Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Rootkit and 315load32.exe


  • This topic is locked This topic is locked
44 replies to this topic

#1 MagC

MagC

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 March 2014 - 06:38 AM

Hi,

I think I'm infected with ZeroAccess rootkit and 315load32.exe since last night. I can't run AVG, Spybot or Malwarebyte's Anti-Malware. Nothing happens if I double-click on the executables to launch these applications. Those folders in ProgramFiles (x86) have a locked icon on them and I can't change the permissions. I also can't turn off System Restore.

I did manage to run Rkill and that indicated that I had the ZeroAccess Rootkit. I ran DDS and 315load32.exe shows up there and I shut down some processes of that name in my task manager last night.

 

I did a Windows update before this problem started last night and rolled back those updates as I thought that had caused a problem with user permissions or accounts.

 

Any help would be greatly appreciated.

 

Thanks

 

DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16930  BrowserJavaVersion: 1.6.0_22
Run by Margaret at 11:09:30 on 2014-03-02
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.353.1033.18.4092.2663 [GMT 0:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\NTKernel\nt32.exe
C:\NTKernel\nt32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uWinlogon: Shell = explorer.exe,"C:\ProgramData\load32.exe"
uWindows: Load = C:\NTKernel\nt32.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NT Kernel Service] C:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
dRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
StartupFolder: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.galwaycity.ie/proweb_mapviewer/download/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8EFC3342-E25C-4222-9334-4A1C1EA0ACD1} - hxxp://gis.galwaycity.ie/proweb_mapviewer/download/ProPrntScrn.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FE88EA7D-8760-446C-9120-225C24FD61F7} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FE88EA7D-8760-446C-9120-225C24FD61F7}\568747D277966696 : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: AvastSvc.exe - C:\Users\Margaret\Documents\315load32.exe
IFEO: AvastUI.exe - C:\Users\Margaret\Documents\315load32.exe
IFEO: avcenter.exe - C:\Users\Margaret\Documents\315load32.exe
IFEO: avconfig.exe - C:\Users\Margaret\Documents\315load32.exe
IFEO: avgcsrvx.exe - C:\Users\Margaret\Documents\315load32.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: AvastSvc.exe - C:\Users\Margaret\Documents\315load32.exe
x64-IFEO: AvastUI.exe - C:\Users\Margaret\Documents\315load32.exe
x64-IFEO: avcenter.exe - C:\Users\Margaret\Documents\315load32.exe
x64-IFEO: avconfig.exe - C:\Users\Margaret\Documents\315load32.exe
x64-IFEO: avgcsrvx.exe - C:\Users\Margaret\Documents\315load32.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B48c4d302-a3b6-432f-a08d-affaa3df4f7b%7D&mid=4c4a010133ddcc58702c982c95a040ab-39cc2419962325cfcc94dbc016074fef146560bd&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-04-25%2016%3A03%3A31&sap=ku&q=
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-17 55280]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-9 46368]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-17 203264]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-9-13 308656]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R3 CryptOSD;Phoenix CryptOSD Device Driver;C:\Windows\System32\drivers\CryptOSD.sys [2009-6-25 431488]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-1-17 172704]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-1-17 5435904]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-17 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-1-17 393728]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-8 1771544]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2013-4-30 11776]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 0]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2013-4-30 135168]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: FrameMaker11.exe: Edit="C:\Program Files (x86)\Adobe\AdobeFrameMaker11\FrameMaker.exe" -ie "%1"
.
=============== Created Last 30 ================
.
2014-03-02 02:33:13    835    ----a-w-    C:\ProgramData\load32.vbs
2014-03-02 02:33:13    405504    --sha-r-    C:\ProgramData\load32.exe
2014-03-02 02:27:36    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-03-02 01:53:52    --------    d-----w-    C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
2014-03-02 01:53:36    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-03-02 01:53:35    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-03-02 00:15:09    --------    d-----w-    C:\Users\Margaret\AppData\Local\Avg2014
2014-03-01 22:38:59    --------    d-----w-    C:\Test
2014-03-01 21:19:38    --------    d--h--w-    C:\ProgramData\NTKernel
2014-03-01 19:43:34    --------    d-----w-    C:\Windows\System32\MRT
2014-03-01 17:20:06    124504    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\plugins\nprpplugin.dll
2014-03-01 17:20:05    472808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\plugins\npdeployJava1.dll
2014-03-01 17:20:05    187248    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\plugins\nppdf32.dll
2014-03-01 17:20:05    153736    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\plugins\nppl3260.dll
2014-02-28 20:41:01    --------    d-----w-    C:\NTKernel
2014-02-23 15:45:11    346804994    ----a-w-    C:\registry_backup.reg
.
==================== Find3M  ====================
.
.
============= FINISH: 11:10:15.39 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 02 March 2014 - 12:19 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 MagC

MagC
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 March 2014 - 01:17 PM

Thank you very much for your help.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02
Ran by Margaret (administrator) on MARGARET-PC on 02-03-2014 18:12:57
Running from C:\Users\Margaret\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NT Kernel Service] - C:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKU\.DEFAULT\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-12] (Google Inc.)
HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-12] (Google Inc.)
HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [405504 2014-02-28] () <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avcenter.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avconfig.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avgnt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avguard.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avp.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\avscan.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\bdagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\ccuac.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\egui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\instup.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\mbam.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\mbampt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\msseces.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\rstrui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\wireshark.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
IFEO\zlclient.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
InternetURL: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> C:\NTKernel\nt32.exe
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C25F12A1-845C-456F-8409-84AE580BAE4A}&mid=4c4a010133ddcc58702c982c95a040ab-39cc2419962325cfcc94dbc016074fef146560bd&lang=en&ds=AVG&pr=fr&d=2013-09-09 22:59:18&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKCU - {BE34315B-8315-452C-9648-AFE8D9B67D2C} URL =
SearchScopes: HKCU - {E04A884B-641C-4D43-B19E-12021CCDC58C} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab
DPF: HKLM-x32 {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://gis.galwaycity.ie/proweb_mapviewer/download/mgaxctrl.cab
DPF: HKLM-x32 {8EFC3342-E25C-4222-9334-4A1C1EA0ACD1} http://gis.galwaycity.ie/proweb_mapviewer/download/ProPrntScrn.cab
DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default
FF user.js: detected! => C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.ie/
FF Keyword.URL: hxxp://isearch.avg.com/search?cid=%7B48c4d302-a3b6-432f-a08d-affaa3df4f7b%7D&mid=4c4a010133ddcc58702c982c95a040ab-39cc2419962325cfcc94dbc016074fef146560bd&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-04-25%2016%3A03%3A31&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Lavasoft Search Plugin - C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-06-09]
FF Extension: EPUBReader - C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-12]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-04-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-05]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (RealDownloader) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-08]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] ()
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [0 2014-02-28] ()
S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] ()

