Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password protected "c:\$Recycle.Bin\" files & Windows Defender failed


  • This topic is locked This topic is locked
59 replies to this topic

#1 wlinz

wlinz

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 02 February 2014 - 08:10 PM

I was fooled into clicking on a link in an email and it opened a download window (save / open) I believe it was a ".zip", but not sure because another window opened over it (before I did anything)saying something like the "location not available", I clicked "OK" on the second window and both windows closed. I checked the download log on Firefox (I was using web based email) and it didn't show any download, I still didn't feel good about this so I ran a "Quick scan" usning Avast anti virus. It came up with no infection but had a list of files, about 85 of them, it could not scan becasue "archive is password protected" in "c:\$Recycle.Bin\". I checked the Recycle Bin and could see none of these files listed. I emptied it... Ran another Avast scan (Full system) and it didn't come up with anything.

I ran Malwarebytes, both Anti Malware and Anti-rootkit, both come up clean

I ran RogueKiller and when it finished, it came up with a couple of things in the "Processes" tab and I clicked "Delete", "Fix Host", "Fix Proxy", "Fix DNS" but didn't realize I needed to check the other tabs, and didn't, so I don't know what else it may have found (I may still have the logs). After that first time running it, each time I tried to run it again, it froze on "dllhost.exe" when it was in the "prescan" mode. I finally got that to stop by deleting it and re downloading it (I have no idea if that was "virus" related or just a bug).
And, every time I open it, I get a pop up that says "Your version is outdated. Please download the new version. Download it on the website? (yes / No)" When I went to the website and downloaded the "New version" I still get the same popup each time I open it. I finally just clicked "No", and I'm able to run it now.

At this point I'm not sure if I have an infection or not, and I figured I better stop and get help before I cause more problems. The one thing I am still getting each time I restart the computer is an error that "Windows Defender failed to initialize".

I see in your "Preparation Guide" to download and run DDS and post logs, so I did so below.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.51.2
Run by Bill at 16:37:36 on 2014-02-02
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3581.1444 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://www.dell.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\bill\appdata\roaming\speckie\bin32\Speckie32.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\bill\appdata\roaming\speckie\bin32\Speckie32.dll
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4D21FE42-E5D2-4372-B08C-6254F43453F0} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{A7B15F38-7D55-4995-BC03-9A506264C39E} : DHCPNameServer = 216.67.192.3 24.121.74.2 66.133.189.215
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages =  scecli psqlpwd
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-6 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-19 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-22 410784]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2011-2-22 73728]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-22 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-22 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\sqlservr.exe [2009-3-30 43010392]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2013-12-31 5341536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-2-2 75480]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2011-2-21 209408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2014-02-02 11:39:33    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-02 11:38:44    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-31 10:17:00    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{809cdaad-37f4-4c22-9345-10348a78e7d3}\mpengine.dll
2014-01-28 07:11:03    --------    d-----w-    c:\users\bill\appdata\roaming\AVAST Software
2014-01-28 06:26:43    --------    d-----w-    c:\programdata\AVAST Software
2014-01-28 05:42:02    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-28 05:30:48    --------    d-----w-    c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2014-01-28 06:56:03    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-28 06:56:03    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-28 06:56:03    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-28 06:56:03    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-28 06:56:02    43152    ----a-w-    c:\windows\avastSS.scr
2014-01-28 05:23:08    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-28 05:23:08    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-18 14:13:56    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-14 22:42:41    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-11-14 22:42:32    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-14 22:35:52    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:38:07.84 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 07 February 2014 - 08:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523010 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 wlinz

wlinz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 08 February 2014 - 02:24 PM

