-17 20:02 - 00002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-17 20:02 - 2013-12-17 19:55 - 00000000 ____D C:\Users\jd thornton\AppData\Local\Google
2013-12-17 20:02 - 2013-12-17 19:55 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-17 19:55 - 2013-12-17 19:55 - 00000000 ____D C:\Users\jd thornton\AppData\Local\Deployment
2013-12-17 19:55 - 2013-12-17 19:55 - 00000000 ____D C:\Users\jd thornton\AppData\Local\Apps\2.0
2013-12-17 19:32 - 2013-12-17 19:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-17 19:06 - 2013-12-17 19:06 - 00000000 _____ C:\Windows\setuperr.log
2013-12-17 18:44 - 2013-12-17 16:35 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-17 18:26 - 2013-12-17 18:26 - 00001065 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-17 18:26 - 2013-12-17 18:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-17 18:25 - 2011-03-12 16:36 - 00000000 ____D C:\Users\jd thornton\AppData\Local\Adobe
2013-12-17 18:23 - 2013-12-17 18:23 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-17 18:23 - 2010-03-24 11:03 - 00000000 ____D C:\ProgramData\Adobe
2013-12-17 18:23 - 2010-03-24 11:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\ProgramData\Oracle
2013-12-17 18:21 - 2013-12-17 18:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-17 18:21 - 2013-12-17 18:21 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-17 18:21 - 2013-12-17 18:21 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-17 18:21 - 2013-12-17 18:21 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-17 18:21 - 2013-12-17 18:21 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-17 18:18 - 2011-07-14 11:15 - 00000000 ____D C:\Users\jd thornton\AppData\Local\CrashDumps
2013-12-17 18:18 - 2011-02-09 19:06 - 00000000 ____D C:\Users\jd thornton\Tracing
2013-12-17 18:18 - 2009-09-06 17:57 - 00000000 ____D C:\Windows\Panther
2013-12-17 18:17 - 2013-12-17 18:17 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-17 18:17 - 2013-12-17 18:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-17 18:17 - 2013-12-17 18:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-17 18:14 - 2013-12-17 18:14 - 01069568 _____ (Solid State Networks) C:\Users\jd thornton\Desktop\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
2013-12-17 17:56 - 2013-12-17 17:56 - 00001220 _____ C:\Users\jd thornton\Desktop\Revo Uninstaller.lnk
2013-12-17 17:56 - 2013-12-17 17:56 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-12-17 17:53 - 2013-12-17 17:53 - 00013679 _____ C:\ComboFix.txt
2013-12-17 17:53 - 2013-12-17 17:07 - 00000000 ____D C:\Qoobox
2013-12-17 17:51 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-17 17:18 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2013-12-17 17:16 - 2013-12-17 17:06 - 00000000 ____D C:\Windows\erdnt
2013-12-17 16:54 - 2013-12-17 16:54 - 00000000 ____D C:\Windows\ERUNT
2013-12-17 16:48 - 2013-12-17 16:47 - 05155004 ____R (Swearware) C:\Users\jd thornton\Desktop\ComboFix.exe
2013-12-17 16:21 - 2013-12-17 16:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-17 16:21 - 2013-12-17 16:21 - 00000000 ____D C:\Windows\system32\Macromed
2013-12-17 16:21 - 2011-08-06 15:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-17 16:11 - 2013-12-17 16:11 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-12-17 15:18 - 2013-12-17 15:18 - 00000000 ____D C:\Users\jd thornton\AppData\Roaming\Malwarebytes
2013-12-17 15:17 - 2013-12-17 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-17 15:08 - 2010-09-26 11:45 - 00000000 ___RD C:\Users\jd thornton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-17 15:08 - 2010-09-26 11:45 - 00000000 ___RD C:\Users\jd thornton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-17 15:07 - 2009-07-13 20:45 - 00390912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-17 13:56 - 2010-10-04 18:49 - 03148854 _____ C:\Users\jd thornton\AppData\Local\AzureBay.bmp
2013-12-17 13:56 - 2010-10-04 18:49 - 02359350 _____ C:\Users\jd thornton\AppData\Local\sswpprep.bmp
2013-12-17 13:56 - 2010-10-04 18:48 - 00000568 _____ C:\Users\jd thornton\AppData\Local\ScreenSaver.ini
2013-12-03 20:05 - 2010-09-26 11:51 - 00000000 ____D C:\Users\jd thornton\AppData\Roaming\HpUpdate
2013-11-19 03:33 - 2011-02-09 18:59 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-02 14:09
 
==================== End Of Log ============================

Attached Files



#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:59 PM

Posted 21 December 2013 - 06:24 PM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Looks like you ran ComboFix as well?  Can you post that log.....it should be located at C:/ComboFix.txt
---------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:59 PM

Posted 23 December 2013 - 06:17 PM

Still with me....


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:59 PM

Posted 26 December 2013 - 08:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users