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
S3 MFE_RR; \??\C:\Users\Margaret\AppData\Local\Temp\mfe_rr.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 18:12 - 2014-03-02 18:13 - 00022421 _____ () C:\Users\Margaret\Downloads\FRST.txt
2014-03-02 18:12 - 2014-03-02 18:12 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64(1).exe
2014-03-02 18:12 - 2014-03-02 18:12 - 00000000 ____D () C:\FRST
2014-03-02 18:11 - 2014-03-02 18:11 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64.exe
2014-03-02 03:10 - 2014-03-02 03:10 - 00688992 ____R (Swearware) C:\Users\Margaret\Desktop\dds.com
2014-03-02 02:33 - 2014-03-02 11:02 - 00000835 _____ () C:\ProgramData\load32.vbs
2014-03-02 02:33 - 2014-02-28 20:40 - 00405504 __RSH () C:\ProgramData\load32.exe
2014-03-02 02:27 - 2014-03-02 02:27 - 00023592 _____ () C:\ComboFix.txt
2014-03-02 01:53 - 2014-03-02 02:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-02 01:53 - 2014-03-02 01:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-02 01:32 - 2014-03-02 02:35 - 00000000 ____D () C:\Users\Margaret\Desktop\rkill
2014-03-02 00:59 - 2014-03-02 00:59 - 00000036 _____ () C:\Users\Margaret\AppData\Local\housecall.guid.cache
2014-03-02 00:17 - 2014-03-02 00:17 - 00128128 _____ () C:\Users\Visitor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-02 00:17 - 2014-03-02 00:17 - 00001445 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-02 00:17 - 2014-03-02 00:17 - 00001411 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Dell
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Stardock_Corporation
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Adobe
2014-03-02 00:16 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-02 00:16 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor
2014-03-02 00:16 - 2014-03-02 00:16 - 00000020 ___SH () C:\Users\Visitor\ntuser.ini
2014-03-02 00:16 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Real
2014-03-02 00:16 - 2013-01-30 19:15 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\TuneUp Software
2014-03-02 00:16 - 2012-06-19 20:09 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Macromedia
2014-03-02 00:16 - 2011-10-02 19:48 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Microsoft Help
2014-03-02 00:16 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-02 00:16 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-02 00:15 - 2014-03-02 00:15 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Avg2014
2014-03-01 22:38 - 2014-03-02 02:34 - 00000000 ____D () C:\Test
2014-03-01 21:19 - 2014-03-01 21:21 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-03-01 20:53 - 2014-03-01 20:53 - 00001430 _____ () C:\Users\Margaret\Desktop\fdm.exe - Shortcut.lnk
2014-03-01 20:43 - 2014-03-01 20:43 - 07752311 _____ (FreeDownloadManager.ORG ) C:\Users\Margaret\Downloads\fdminst.exe
2014-03-01 19:43 - 2014-03-01 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-01 19:43 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-01 17:27 - 2014-03-01 20:22 - 00002428 _____ () C:\Windows\IE11_main.log
2014-03-01 00:16 - 2014-03-01 00:16 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg
2014-02-28 20:41 - 2014-03-01 23:56 - 00000000 ____D () C:\NTKernel
2014-02-28 20:41 - 2014-02-28 20:40 - 00405504 __RSH () C:\Users\Margaret\Documents\315load32.exe
2014-02-26 18:39 - 2014-02-28 17:52 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-74067127-2302894034-4154699051-1001
2014-02-26 18:39 - 2014-02-28 17:52 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-74067127-2302894034-4154699051-1001
2014-02-23 15:45 - 2014-02-23 15:45 - 346804994 _____ () C:\registry_backup.reg
2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
2014-02-23 14:40 - 2014-02-23 14:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
2014-02-23 14:40 - 2013-01-30 19:15 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2014-02-23 14:40 - 2012-06-19 20:09 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-02-23 14:40 - 2011-10-02 19:48 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-02-23 14:40 - 2010-01-17 04:21 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-23 14:40 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-23 14:40 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-11 20:08 - 2014-02-11 20:24 - 00013328 _____ () C:\Users\Margaret\Documents\ListMichael.xlsx
2014-02-11 17:51 - 2014-02-11 17:51 - 00051481 _____ () C:\Users\Margaret\Desktop\BusinessDevelopmentList.xlsx
2014-02-07 11:52 - 2014-02-07 11:52 - 00019012 _____ () C:\Users\Margaret\Documents\Report_-_P60_Plain_for_13725V.zip