DDS log #2

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.51.2
Run by Bill at 11:17:42 on 2014-02-08
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3581.1231 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://www.dell.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Speckie: {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\bill\appdata\roaming\speckie\bin32\Speckie32.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E6846530-6088-4AA3-932F-C6245CE59A4C} - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - c:\users\bill\appdata\roaming\speckie\bin32\Speckie32.dll
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4D21FE42-E5D2-4372-B08C-6254F43453F0} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{A7B15F38-7D55-4995-BC03-9A506264C39E} : DHCPNameServer = 216.67.192.3 24.121.74.2 66.133.189.215
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages =  scecli psqlpwd
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-6 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-19 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-22 410784]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2011-2-22 73728]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-22 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-22 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\sqlservr.exe [2009-3-30 43010392]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2013-12-31 5341536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-2-2 75480]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2011-2-21 209408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-30 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2014-02-06 03:14:33    --------    d-----w-    c:\users\bill\appdata\local\CrashDumps
2014-02-02 11:39:33    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-02 11:38:44    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-31 10:17:00    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{809cdaad-37f4-4c22-9345-10348a78e7d3}\mpengine.dll
2014-01-28 07:11:03    --------    d-----w-    c:\users\bill\appdata\roaming\AVAST Software
2014-01-28 06:26:43    --------    d-----w-    c:\programdata\AVAST Software
2014-01-28 05:42:02    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-28 05:30:48    --------    d-----w-    c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2014-02-04 22:16:15    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 22:16:15    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-28 06:56:03    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-28 06:56:03    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-28 06:56:03    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-28 06:56:03    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-28 06:56:02    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-18 14:13:56    231584    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-14 22:42:41    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-11-14 22:42:32    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-14 22:35:52    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:18:09.76 ===============
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 10 February 2014 - 04:16 PM

Greetings wlinz and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 wlinz

wlinz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 10 February 2014 - 09:52 PM

Hello Gary, thank you very much for your help. My name is William, here are the 2 logs you requested

 

FRST=

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by Bill (administrator) on WILLIAM-PC on 10-02-2014 18:44:19
Running from C:\Users\Bill\Desktop\Virus
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\psqltray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-08-27] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-12-18] (Dell Inc.)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\Fingerprint Reader Suite\launcher.exe [49168 2007-04-16] (UPEK Inc.)
HKLM\...\Run: [DELL Webcam Manager] - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [189736 2007-11-01] (CyberLink Corp.)
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [3767096 2014-01-27] (AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-12-02] (IDT, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3767096 2014-01-27] (AVAST Software)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4269187660-3811636433-583174840-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-4269187660-3811636433-583174840-1000\...\Run: [HLBackupScheduler] - C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7054984 2012-06-04] ()
HKU\S-1-5-21-4269187660-3811636433-583174840-1000\...\Run: [Google Update] - C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-15] (Google Inc.)
HKU\S-1-5-21-4269187660-3811636433-583174840-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4269187660-3811636433-583174840-1000\...\MountPoints2: {0ece99ca-cbdc-11e2-a795-002269c362dc} - I:\MotoCastSetup.exe -a
HKU\S-1-5-21-4269187660-3811636433-583174840-1000\...\MountPoints2: {57affb2f-9bf6-11e1-85b4-002269c362dc} - H:\setup.exe -a
HKU\S-1-5-21-4269187660-3811636433-583174840-1000\...\MountPoints2: {802f043e-d8a9-11e0-ae65-002269c362dc} - I:\setup.exe -a
Lsa: [Notification Packages] scecli psqlpwd