==================== One Month Modified Files and Folders =======

2014-03-02 18:13 - 2014-03-02 18:12 - 00022421 _____ () C:\Users\Margaret\Downloads\FRST.txt
2014-03-02 18:12 - 2014-03-02 18:12 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64(1).exe
2014-03-02 18:12 - 2014-03-02 18:12 - 00000000 ____D () C:\FRST
2014-03-02 18:11 - 2014-03-02 18:11 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64.exe
2014-03-02 17:31 - 2013-09-09 17:53 - 02014195 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 15:26 - 2010-01-23 20:34 - 00007606 _____ () C:\Users\Margaret\AppData\Local\Resmon.ResmonCfg
2014-03-02 12:32 - 2013-11-06 14:50 - 00000000 ____D () C:\Users\Margaret\Documents\PBRecruitment
2014-03-02 11:05 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 11:05 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 11:03 - 2012-05-29 10:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 11:02 - 2014-03-02 02:33 - 00000835 _____ () C:\ProgramData\load32.vbs
2014-03-02 10:58 - 2010-10-20 17:59 - 00000000 ____D () C:\ProgramData\Kodak
2014-03-02 10:57 - 2013-09-09 19:11 - 00013832 _____ () C:\Windows\setupact.log
2014-03-02 03:10 - 2014-03-02 03:10 - 00688992 ____R (Swearware) C:\Users\Margaret\Desktop\dds.com
2014-03-02 02:35 - 2014-03-02 01:32 - 00000000 ____D () C:\Users\Margaret\Desktop\rkill
2014-03-02 02:34 - 2014-03-01 22:38 - 00000000 ____D () C:\Test
2014-03-02 02:33 - 2014-03-02 01:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-02 02:31 - 2013-09-09 19:11 - 00025548 _____ () C:\Windows\PFRO.log
2014-03-02 02:27 - 2014-03-02 02:27 - 00023592 _____ () C:\ComboFix.txt
2014-03-02 02:27 - 2012-12-01 19:38 - 00000000 ____D () C:\Qoobox
2014-03-02 02:24 - 2010-01-22 18:22 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-02 02:22 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-02 01:53 - 2014-03-02 01:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-02 01:09 - 2012-09-11 18:36 - 00000000 ____D () C:\Users\Margaret\Documents\TechWriting
2014-03-02 01:05 - 2009-07-14 05:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 00:59 - 2014-03-02 00:59 - 00000036 _____ () C:\Users\Margaret\AppData\Local\housecall.guid.cache
2014-03-02 00:17 - 2014-03-02 00:17 - 00128128 _____ () C:\Users\Visitor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-02 00:17 - 2014-03-02 00:17 - 00001445 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-02 00:17 - 2014-03-02 00:17 - 00001411 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Dell
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Stardock_Corporation
2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Adobe
2014-03-02 00:17 - 2014-03-02 00:16 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-02 00:17 - 2014-03-02 00:16 - 00000000 ____D () C:\Users\Visitor
2014-03-02 00:16 - 2014-03-02 00:16 - 00000020 ___SH () C:\Users\Visitor\ntuser.ini
2014-03-02 00:15 - 2014-03-02 00:15 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Avg2014
2014-03-01 23:56 - 2014-02-28 20:41 - 00000000 ____D () C:\NTKernel
2014-03-01 23:55 - 2010-10-21 21:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-01 23:31 - 2009-07-14 04:45 - 05078736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-01 23:28 - 2009-07-14 07:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-01 21:40 - 2010-02-10 18:55 - 00000000 ____D () C:\Windows\pss
2014-03-01 21:21 - 2014-03-01 21:19 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-03-01 20:53 - 2014-03-01 20:53 - 00001430 _____ () C:\Users\Margaret\Desktop\fdm.exe - Shortcut.lnk
2014-03-01 20:43 - 2014-03-01 20:43 - 07752311 _____ (FreeDownloadManager.ORG ) C:\Users\Margaret\Downloads\fdminst.exe
2014-03-01 20:22 - 2014-03-01 17:27 - 00002428 _____ () C:\Windows\IE11_main.log
2014-03-01 20:21 - 2010-01-22 18:26 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-01 20:18 - 2012-05-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-01 19:49 - 2014-03-01 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-01 19:26 - 2010-01-17 04:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-01 19:04 - 2010-01-17 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-01 18:28 - 2009-07-14 02:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-01 18:24 - 2011-02-20 00:19 - 00767766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 17:20 - 2013-07-07 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-01 17:20 - 2010-06-07 11:36 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Mozilla
2014-03-01 00:16 - 2014-03-01 00:16 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg
2014-02-28 23:43 - 2010-01-23 01:15 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 21:46 - 2011-07-18 15:05 - 00000000 ____D () C:\Users\Margaret\Documents\BillsBanks
2014-02-28 20:41 - 2010-01-22 21:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-28 20:40 - 2014-03-02 02:33 - 00405504 __RSH () C:\ProgramData\load32.exe
2014-02-28 20:40 - 2014-02-28 20:41 - 00405504 __RSH () C:\Users\Margaret\Documents\315load32.exe
2014-02-28 17:54 - 2011-12-12 18:31 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\Dropbox
2014-02-28 17:53 - 2011-12-12 18:33 - 00000000 ___RD () C:\Users\Margaret\Dropbox
2014-02-28 17:52 - 2014-02-26 18:39 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-74067127-2302894034-4154699051-1001
2014-02-28 17:52 - 2014-02-26 18:39 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-74067127-2302894034-4154699051-1001
2014-02-28 17:51 - 2010-01-23 01:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 17:51 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 15:50 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-23 15:45 - 2014-02-23 15:45 - 346804994 _____ () C:\registry_backup.reg
2014-02-23 14:41 - 2014-03-02 00:16 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Real
2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
2014-02-23 14:40 - 2014-02-23 14:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
2014-02-21 01:38 - 2010-01-23 01:15 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-21 01:38 - 2010-01-23 01:15 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 18:39 - 2010-01-23 01:14 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-11 20:24 - 2014-02-11 20:08 - 00013328 _____ () C:\Users\Margaret\Documents\ListMichael.xlsx
2014-02-11 17:51 - 2014-02-11 17:51 - 00051481 _____ () C:\Users\Margaret\Desktop\BusinessDevelopmentList.xlsx
2014-02-09 12:24 - 2010-01-22 19:45 - 00000000 ____D () C:\Users\Margaret\Documents\CreativeWriting
2014-02-07 11:52 - 2014-02-07 11:52 - 00019012 _____ () C:\Users\Margaret\Documents\Report_-_P60_Plain_for_13725V.zip
2014-02-04 19:09 - 2014-03-01 19:43 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-04 18:50 - 2013-09-09 21:59 - 00000000 ____D () C:\Users\Margaret\AppData\Local\AVG Secure Search
2014-02-03 21:15 - 2013-09-09 21:59 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search

ZeroAccess:
C:\Windows\Installer\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}

Files to move or delete:
====================
C:\ProgramData\load32.exe
C:\ProgramData\load32.vbs
C:\ProgramData\NTKernel
C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
C:\NTKernel


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 14:05

==================== End Of Log ============================

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 02 March 2014 - 06:42 PM

Please do this next:
 
icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt 
HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [405504 2014-02-28] () <==== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
2014-03-02 02:33 - 2014-03-02 11:02 - 00000835 _____ () C:\ProgramData\load32.vbs
2014-03-02 02:33 - 2014-02-28 20:40 - 00405504 __RSH () C:\ProgramData\load32.exe
C:\Windows\Installer\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}
cmd: netsh winsock reset
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #5 MagC

    MagC
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:06:35 AM

    Posted 03 March 2014 - 02:32 PM

    Thanks a lot for going to the trouble of writing that script for me. FRST forced a restart when it was done and I got a Windows Script Host warning message on startup: Can't find script engine "VBScript" for script "C:\ProgramData\load32.vbs"

    Here's Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 02
    Ran by Margaret at 2014-03-03 19:23:54 Run:1
    Running from C:\Users\Margaret\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [405504 2014-02-28] () <==== ATTENTION
    Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    2014-03-02 02:33 - 2014-03-02 11:02 - 00000835 _____ () C:\ProgramData\load32.vbs
    2014-03-02 02:33 - 2014-02-28 20:40 - 00405504 __RSH () C:\ProgramData\load32.exe
    C:\Windows\Installer\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde}
    cmd: netsh winsock reset
    *****************

    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
    Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
    "C:\ProgramData\load32.vbs" => File/Directory not found.
    Could not move "C:\ProgramData\load32.exe" => Scheduled to move on reboot.
    C:\Windows\Installer\{22d0fbac-ef25-3a6a-fdd3-fdf005509cde} => Moved successfully.

    =========  netsh winsock reset =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-03 19:26:34)<=

    C:\ProgramData\load32.exe => Is moved successfully.

    ==== End of Fixlog ====



    #6 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:35 AM

    Posted 03 March 2014 - 07:47 PM

    Please do this next:

    icon11.gif  Download Combofix from HERE, and save it to your desktop.  

    **Note:  It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
    --------------------------------------------------------------------

    Double click on ComboFix.exe & follow the prompts.

    • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
    • When finished, it will produce a report for you.
    .
    Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

    Please include the following in your next post:
    • ComboFix log


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #7 MagC

    MagC
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:06:35 AM

    Posted 04 March 2014 - 08:32 AM

    When I try to save ComboFix.exe to the desktop, it gets as far as 99% downloaded and then I get this File Access Denied message: "You need permission to perform this action. You need permission from [my account name] to make changes to this file"

     

    This was one of the problems I encountered when I realised I had a problem a few days ago. I could download other programs and executable but not Malware and Anti-Virus software. I am logged on under the Admin account.

     

    I have an older version of CombiFix.exe on my desktop which was downloaded in Sept 2013. Can I try to run that?

     

    Thanks



    #8 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:35 AM

    Posted 04 March 2014 - 08:45 AM

    Skip ComboFix for now and do this instead:

    icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

    IFEO\AvastSvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\AvastUI.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avcenter.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avconfig.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgcsrvx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgidsagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgnt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgrsx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avguard.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgwdsvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avp.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avscan.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\bdagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ccuac.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ComboFix.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\egui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\hijackthis.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\instup.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\keyscrambler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbam.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbampt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamscheduler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamservice.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MpCmdRun.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MSASCui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MsMpEng.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\msseces.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\rstrui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\spybotsd.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\SUPERAntiSpyware.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\wireshark.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\zlclient.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    C:\Users\Margaret\Documents\315load32.exe
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now run FRST again.
    • When the tool opens click Yes to disclaimer.
    • Press the Fix button just once and wait.
    • The tool will make a log (Fixlog.txt) please post it to your reply.

    Please include the following in your next post:
    • Fixlog.txt report

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #9 MagC

    MagC
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:06:35 AM

    Posted 04 March 2014 - 08:48 AM

    Done. Fixlog.txt posted below

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 02
    Ran by Margaret at 2014-03-04 13:47:01 Run:2
    Running from C:\Users\Margaret\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    IFEO\AvastSvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\AvastUI.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avcenter.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avconfig.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgcsrvx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgidsagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgnt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgrsx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avguard.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgwdsvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avp.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avscan.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\bdagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ccuac.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ComboFix.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\egui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\hijackthis.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\instup.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\keyscrambler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbam.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbampt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamscheduler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamservice.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MpCmdRun.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MSASCui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MsMpEng.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\msseces.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\rstrui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\spybotsd.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\SUPERAntiSpyware.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\wireshark.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\zlclient.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    C:\Users\Margaret\Documents\315load32.exe
    *****************

    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERAntiSpyware.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully.
    C:\Users\Margaret\Documents\315load32.exe => Moved successfully.

    ==== End of Fixlog ====



    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:35 AM

    Posted 04 March 2014 - 10:38 AM

    Great.  Now delete any existing copies of ComboFix from your desktop, then download and try to run a fresh copy using the link and instructions I posted earlier.


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #11 MagC

    MagC
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:06:35 AM

    Posted 04 March 2014 - 02:36 PM

    ComboFix downloaded to my Desktop fine that time but when I double-clicked to run it, nothing happened. I had my Task Manager open at the same time and noticed that 315load32.exe started running. I ended that process in the Task Manager. 

     

    Thanks



    #12 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:35 AM

    Posted 04 March 2014 - 11:12 PM

    OK. Please run a new scan with FRST and post that log for me.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #13 MagC

    MagC
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:06:35 AM

    Posted 05 March 2014 - 03:27 AM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02
    Ran by Margaret (administrator) on MARGARET-PC on 05-03-2014 08:24:25
    Running from C:\Users\Margaret\Desktop
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\system32\atiesrxx.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\ProgramData\load32.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    () C:\NTKernel\nt32.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NT Kernel Service] - C:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
    HKU\.DEFAULT\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-12] (Google Inc.)
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [405504 2014-02-28] () <==== ATTENTION
    IFEO\AvastSvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\AvastUI.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avcenter.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avconfig.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgcsrvx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgidsagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgnt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgrsx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avguard.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgwdsvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avp.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avscan.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\bdagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ccuac.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ComboFix.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\egui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\hijackthis.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\instup.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\keyscrambler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbam.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbampt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamscheduler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamservice.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MpCmdRun.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MSASCui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MsMpEng.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\msseces.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\rstrui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\spybotsd.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\wireshark.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\zlclient.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    InternetURL: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> 0
    Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C25F12A1-845C-456F-8409-84AE580BAE4A}&mid=4c4a010133ddcc58702c982c95a040ab-39cc2419962325cfcc94dbc016074fef146560bd&lang=en&ds=AVG&pr=fr&d=2013-09-09 22:59:18&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    SearchScopes: HKCU - {BE34315B-8315-452C-9648-AFE8D9B67D2C} URL =
    SearchScopes: HKCU - {E04A884B-641C-4D43-B19E-12021CCDC58C} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll No File
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll No File
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll No File
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab
    DPF: HKLM-x32 {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://gis.galwaycity.ie/proweb_mapviewer/download/mgaxctrl.cab
    DPF: HKLM-x32 {8EFC3342-E25C-4222-9334-4A1C1EA0ACD1} http://gis.galwaycity.ie/proweb_mapviewer/download/ProPrntScrn.cab
    DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default
    FF user.js: detected! => C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\user.js
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.google.ie/
    FF Keyword.URL: hxxp://isearch.avg.com/search?cid=%7B48c4d302-a3b6-432f-a08d-affaa3df4f7b%7D&mid=4c4a010133ddcc58702c982c95a040ab-39cc2419962325cfcc94dbc016074fef146560bd&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-04-25%2016%3A03%3A31&sap=ku&q=
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF Extension: Lavasoft Search Plugin - C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-06-09]
    FF Extension: EPUBReader - C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-12]
    FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-04-06]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-05]
    FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (RealDownloader) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-08]
    CHR Extension: (Chrome In-App Payments service) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

    ==================== Services (Whitelisted) =================

    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] ()
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
    S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [0 2014-02-28] ()
    S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] ()