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Speckie - {8CE7F568-67FA-4432-BA39-F5AFD68E7B8B} - C:\Users\Bill\AppData\Roaming\Speckie\bin32\Speckie32.dll (Versoworks Pty Ltd)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default
FF Homepage: hxxp://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Bill\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Bill\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: TextMarker! - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\{1c530060-b0ae-11d9-9669-0800200c9a66} [2011-10-05]
FF Extension: DownloadHelper - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-29]
FF Extension: Exif Viewer - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2011-06-13]
FF Extension: Translate This! - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2013-07-28]
FF Extension: Copyright Infringement Finder - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\thetikihead@yahoo.com.xpi [2012-09-16]
FF Extension: TinEye Reverse Image Search - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\tineye@ideeinc.com.xpi [2012-07-26]
FF Extension: Troubleshooter - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\troubleshooter@mozilla.org.xpi [2013-06-19]
FF Extension: Adblock Plus - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\2ycwfe6y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-01-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-01-27] (AVAST Software)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MSSQL$XACTWARE; C:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$XACTWARE; C:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-18] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-27] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-01-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-27] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-01-27] ()
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-18] (Broadcom Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-02-02] (Malwarebytes Corporation)
S3 Spyder2; C:\Windows\System32\DRIVERS\Spyder2.sys [12288 2007-01-17] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\Users\Bill\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 18:43 - 2014-02-10 18:44 - 00000000 ____D () C:\FRST
2014-02-10 07:39 - 2014-02-10 07:39 - 00000248 _____ () C:\Users\Bill\Desktop\Organizing Images in Lightroom 5.URL
2014-02-09 18:59 - 2014-02-09 18:59 - 00000295 _____ () C:\Users\Bill\Desktop\Facebook.URL
2014-02-09 11:18 - 2014-02-09 11:18 - 00000240 _____ () C:\Users\Bill\Desktop\(1) Claudia Howard.URL
2014-02-09 00:14 - 2014-02-09 00:14 - 00000230 _____ () C:\Users\Bill\Desktop\Wanted old Porcelain Buddha's.URL
2014-02-05 19:14 - 2014-02-05 19:14 - 00000000 ____D () C:\Users\Bill\AppData\Local\CrashDumps
2014-02-04 10:22 - 2014-02-04 10:22 - 00000229 _____ () C:\Users\Bill\Desktop\▶ Angry bronco fan - YouTube.URL
2014-02-04 08:38 - 2014-02-04 12:36 - 00000000 ____D () C:\Users\Bill\Desktop\02-04-2014
2014-02-03 09:29 - 2014-02-03 21:36 - 00000000 ____D () C:\Users\Bill\Desktop\02-03-2014
2014-02-02 04:28 - 2014-02-02 04:35 - 00000000 ____D () C:\Users\Bill\Desktop\RK_Quarantine
2014-02-02 03:45 - 2014-02-07 16:57 - 00000000 ____D () C:\Users\Bill\Desktop\Today
2014-02-02 03:44 - 2014-02-10 18:44 - 00000000 ____D () C:\Users\Bill\Desktop\Virus
2014-02-02 03:39 - 2014-02-02 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-02 03:38 - 2014-02-02 03:38 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-30 19:39 - 2014-01-30 19:46 - 25387938 _____ () C:\Users\Bill\Desktop\223781186.mp4
2014-01-29 09:16 - 2014-01-29 09:16 - 00000000 ____D () C:\Users\Bill\Documents\PID
2014-01-27 23:11 - 2014-01-27 23:11 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\AVAST Software
2014-01-27 22:26 - 2014-01-27 22:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-27 21:42 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-27 21:42 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-27 21:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-27 21:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-27 21:41 - 2014-01-27 21:42 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-27 21:40 - 2013-11-14 15:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-27 21:40 - 2013-11-14 14:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-27 21:40 - 2013-11-14 14:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-27 21:40 - 2013-11-14 14:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-27 21:40 - 2013-11-14 14:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-27 21:40 - 2013-11-14 14:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-27 21:40 - 2013-11-14 14:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-01-27 21:40 - 2013-11-14 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-27 21:40 - 2013-11-14 14:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-27 21:40 - 2013-11-14 14:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-01-27 21:40 - 2013-11-14 14:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-27 21:40 - 2013-11-14 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-27 21:40 - 2013-11-14 14:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-27 21:40 - 2013-11-14 14:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-01-27 21:40 - 2013-11-14 14:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-27 21:40 - 2013-11-14 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-27 21:30 - 2014-01-27 21:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-25 22:04 - 2014-01-25 22:04 - 00000292 _____ () C:\Users\Bill\Desktop\5-Piece Set Dell Optiplex Windows 7 OS 2.8GHz 2GB Desktop PC nomorerack.com.URL
2014-01-24 12:17 - 2014-01-24 12:36 - 00000000 ____D () C:\Users\Bill\Documents\Cooking
2014-01-23 09:57 - 2014-02-07 16:57 - 00000000 ____D () C:\Users\Bill\Desktop\New Folder
2014-01-19 16:47 - 2014-01-19 16:47 - 00000000 ____D () C:\Users\Bill\Documents\First Aid
2014-01-17 10:51 - 2014-01-17 10:51 - 00000293 _____ () C:\Users\Bill\Desktop\12 Year-Old Girl's Heartrending Letter to Her Future Self is a Tragic Reminder of the Value of Life Independent Journal Revi.URL
2014-01-17 09:42 - 2014-02-01 11:50 - 00000000 ____D () C:\Users\Bill\Documents\Woodworking