    ==================== Drivers (Whitelisted) ====================

    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
    R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
    S3 MFE_RR; \??\C:\Users\Margaret\AppData\Local\Temp\mfe_rr.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-04 19:32 - 2014-03-04 19:32 - 05186850 _____ (Swearware) C:\Users\Margaret\Desktop\ComboFix.exe
    2014-03-04 19:27 - 2014-02-28 20:40 - 00405504 __RSH () C:\Users\Margaret\Documents\315load32.exe
    2014-03-04 13:23 - 2014-03-04 13:24 - 05187080 _____ () C:\Users\Margaret\Downloads\ComboFix.exe.part
    2014-03-03 19:27 - 2014-02-28 20:40 - 00405504 __RSH () C:\ProgramData\load32.exe
    2014-03-02 18:13 - 2014-03-02 18:14 - 00044085 _____ () C:\Users\Margaret\Downloads\Addition.txt
    2014-03-02 18:12 - 2014-03-05 08:24 - 00002660 _____ () C:\Users\Margaret\Desktop\FRST.txt
    2014-03-02 18:12 - 2014-03-05 08:24 - 00000000 ____D () C:\FRST
    2014-03-02 18:12 - 2014-03-02 18:12 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64(1).exe
    2014-03-02 18:11 - 2014-03-02 18:11 - 02156544 _____ (Farbar) C:\Users\Margaret\Desktop\FRST64.exe
    2014-03-02 03:10 - 2014-03-02 03:10 - 00688992 ____R (Swearware) C:\Users\Margaret\Desktop\dds.com
    2014-03-02 01:53 - 2014-03-02 02:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-03-02 01:53 - 2014-03-02 01:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-03-02 01:32 - 2014-03-02 02:35 - 00000000 ____D () C:\Users\Margaret\Desktop\rkill
    2014-03-02 00:59 - 2014-03-02 00:59 - 00000036 _____ () C:\Users\Margaret\AppData\Local\housecall.guid.cache
    2014-03-02 00:17 - 2014-03-02 00:17 - 00128128 _____ () C:\Users\Visitor\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001445 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001411 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Dell
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Stardock_Corporation
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Adobe
    2014-03-02 00:16 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-02 00:16 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor
    2014-03-02 00:16 - 2014-03-02 00:16 - 00000020 ___SH () C:\Users\Visitor\ntuser.ini
    2014-03-02 00:16 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Real
    2014-03-02 00:16 - 2013-01-30 19:15 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\TuneUp Software
    2014-03-02 00:16 - 2012-06-19 20:09 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Macromedia
    2014-03-02 00:16 - 2011-10-02 19:48 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Microsoft Help
    2014-03-02 00:16 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-03-02 00:16 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-03-02 00:15 - 2014-03-02 00:15 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Avg2014
    2014-03-01 22:38 - 2014-03-04 19:29 - 00000000 ____D () C:\Test
    2014-03-01 21:19 - 2014-03-01 21:21 - 00000000 ___HD () C:\ProgramData\NTKernel
    2014-03-01 20:53 - 2014-03-01 20:53 - 00001430 _____ () C:\Users\Margaret\Desktop\fdm.exe - Shortcut.lnk
    2014-03-01 20:43 - 2014-03-01 20:43 - 07752311 _____ (FreeDownloadManager.ORG ) C:\Users\Margaret\Downloads\fdminst.exe
    2014-03-01 19:43 - 2014-03-01 19:49 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-01 19:43 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-03-01 17:27 - 2014-03-01 20:22 - 00002428 _____ () C:\Windows\IE11_main.log
    2014-03-01 00:16 - 2014-03-01 00:16 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg
    2014-02-28 20:41 - 2014-03-01 23:56 - 00000000 ____D () C:\NTKernel
    2014-02-26 18:39 - 2014-02-28 17:52 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-26 18:39 - 2014-02-28 17:52 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-23 15:45 - 2014-02-23 15:45 - 346804994 _____ () C:\registry_backup.reg
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
    2014-02-23 14:40 - 2014-02-23 14:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
    2014-02-23 14:40 - 2013-01-30 19:15 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
    2014-02-23 14:40 - 2012-06-19 20:09 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
    2014-02-23 14:40 - 2011-10-02 19:48 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
    2014-02-23 14:40 - 2010-01-17 04:21 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-02-23 14:40 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-02-23 14:40 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-02-11 20:08 - 2014-02-11 20:24 - 00013328 _____ () C:\Users\Margaret\Documents\ListMichael.xlsx
    2014-02-11 17:51 - 2014-02-11 17:51 - 00051481 _____ () C:\Users\Margaret\Desktop\BusinessDevelopmentList.xlsx
    2014-02-07 11:52 - 2014-02-07 11:52 - 00019012 _____ () C:\Users\Margaret\Documents\Report_-_P60_Plain_for_13725V.zip

    ==================== One Month Modified Files and Folders =======

    2014-03-05 08:24 - 2014-03-02 18:12 - 00002660 _____ () C:\Users\Margaret\Desktop\FRST.txt
    2014-03-05 08:24 - 2014-03-02 18:12 - 00000000 ____D () C:\FRST
    2014-03-05 08:21 - 2010-10-20 17:59 - 00000000 ____D () C:\ProgramData\Kodak
    2014-03-05 08:20 - 2013-09-09 19:11 - 00014336 _____ () C:\Windows\setupact.log
    2014-03-05 00:33 - 2013-09-09 17:53 - 02036995 _____ () C:\Windows\WindowsUpdate.log
    2014-03-04 22:12 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-04 22:12 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-04 21:47 - 2010-01-22 19:45 - 00000000 ____D () C:\Users\Margaret\Documents\CreativeWriting
    2014-03-04 21:11 - 2012-12-01 19:38 - 00000000 ____D () C:\Qoobox
    2014-03-04 19:32 - 2014-03-04 19:32 - 05186850 _____ (Swearware) C:\Users\Margaret\Desktop\ComboFix.exe
    2014-03-04 19:29 - 2014-03-01 22:38 - 00000000 ____D () C:\Test
    2014-03-04 13:24 - 2014-03-04 13:23 - 05187080 _____ () C:\Users\Margaret\Downloads\ComboFix.exe.part
    2014-03-02 18:14 - 2014-03-02 18:13 - 00044085 _____ () C:\Users\Margaret\Downloads\Addition.txt
    2014-03-02 18:12 - 2014-03-02 18:12 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64(1).exe
    2014-03-02 18:11 - 2014-03-02 18:11 - 02156544 _____ (Farbar) C:\Users\Margaret\Desktop\FRST64.exe
    2014-03-02 15:26 - 2010-01-23 20:34 - 00007606 _____ () C:\Users\Margaret\AppData\Local\Resmon.ResmonCfg
    2014-03-02 12:32 - 2013-11-06 14:50 - 00000000 ____D () C:\Users\Margaret\Documents\PBRecruitment
    2014-03-02 11:03 - 2012-05-29 10:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-02 03:10 - 2014-03-02 03:10 - 00688992 ____R (Swearware) C:\Users\Margaret\Desktop\dds.com
    2014-03-02 02:35 - 2014-03-02 01:32 - 00000000 ____D () C:\Users\Margaret\Desktop\rkill
    2014-03-02 02:33 - 2014-03-02 01:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-03-02 02:31 - 2013-09-09 19:11 - 00025548 _____ () C:\Windows\PFRO.log
    2014-03-02 02:24 - 2010-01-22 18:22 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-02 02:22 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
    2014-03-02 01:53 - 2014-03-02 01:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-03-02 01:09 - 2012-09-11 18:36 - 00000000 ____D () C:\Users\Margaret\Documents\TechWriting
    2014-03-02 01:05 - 2009-07-14 05:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-02 00:59 - 2014-03-02 00:59 - 00000036 _____ () C:\Users\Margaret\AppData\Local\housecall.guid.cache
    2014-03-02 00:17 - 2014-03-02 00:17 - 00128128 _____ () C:\Users\Visitor\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001445 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001411 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Dell
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Stardock_Corporation
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Adobe
    2014-03-02 00:17 - 2014-03-02 00:16 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-02 00:17 - 2014-03-02 00:16 - 00000000 ____D () C:\Users\Visitor
    2014-03-02 00:16 - 2014-03-02 00:16 - 00000020 ___SH () C:\Users\Visitor\ntuser.ini
    2014-03-02 00:15 - 2014-03-02 00:15 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Avg2014
    2014-03-01 23:56 - 2014-02-28 20:41 - 00000000 ____D () C:\NTKernel
    2014-03-01 23:55 - 2010-10-21 21:45 - 00000000 ____D () C:\ProgramData\MFAData
    2014-03-01 23:31 - 2009-07-14 04:45 - 05078736 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-01 23:28 - 2009-07-14 07:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-03-01 21:40 - 2010-02-10 18:55 - 00000000 ____D () C:\Windows\pss
    2014-03-01 21:21 - 2014-03-01 21:19 - 00000000 ___HD () C:\ProgramData\NTKernel
    2014-03-01 20:53 - 2014-03-01 20:53 - 00001430 _____ () C:\Users\Margaret\Desktop\fdm.exe - Shortcut.lnk
    2014-03-01 20:43 - 2014-03-01 20:43 - 07752311 _____ (FreeDownloadManager.ORG ) C:\Users\Margaret\Downloads\fdminst.exe
    2014-03-01 20:22 - 2014-03-01 17:27 - 00002428 _____ () C:\Windows\IE11_main.log
    2014-03-01 20:21 - 2010-01-22 18:26 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-01 20:18 - 2012-05-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-01 19:49 - 2014-03-01 19:43 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-01 19:26 - 2010-01-17 04:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-03-01 19:04 - 2010-01-17 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
    2014-03-01 18:28 - 2009-07-14 02:34 - 00000478 _____ () C:\Windows\win.ini
    2014-03-01 18:24 - 2011-02-20 00:19 - 00767766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-03-01 17:20 - 2013-07-07 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-01 17:20 - 2010-06-07 11:36 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Mozilla
    2014-03-01 00:16 - 2014-03-01 00:16 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg
    2014-02-28 23:43 - 2010-01-23 01:15 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-28 21:46 - 2011-07-18 15:05 - 00000000 ____D () C:\Users\Margaret\Documents\BillsBanks
    2014-02-28 20:41 - 2010-01-22 21:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-02-28 20:40 - 2014-03-04 19:27 - 00405504 __RSH () C:\Users\Margaret\Documents\315load32.exe
    2014-02-28 20:40 - 2014-03-03 19:27 - 00405504 __RSH () C:\ProgramData\load32.exe
    2014-02-28 17:54 - 2011-12-12 18:31 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\Dropbox
    2014-02-28 17:53 - 2011-12-12 18:33 - 00000000 ___RD () C:\Users\Margaret\Dropbox
    2014-02-28 17:52 - 2014-02-26 18:39 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-28 17:52 - 2014-02-26 18:39 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-28 17:51 - 2010-01-23 01:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-28 17:51 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-23 15:50 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-02-23 15:45 - 2014-02-23 15:45 - 346804994 _____ () C:\registry_backup.reg
    2014-02-23 14:41 - 2014-03-02 00:16 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Real
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
    2014-02-23 14:40 - 2014-02-23 14:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
    2014-02-21 01:38 - 2010-01-23 01:15 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-02-21 01:38 - 2010-01-23 01:15 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-02-17 18:39 - 2010-01-23 01:14 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-02-11 20:24 - 2014-02-11 20:08 - 00013328 _____ () C:\Users\Margaret\Documents\ListMichael.xlsx
    2014-02-11 17:51 - 2014-02-11 17:51 - 00051481 _____ () C:\Users\Margaret\Desktop\BusinessDevelopmentList.xlsx
    2014-02-07 11:52 - 2014-02-07 11:52 - 00019012 _____ () C:\Users\Margaret\Documents\Report_-_P60_Plain_for_13725V.zip
    2014-02-04 19:09 - 2014-03-01 19:43 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-02-04 18:50 - 2013-09-09 21:59 - 00000000 ____D () C:\Users\Margaret\AppData\Local\AVG Secure Search
    2014-02-03 21:15 - 2013-09-09 21:59 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search

    Files to move or delete:
    ====================
    C:\ProgramData\load32.exe
    C:\ProgramData\NTKernel
    C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
    C:\NTKernel


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-21 14:05

    ==================== End Of Log ============================



    #14 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:02:35 AM

    Posted 05 March 2014 - 11:26 AM

    Hi,

     

    I need you to delete your existing version of FRST, then download an updated copy here: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/  Once you have done that, please run another scan and post that log for me


    Edited by RPMcMurphy, 05 March 2014 - 11:28 AM.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #15 MagC

    MagC
    • Topic Starter

    • Members
    • 23 posts
    • OFFLINE
    •  
    • Local time:06:35 AM

    Posted 05 March 2014 - 02:16 PM

    New version of FRST downloaded and run from my Desktop.

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
    Ran by Margaret (administrator) on MARGARET-PC on 05-03-2014 19:15:32
    Running from C:\Users\Margaret\Desktop
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\system32\atiesrxx.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808680 2009-06-25] (Synaptics Incorporated)
    HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NT Kernel Service] - C:\ProgramData\load32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
    HKU\.DEFAULT\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-12] (Google Inc.)
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-12] (Google Inc.)
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
    HKU\S-1-5-21-74067127-2302894034-4154699051-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [405504 2014-02-28] () <==== ATTENTION
    IFEO\AvastSvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\AvastUI.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avcenter.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avconfig.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgcsrvx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgidsagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgnt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgrsx.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avguard.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avgwdsvc.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avp.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\avscan.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\bdagent.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ccuac.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\ComboFix.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\egui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\hijackthis.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\instup.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\keyscrambler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbam.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamgui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbampt.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamscheduler.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\mbamservice.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MpCmdRun.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MSASCui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\MsMpEng.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\msseces.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\rstrui.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\spybotsd.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\wireshark.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    IFEO\zlclient.exe: [Debugger] C:\Users\Margaret\Documents\315load32.exe
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    InternetURL: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> C:\NTKernel\nt32.exe
    Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C25F12A1-845C-456F-8409-84AE580BAE4A}&mid=4c4a010133ddcc58702c982c95a040ab-39cc2419962325cfcc94dbc016074fef146560bd&lang=en&ds=AVG&pr=fr&d=2013-09-09 22:59:18&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    SearchScopes: HKCU - {BE34315B-8315-452C-9648-AFE8D9B67D2C} URL =
    SearchScopes: HKCU - {E04A884B-641C-4D43-B19E-12021CCDC58C} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll No File
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll No File
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll No File
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab
    DPF: HKLM-x32 {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://gis.galwaycity.ie/proweb_mapviewer/download/mgaxctrl.cab
    DPF: HKLM-x32 {8EFC3342-E25C-4222-9334-4A1C1EA0ACD1} http://gis.galwaycity.ie/proweb_mapviewer/download/ProPrntScrn.cab
    DPF: HKLM-x32 {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default
    FF user.js: detected! => C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\user.js
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://www.google.ie/
    FF Keyword.URL: hxxp://isearch.avg.com/search?cid=%7B48c4d302-a3b6-432f-a08d-affaa3df4f7b%7D&mid=4c4a010133ddcc58702c982c95a040ab-39cc2419962325cfcc94dbc016074fef146560bd&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-04-25%2016%3A03%3A31&sap=ku&q=
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF Extension: Lavasoft Search Plugin - C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-06-09]
    FF Extension: EPUBReader - C:\Users\Margaret\AppData\Roaming\Mozilla\Firefox\Profiles\ekl5nm2z.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-12]
    FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-04-06]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-05]
    FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR Extension: (RealDownloader) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-08]
    CHR Extension: (Chrome In-App Payments service) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