==================== One Month Modified Files and Folders =======

2014-02-10 18:44 - 2014-02-10 18:43 - 00000000 ____D () C:\FRST
2014-02-10 18:44 - 2014-02-02 03:44 - 00000000 ____D () C:\Users\Bill\Desktop\Virus
2014-02-10 18:31 - 2011-12-15 23:12 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4269187660-3811636433-583174840-1000Core.job
2014-02-10 18:20 - 2011-02-22 04:19 - 01583069 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 18:19 - 2011-12-15 23:12 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4269187660-3811636433-583174840-1000UA.job
2014-02-10 18:18 - 2013-02-07 22:44 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 18:18 - 2012-03-30 12:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 11:52 - 2011-02-25 03:00 - 00007916 _____ () C:\Users\Bill\AppData\Local\d3d9caps.dat
2014-02-10 10:57 - 2006-11-02 04:46 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-10 10:57 - 2006-11-02 04:46 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 10:39 - 2006-11-02 02:33 - 00795184 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 10:23 - 2013-07-28 21:35 - 00000000 ____D () C:\Users\Bill\Desktop\La Habra
2014-02-10 08:25 - 2013-12-15 03:01 - 00000000 ____D () C:\Users\Bill\Desktop\Religion
2014-02-10 07:39 - 2014-02-10 07:39 - 00000248 _____ () C:\Users\Bill\Desktop\Organizing Images in Lightroom 5.URL
2014-02-10 04:03 - 2011-02-22 16:24 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\Mozilla
2014-02-10 01:02 - 2013-02-07 22:44 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 00:02 - 2011-02-22 15:26 - 00042496 _____ () C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-09 21:38 - 2013-11-15 21:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-09 21:38 - 2012-04-26 12:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-09 18:59 - 2014-02-09 18:59 - 00000295 _____ () C:\Users\Bill\Desktop\Facebook.URL
2014-02-09 11:18 - 2014-02-09 11:18 - 00000240 _____ () C:\Users\Bill\Desktop\(1) Claudia Howard.URL
2014-02-09 00:14 - 2014-02-09 00:14 - 00000230 _____ () C:\Users\Bill\Desktop\Wanted old Porcelain Buddha's.URL
2014-02-08 19:46 - 2013-09-05 13:42 - 00000000 ____D () C:\Users\Bill\Documents\Recipes
2014-02-07 16:57 - 2014-02-02 03:45 - 00000000 ____D () C:\Users\Bill\Desktop\Today
2014-02-07 16:57 - 2014-01-23 09:57 - 00000000 ____D () C:\Users\Bill\Desktop\New Folder
2014-02-05 19:14 - 2014-02-05 19:14 - 00000000 ____D () C:\Users\Bill\AppData\Local\CrashDumps
2014-02-04 14:16 - 2012-03-30 12:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-04 14:16 - 2011-06-10 13:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 12:36 - 2014-02-04 08:38 - 00000000 ____D () C:\Users\Bill\Desktop\02-04-2014
2014-02-04 10:22 - 2014-02-04 10:22 - 00000229 _____ () C:\Users\Bill\Desktop\▶ Angry bronco fan - YouTube.URL
2014-02-03 21:36 - 2014-02-03 09:29 - 00000000 ____D () C:\Users\Bill\Desktop\02-03-2014
2014-02-02 09:40 - 2006-11-02 05:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 09:38 - 2014-02-02 03:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-02 04:35 - 2014-02-02 04:28 - 00000000 ____D () C:\Users\Bill\Desktop\RK_Quarantine
2014-02-02 04:24 - 2011-02-22 04:20 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-02-02 04:24 - 2006-11-02 05:00 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 03:38 - 2014-02-02 03:38 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-01 11:50 - 2014-01-17 09:42 - 00000000 ____D () C:\Users\Bill\Documents\Woodworking