    ==================== Services (Whitelisted) =================

    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] ()
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
    S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
    S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [0 2014-02-28] ()
    S2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] ()

    ==================== Drivers (Whitelisted) ====================

    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
    R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
    S3 MFE_RR; \??\C:\Users\Margaret\AppData\Local\Temp\mfe_rr.sys [X]
    S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-05 19:15 - 2014-03-05 19:15 - 02157056 _____ (Farbar) C:\Users\Margaret\Desktop\FRST64.exe
    2014-03-05 19:15 - 2014-03-05 19:15 - 00002149 _____ () C:\Users\Margaret\Desktop\FRST.txt
    2014-03-05 19:14 - 2014-03-05 19:14 - 02157056 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64.exe
    2014-03-05 19:11 - 2014-03-05 19:11 - 00000837 _____ () C:\ProgramData\load32.vbs
    2014-03-04 19:32 - 2014-03-04 19:32 - 05186850 _____ (Swearware) C:\Users\Margaret\Desktop\ComboFix.exe
    2014-03-04 19:27 - 2014-02-28 20:40 - 00405504 __RSH () C:\Users\Margaret\Documents\315load32.exe
    2014-03-04 13:23 - 2014-03-04 13:24 - 05187080 _____ () C:\Users\Margaret\Downloads\ComboFix.exe.part
    2014-03-03 19:27 - 2014-02-28 20:40 - 00405504 __RSH () C:\ProgramData\load32.exe
    2014-03-02 18:13 - 2014-03-02 18:14 - 00044085 _____ () C:\Users\Margaret\Downloads\Addition.txt
    2014-03-02 18:12 - 2014-03-05 19:15 - 00000000 ____D () C:\FRST
    2014-03-02 18:12 - 2014-03-02 18:12 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64(1).exe
    2014-03-02 03:10 - 2014-03-02 03:10 - 00688992 ____R (Swearware) C:\Users\Margaret\Desktop\dds.com
    2014-03-02 01:53 - 2014-03-02 02:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-03-02 01:53 - 2014-03-02 01:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-03-02 01:32 - 2014-03-02 02:35 - 00000000 ____D () C:\Users\Margaret\Desktop\rkill
    2014-03-02 00:59 - 2014-03-02 00:59 - 00000036 _____ () C:\Users\Margaret\AppData\Local\housecall.guid.cache
    2014-03-02 00:17 - 2014-03-02 00:17 - 00128128 _____ () C:\Users\Visitor\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001445 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001411 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Dell
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Stardock_Corporation
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Adobe
    2014-03-02 00:16 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-02 00:16 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor
    2014-03-02 00:16 - 2014-03-02 00:16 - 00000020 ___SH () C:\Users\Visitor\ntuser.ini
    2014-03-02 00:16 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Real
    2014-03-02 00:16 - 2013-01-30 19:15 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\TuneUp Software
    2014-03-02 00:16 - 2012-06-19 20:09 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Macromedia
    2014-03-02 00:16 - 2011-10-02 19:48 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Microsoft Help
    2014-03-02 00:16 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-03-02 00:16 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-03-02 00:15 - 2014-03-02 00:15 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Avg2014
    2014-03-01 22:38 - 2014-03-04 19:29 - 00000000 ____D () C:\Test
    2014-03-01 21:19 - 2014-03-01 21:21 - 00000000 ___HD () C:\ProgramData\NTKernel
    2014-03-01 20:53 - 2014-03-01 20:53 - 00001430 _____ () C:\Users\Margaret\Desktop\fdm.exe - Shortcut.lnk
    2014-03-01 20:43 - 2014-03-01 20:43 - 07752311 _____ (FreeDownloadManager.ORG ) C:\Users\Margaret\Downloads\fdminst.exe
    2014-03-01 19:43 - 2014-03-01 19:49 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-01 19:43 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-03-01 17:27 - 2014-03-01 20:22 - 00002428 _____ () C:\Windows\IE11_main.log
    2014-03-01 00:16 - 2014-03-01 00:16 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg
    2014-02-28 20:41 - 2014-03-01 23:56 - 00000000 ____D () C:\NTKernel
    2014-02-26 18:39 - 2014-02-28 17:52 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-26 18:39 - 2014-02-28 17:52 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-23 15:45 - 2014-02-23 15:45 - 346804994 _____ () C:\registry_backup.reg
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
    2014-02-23 14:40 - 2014-02-23 14:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
    2014-02-23 14:40 - 2013-01-30 19:15 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
    2014-02-23 14:40 - 2012-06-19 20:09 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
    2014-02-23 14:40 - 2011-10-02 19:48 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
    2014-02-23 14:40 - 2010-01-17 04:21 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-02-23 14:40 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-02-23 14:40 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-02-11 20:08 - 2014-02-11 20:24 - 00013328 _____ () C:\Users\Margaret\Documents\ListMichael.xlsx
    2014-02-11 17:51 - 2014-02-11 17:51 - 00051481 _____ () C:\Users\Margaret\Desktop\BusinessDevelopmentList.xlsx
    2014-02-07 11:52 - 2014-02-07 11:52 - 00019012 _____ () C:\Users\Margaret\Documents\Report_-_P60_Plain_for_13725V.zip

    ==================== One Month Modified Files and Folders =======

    2014-03-05 19:15 - 2014-03-05 19:15 - 02157056 _____ (Farbar) C:\Users\Margaret\Desktop\FRST64.exe
    2014-03-05 19:15 - 2014-03-05 19:15 - 00002149 _____ () C:\Users\Margaret\Desktop\FRST.txt
    2014-03-05 19:15 - 2014-03-02 18:12 - 00000000 ____D () C:\FRST
    2014-03-05 19:14 - 2014-03-05 19:14 - 02157056 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64.exe
    2014-03-05 19:13 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-03-05 19:13 - 2009-07-14 04:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-03-05 19:11 - 2014-03-05 19:11 - 00000837 _____ () C:\ProgramData\load32.vbs
    2014-03-05 19:06 - 2010-10-20 17:59 - 00000000 ____D () C:\ProgramData\Kodak
    2014-03-05 19:05 - 2013-09-09 19:11 - 00014392 _____ () C:\Windows\setupact.log
    2014-03-05 08:31 - 2013-09-09 17:53 - 02040390 _____ () C:\Windows\WindowsUpdate.log
    2014-03-04 21:47 - 2010-01-22 19:45 - 00000000 ____D () C:\Users\Margaret\Documents\CreativeWriting
    2014-03-04 21:11 - 2012-12-01 19:38 - 00000000 ____D () C:\Qoobox
    2014-03-04 19:32 - 2014-03-04 19:32 - 05186850 _____ (Swearware) C:\Users\Margaret\Desktop\ComboFix.exe
    2014-03-04 19:29 - 2014-03-01 22:38 - 00000000 ____D () C:\Test
    2014-03-04 13:24 - 2014-03-04 13:23 - 05187080 _____ () C:\Users\Margaret\Downloads\ComboFix.exe.part
    2014-03-02 18:14 - 2014-03-02 18:13 - 00044085 _____ () C:\Users\Margaret\Downloads\Addition.txt
    2014-03-02 18:12 - 2014-03-02 18:12 - 02156544 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64(1).exe
    2014-03-02 15:26 - 2010-01-23 20:34 - 00007606 _____ () C:\Users\Margaret\AppData\Local\Resmon.ResmonCfg
    2014-03-02 12:32 - 2013-11-06 14:50 - 00000000 ____D () C:\Users\Margaret\Documents\PBRecruitment
    2014-03-02 11:03 - 2012-05-29 10:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-02 03:10 - 2014-03-02 03:10 - 00688992 ____R (Swearware) C:\Users\Margaret\Desktop\dds.com
    2014-03-02 02:35 - 2014-03-02 01:32 - 00000000 ____D () C:\Users\Margaret\Desktop\rkill
    2014-03-02 02:33 - 2014-03-02 01:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-03-02 02:31 - 2013-09-09 19:11 - 00025548 _____ () C:\Windows\PFRO.log
    2014-03-02 02:24 - 2010-01-22 18:22 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-02 02:22 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
    2014-03-02 01:53 - 2014-03-02 01:53 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
    2014-03-02 01:53 - 2014-03-02 01:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-03-02 01:09 - 2012-09-11 18:36 - 00000000 ____D () C:\Users\Margaret\Documents\TechWriting
    2014-03-02 01:05 - 2009-07-14 05:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-02 00:59 - 2014-03-02 00:59 - 00000036 _____ () C:\Users\Margaret\AppData\Local\housecall.guid.cache
    2014-03-02 00:17 - 2014-03-02 00:17 - 00128128 _____ () C:\Users\Visitor\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001445 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00001411 _____ () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Dell
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Stardock_Corporation
    2014-03-02 00:17 - 2014-03-02 00:17 - 00000000 ____D () C:\Users\Visitor\AppData\Local\Adobe
    2014-03-02 00:17 - 2014-03-02 00:16 - 00000000 ___RD () C:\Users\Visitor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-02 00:17 - 2014-03-02 00:16 - 00000000 ____D () C:\Users\Visitor
    2014-03-02 00:16 - 2014-03-02 00:16 - 00000020 ___SH () C:\Users\Visitor\ntuser.ini
    2014-03-02 00:15 - 2014-03-02 00:15 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Avg2014
    2014-03-01 23:56 - 2014-02-28 20:41 - 00000000 ____D () C:\NTKernel
    2014-03-01 23:55 - 2010-10-21 21:45 - 00000000 ____D () C:\ProgramData\MFAData
    2014-03-01 23:31 - 2009-07-14 04:45 - 05078736 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-01 23:28 - 2009-07-14 07:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-03-01 21:40 - 2010-02-10 18:55 - 00000000 ____D () C:\Windows\pss
    2014-03-01 21:21 - 2014-03-01 21:19 - 00000000 ___HD () C:\ProgramData\NTKernel
    2014-03-01 20:53 - 2014-03-01 20:53 - 00001430 _____ () C:\Users\Margaret\Desktop\fdm.exe - Shortcut.lnk
    2014-03-01 20:43 - 2014-03-01 20:43 - 07752311 _____ (FreeDownloadManager.ORG ) C:\Users\Margaret\Downloads\fdminst.exe
    2014-03-01 20:22 - 2014-03-01 17:27 - 00002428 _____ () C:\Windows\IE11_main.log
    2014-03-01 20:21 - 2010-01-22 18:26 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-01 20:18 - 2012-05-31 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-01 19:49 - 2014-03-01 19:43 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-01 19:26 - 2010-01-17 04:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-03-01 19:04 - 2010-01-17 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
    2014-03-01 18:28 - 2009-07-14 02:34 - 00000478 _____ () C:\Windows\win.ini
    2014-03-01 18:24 - 2011-02-20 00:19 - 00767766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-03-01 17:20 - 2013-07-07 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-01 17:20 - 2010-06-07 11:36 - 00000000 ____D () C:\Users\Margaret\AppData\Local\Mozilla
    2014-03-01 00:16 - 2014-03-01 00:16 - 00000224 _____ () C:\Windows\SysWOW64\idp2.cfg
    2014-02-28 23:43 - 2010-01-23 01:15 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-28 21:46 - 2011-07-18 15:05 - 00000000 ____D () C:\Users\Margaret\Documents\BillsBanks
    2014-02-28 20:41 - 2010-01-22 21:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-02-28 20:40 - 2014-03-04 19:27 - 00405504 __RSH () C:\Users\Margaret\Documents\315load32.exe
    2014-02-28 20:40 - 2014-03-03 19:27 - 00405504 __RSH () C:\ProgramData\load32.exe
    2014-02-28 17:54 - 2011-12-12 18:31 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\Dropbox
    2014-02-28 17:53 - 2011-12-12 18:33 - 00000000 ___RD () C:\Users\Margaret\Dropbox
    2014-02-28 17:52 - 2014-02-26 18:39 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-28 17:52 - 2014-02-26 18:39 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-74067127-2302894034-4154699051-1001
    2014-02-28 17:51 - 2010-01-23 01:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-28 17:51 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-23 15:50 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-02-23 15:45 - 2014-02-23 15:45 - 346804994 _____ () C:\registry_backup.reg
    2014-02-23 14:41 - 2014-03-02 00:16 - 00000000 ____D () C:\Users\Visitor\AppData\Roaming\Real
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Real
    2014-02-23 14:41 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Real
    2014-02-23 14:40 - 2014-02-23 14:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Real
    2014-02-21 01:38 - 2010-01-23 01:15 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-02-21 01:38 - 2010-01-23 01:15 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-02-17 18:39 - 2010-01-23 01:14 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-02-11 20:24 - 2014-02-11 20:08 - 00013328 _____ () C:\Users\Margaret\Documents\ListMichael.xlsx
    2014-02-11 17:51 - 2014-02-11 17:51 - 00051481 _____ () C:\Users\Margaret\Desktop\BusinessDevelopmentList.xlsx
    2014-02-07 11:52 - 2014-02-07 11:52 - 00019012 _____ () C:\Users\Margaret\Documents\Report_-_P60_Plain_for_13725V.zip
    2014-02-04 19:09 - 2014-03-01 19:43 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-02-04 18:50 - 2013-09-09 21:59 - 00000000 ____D () C:\Users\Margaret\AppData\Local\AVG Secure Search
    2014-02-03 21:15 - 2013-09-09 21:59 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search

    Files to move or delete:
    ====================
    C:\ProgramData\load32.exe
    C:\ProgramData\load32.vbs
    C:\ProgramData\NTKernel
    C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
    C:\NTKernel


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-21 14:05

    ==================== End Of Log ============================






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users