2014-01-30 19:46 - 2014-01-30 19:39 - 25387938 _____ () C:\Users\Bill\Desktop\223781186.mp4
2014-01-29 09:16 - 2014-01-29 09:16 - 00000000 ____D () C:\Users\Bill\Documents\PID
2014-01-27 23:26 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-01-27 23:11 - 2014-01-27 23:11 - 00000000 ____D () C:\Users\Bill\AppData\Roaming\AVAST Software
2014-01-27 23:07 - 2006-11-02 04:59 - 00203556 _____ () C:\Windows\PFRO.log
2014-01-27 22:56 - 2013-03-06 13:49 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-27 22:56 - 2013-03-06 13:49 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-27 22:56 - 2012-01-19 13:38 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-27 22:56 - 2011-02-22 16:04 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-27 22:56 - 2011-02-22 16:04 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 22:56 - 2011-02-22 16:04 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-27 22:56 - 2011-02-22 16:04 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-27 22:56 - 2011-02-22 16:04 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-01-27 22:56 - 2011-02-22 16:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-27 22:42 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\rescache
2014-01-27 22:26 - 2014-01-27 22:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-27 22:26 - 2006-11-02 02:23 - 00002577 _____ () C:\Windows\system32\config.nt
2014-01-27 22:16 - 2006-11-02 04:46 - 03730552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-27 22:14 - 2011-04-19 12:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-27 22:12 - 2006-11-02 04:35 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-01-27 22:12 - 2006-11-02 04:35 - 00000000 ____D () C:\Program Files\Windows Journal
2014-01-27 22:00 - 2012-06-15 23:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-27 21:43 - 2013-12-13 10:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 21:42 - 2014-01-27 21:41 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-27 21:42 - 2011-02-22 10:39 - 00000000 ____D () C:\Program Files\Java
2014-01-27 21:32 - 2014-01-27 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-27 21:28 - 2011-02-22 16:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-27 21:23 - 2011-02-22 17:16 - 00000000 ____D () C:\Users\Bill\AppData\Local\Adobe
2014-01-25 22:04 - 2014-01-25 22:04 - 00000292 _____ () C:\Users\Bill\Desktop\5-Piece Set Dell Optiplex Windows 7 OS 2.8GHz 2GB Desktop PC nomorerack.com.URL
2014-01-24 16:58 - 2013-09-05 12:27 - 00000000 ____D () C:\Users\Bill\Documents\Household helpers
2014-01-24 12:36 - 2014-01-24 12:17 - 00000000 ____D () C:\Users\Bill\Documents\Cooking
2014-01-24 11:30 - 2013-08-19 20:47 - 00000000 ___RD () C:\Users\Bill\Desktop\Political
2014-01-19 16:47 - 2014-01-19 16:47 - 00000000 ____D () C:\Users\Bill\Documents\First Aid
2014-01-17 10:51 - 2014-01-17 10:51 - 00000293 _____ () C:\Users\Bill\Desktop\12 Year-Old Girl's Heartrending Letter to Her Future Self is a Tragic Reminder of the Value of Life Independent Journal Revi.URL
2014-01-17 09:42 - 2011-04-23 09:43 - 00000000 ____D () C:\Users\Bill\Documents\Hunting_ Guns
2014-01-14 11:08 - 2013-09-24 20:59 - 00000000 ____D () C:\Users\Bill\Desktop\Hold
2014-01-13 14:11 - 2010-12-26 19:22 - 00000000 ____D () C:\Users\Bill\Documents\Work

Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Bill\AppData\Local\Temp\MotoCast_Installer_2.0031.exe
C:\Users\Bill\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-10 10:39

==================== End Of Log ============================

 

Addition log=

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014 01
Ran by Bill at 2014-02-10 18:45:03
Running from C:\Users\Bill\Desktop\Virus
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.3 (Version: 3.3.1 - Adobe)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advanced Audio FX Engine (Version:  - )
Advanced Video FX Engine (Version:  - )
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (Version: 9.0.2013 - Avast Software)
Backup Assistant Plus (Version:  - Verizon Wireless)
Banctec Service Agreement (Version: 2.0.0 - Dell Inc.)
Cisco EAP-FAST Module (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (Version:  - DownloadHelper)
Dell Driver Download Manager (HKCU Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Support Center (Version: 3.2.6032.125 - PC-Doctor, Inc.)
Dell Touchpad (Version: 7.1.102.7 - Alps Electric)
Dell Webcam Center (Version:  - )
Dell Webcam Manager (Version:  - )
Dell Wireless WLAN Card Utility (Version: 5.10.38.30 - Dell Inc.)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0 - )
Fingerprint Reader Suite 5.6 (Version: 5.6.2.3476 - UPEK Inc.)
Funambol Outlook Sync Client 8.2.7 (Version: 8.2.7 - Funambol)
Google Drive (Version: 1.13.5782.599 - Google, Inc.)
Google Talk Plugin (Version: 5.1.4.17398 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2 - Hewlett Packard)
HP Update (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
Intel® Matrix Storage Manager (Version:  - )
IrfanView (remove only) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 8.6.0 (Full) (Version: 8.6.0 - )
Laptop Integrated Webcam Driver (1.03.02.0719)   (Version:  - )
Live! Cam Avatar Creator (Version: 4.6.0817.1 - Creative Technology Ltd.)
Live! Cam Avatar v1.0 (Version: 1.0 - Creative Technology Ltd.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaDirect (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox (3.0.15) (Version: 3.0.15 (en-US) - Mozilla)
Mozilla Firefox (3.6.13) (HKCU Version: 3.6.13 (en-US) - Mozilla)
Mozilla Firefox 27.0 (x86 en-US) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (Version: 27.0 - Mozilla)
Mozilla Thunderbird (2.0.0.24) (Version: 2.0.0.24 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NEF Codec (Version: 1.00.0000 - Nikon)
NVIDIA Drivers (Version:  - )
OutlookAddinSetup (Version: 1.0.0 - CyberLink)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoFrame 4.5.3 Free (Version: 4.5.3 - onOne Software)
PhotoTools 2.5.5 Free (Version: 2.5.5 - onOne Software)
Pure Sudoku 1.52 (Version:  - Mochek Interactive)
QuickSet (Version: 8.2.20 - Dell Inc.)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
R&R Color Lab ROES (HKCU Version:  - R&R Color Lab)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
Speckie (Version: 2.4.8 - Versoworks)
Spyder2PRO (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (Version: 9.0.24951 - TeamViewer)
The Photographer's Ephemeris (Version: 1.1.1 - UNKNOWN)
The Photographer's Ephemeris (Version: 1.1.1 - UNKNOWN) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Web Sudoku Deluxe 1.2.2 (Version: 1.2.2 - Web Sudoku)
WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100 - Dell)
Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! Detect (Version:  - )

==================== Restore Points  =========================

25-01-2014 05:43:25 Scheduled Checkpoint
26-01-2014 07:47:38 Scheduled Checkpoint
28-01-2014 05:29:16 Windows Update
28-01-2014 06:27:17 avast! antivirus system restore point
29-01-2014 10:09:38 Scheduled Checkpoint
31-01-2014 05:34:47 Scheduled Checkpoint
31-01-2014 10:15:47 Windows Update
02-02-2014 20:29:20 Windows Backup
02-02-2014 20:37:45 Windows Backup
04-02-2014 07:11:01 Scheduled Checkpoint
04-02-2014 21:12:29 Scheduled Checkpoint
06-02-2014 05:21:05 Scheduled Checkpoint
08-02-2014 02:03:29 Scheduled Checkpoint
08-02-2014 18:45:04 Scheduled Checkpoint
09-02-2014 18:00:12 Scheduled Checkpoint
10-02-2014 12:51:22 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 02:23 - 2014-02-02 15:24 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {075F7B0C-8858-426A-81EA-5161F4D13E82} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1EA4CD67-E2B5-4D25-996D-7F2A863293CC} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-01-27] (AVAST Software)
Task: {1EE157EE-6A2D-4E46-8490-8486B456B82C} - System32\Tasks\{DED5A389-86BB-4005-AB39-9D6DB57A4787} => C:\Program Files\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {26D7FDD5-4AB2-48CF-87AC-411766235D17} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {2EF1A2C3-210D-4AFD-BEB7-E51E7FD69C0C} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {379B2C7C-EE8F-47EE-A469-8FB2C32C519F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A950610-5351-4CF3-89BD-526A7E64AA8B} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {3D9DA5D8-A692-481B-BE97-D7B5E2BE8774} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-18] (Dell Inc.)
Task: {439C352A-E862-49CC-B620-852C0E50B560} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {54CCB842-F636-43BD-ADEF-48ED812EA425} - System32\Tasks\AdobeAAMUpdater-1.0-WILLIAM-PC-Bill => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {5A6D9831-D95C-4713-B4E9-F03D1644498F} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {790969B2-9DD0-433D-9481-1957525E283C} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {89D6172C-8960-4FD3-9123-3A53A6586103} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {8FE4D77A-BF23-4680-B5A2-0107CF97BF9A} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {99FEBDB2-6C95-4414-9D75-3C64248A9D3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: {A9511DF1-2E33-4122-8891-BCB3E3A284BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4269187660-3811636433-583174840-1000Core => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {B25D4244-6254-4542-9A54-D5A933EC915A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {DCC09654-960E-420A-B677-66DDCAF5603E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E8A9F6D4-776B-4B63-82F5-CAD31CA1E058} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-05] (PC-Doctor, Inc.)
Task: {F900F6EA-0F54-47FC-B5B1-AA20BCC6B6A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4269187660-3811636433-583174840-1000UA => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {FE52219D-87AF-4E77-82D5-21B0052B0807} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4269187660-3811636433-583174840-1000Core.job => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4269187660-3811636433-583174840-1000UA.job => C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-12-06 13:00 - 2011-12-06 13:00 - 00784240 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
2006-11-03 15:46 - 2006-11-03 15:46 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-03-26 18:37 - 2008-12-19 17:26 - 02625536 _____ () C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
2012-06-05 16:36 - 2008-12-19 16:15 - 04338246 _____ () C:\Program Files\K-Lite Codec Pack\ffdshow\libavcodec.dll
2012-06-05 16:37 - 2008-12-17 17:59 - 00560802 _____ () C:\Program Files\K-Lite Codec Pack\ffdshow\libmplayer.dll
2012-03-26 18:37 - 2012-03-22 09:58 - 06593993 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
2012-03-26 18:38 - 2012-03-22 09:58 - 00207835 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
2012-03-26 18:38 - 2012-03-22 09:58 - 00374115 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
2012-03-26 18:38 - 2012-03-22 09:58 - 00143974 _____ () C:\Program Files\K-Lite Codec Pack\Filters\LAV\avfilter-lav-2.dll
2011-02-22 10:39 - 2008-12-18 01:55 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-01-27 22:56 - 2014-01-27 22:56 - 19336120 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2012-06-04 03:48 - 2012-06-04 03:48 - 07054984 _____ () C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
2012-06-04 03:48 - 2012-06-04 03:48 - 00684032 _____ () C:\Program Files\Backup Assistant Plus\libexpat.dll
2012-06-04 03:48 - 2012-06-04 03:48 - 00466975 _____ () C:\Program Files\Backup Assistant Plus\sqlite3.dll
2012-06-04 03:48 - 2012-06-04 03:48 - 00310272 _____ () C:\Program Files\Backup Assistant Plus\swscale-2.dll
2012-06-04 03:48 - 2012-06-04 03:48 - 00142848 _____ () C:\Program Files\Backup Assistant Plus\avutil-51.dll
2012-06-04 03:48 - 2012-06-04 03:48 - 13766656 _____ () C:\Program Files\Backup Assistant Plus\avcodec-54.dll
2012-06-04 03:48 - 2012-06-04 03:48 - 02535936 _____ () C:\Program Files\Backup Assistant Plus\avformat-54.dll
2006-11-03 15:25 - 2006-11-03 15:25 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2010-04-07 02:34 - 2011-04-07 01:45 - 00033280 _____ () C:\Program Files\Adobe\Adobe Photoshop CS5\QuickTimeGlue.dll
2010-02-22 04:50 - 2010-02-22 04:50 - 00060416 _____ () C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll
2013-11-15 21:26 - 2014-02-09 21:38 - 03583600 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-04 14:16 - 2014-02-04 14:16 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2014 04:48:30 PM) (Source: Application Error) (User: )
Description: Faulting application MOVIEMK.exe, version 6.0.6002.18273, time stamp 0x4c1a4a61, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x%9, application start time 0xMOVIEMK.exe0.

Error: (02/05/2014 07:14:14 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 26.0.0.5087, time stamp 0x52a0d293, faulting module mozalloc.dll, version 26.0.0.5087, time stamp 0x52a0af28, exception code 0x80000003, fault offset 0x0000119c,
process id 0x18c0, application start time 0xplugin-container.exe0.

Error: (02/04/2014 10:39:18 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.1008 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1820.  Message ID: [0x2509].

Error: (02/02/2014 08:16:53 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.1008 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5324.  Message ID: [0x2509].

Error: (02/02/2014 11:26:40 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.1008 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5552.  Message ID: [0x2509].

Error: (02/02/2014 09:48:51 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BILL\DESKTOP\VIRUS\DEFENDER.JPG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/02/2014 09:48:51 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\BILL\DESKTOP\VIRUS\DEFENDER.JPG> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/02/2014 09:42:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2014 09:39:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (02/02/2014 04:27:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/09/2014 08:01:34 AM) (Source: Service Control Manager) (User: )
Description: 30000NlaSvc

Error: (02/06/2014 07:36:46 AM) (Source: Service Control Manager) (User: )
Description: 30000TeamViewer9

Error: (02/04/2014 07:20:03 PM) (Source: Service Control Manager) (User: )
Description: 30000NlaSvc

Error: (02/02/2014 03:00:47 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (02/02/2014 00:31:37 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (02/02/2014 04:38:22 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (02/02/2014 04:37:07 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (02/02/2014 04:37:07 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (02/02/2014 04:28:11 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (02/02/2014 04:28:09 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (05/03/2013 11:57:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 505512 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (02/19/2013 11:39:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/19/2013 09:50:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/19/2013 09:50:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 623 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (02/15/2013 01:43:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 75 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/31/2012 01:01:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 203 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (11/06/2012 10:27:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 74 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (11/03/2012 09:25:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2464 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (10/29/2012 06:38:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2425 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (10/22/2012 08:30:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3391 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-10 18:44:54.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:53.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:53.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:53.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:52.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:52.109
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:51.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:50.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:31.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-10 18:44:30.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 3581.14 MB
Available physical RAM: 1444.23 MB
Total Pagefile: 7359.26 MB
Available Pagefile: 3241.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.53 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:280.49 GB) (Free:137.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.49 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:14.89 GB) NTFS
Drive g: (OS) (Fixed) (Total:280.53 GB) (Free:140.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=280 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 298 GB) (Disk ID: 70000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 11 February 2014 - 10:59 AM

Hi William,

Glad we are getting started. Not seeing anything of concern there. Please run this for me.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 wlinz

wlinz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 11 February 2014 - 11:24 AM

Thanks Gary, here is the FSS log

 

Farbar Service Scanner Version: 02-02-2014
Ran by Bill (administrator) on 11-02-2014 at 08:22:36
Running from "C:\Users\Bill\Desktop\Virus"
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2012-03-14 17:48] - [2010-02-18 05:42] - 0211456 ____A (Microsoft Corporation) A989BDB1A8CD914C7E49AF297D95BDB4

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 11 February 2014 - 02:51 PM

The one thing I am still getting each time I restart the computer is an error that "Windows Defender failed to initialize".

Are you still experiencing this?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 wlinz

wlinz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 12 February 2014 - 12:48 AM

Yes, that is still happening.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 12 February 2014 - 09:52 AM

Can you tell me if there is an error code with that? It may look something like Error Code 0x800106ba.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 wlinz

wlinz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 12 February 2014 - 10:25 AM

The only "code" I see is "0x800106ba". I have a screen shot of it and can send that if it would help.

Thank you, William



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 12 February 2014 - 11:36 AM

Thanks William,

I think the error code is enough for us to work with.

Please do this.

===================================================

Modifying Service StartState Windows 7/Vista

-------------------
  • Click Start, All Programs, Accessories, right click on cmd, then select Run as Administrator
  • Type sc config WinDefend start= auto and press Enter
  • You should receive confirmation the commands were successful
  • Reboot your computer, rerun Farbar Service Scanner, and post the results
  • Check the status of Windows Defender
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you still receiving the error?
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 wlinz

wlinz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 13 February 2014 - 02:45 AM

When I type that into cmd I get "Access Denied". Do you still want me to run Farbar again?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,547 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:00 PM

Posted 13 February 2014 - 10:03 AM

Hi William,

No need to run the Farbar program again until we get this sorted out.

Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend

  • Check the Export keys radio button.
  • Check the List Permissions radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 wlinz

wlinz
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington
  • Local time:12:00 PM

Posted 13 February 2014 - 10:31 AM

When the report comes up, a window comes up that says "No key is entered. Click OK to exit and run the tool again." I did run it again and got the same thing.

Here is the Result:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000003
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
  74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
  00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
  00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\
  72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\
  69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\
  00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
  00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"DelayedAutoStart"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
  00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
  20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
  00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
  05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
  00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
  84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
  01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users