Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Bloodhound found


  • This topic is locked This topic is locked
24 replies to this topic

#1 Aliselle

Aliselle

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 02 March 2014 - 04:27 PM

Hi there,

Ive been trying to help my friend with her infected computer, so please bare with me as i live elsewhere. 

 

She is running Windows xp Home Edition. Service pack 3.

There was a period where she had no anti virus and windows firewall was not enabled and then she installed a paid version of Norton Anti virus, ran it and found 2 Trojan Viruses, one being Trojan Bloodhound and another Trojan with Java in its title.

She then ran Malware bytes which found 4 pup viruses.

There are 2 entries of Internet Explorer with 2 different spellings, not sure if this is relevant.

Her pc, surprisingly, hasnt become sluggish but on clicking My Docunents, Pictures etc there is no response, they just dont open and has problems with varies tasks on her pc ie accessing the internet results in her pc hanging more and more.

She also found an empty folder some somewhere called sweet... something. i have a feeling this has to do with a current virus?

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Lorraine Ross at 20:36:51 on 2014-03-02
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.2009.1243 [GMT 0:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.yahoo.com/?ilc=1
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\21.1.0.18\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2014.6.0.27\CoIEPlg.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2014.6.0.27\CoIEPlg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2014.6.0.27\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232369004558
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232369160230
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6086/mcfscan.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CB468689-3736-4BEC-A221-9674C8F7762C} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-2 28552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-2-10 107256]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1501000.012\SymDS.sys [2014-1-18 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1501000.012\SymEFA.sys [2014-1-18 935512]
R1 BHDrvx86;BHDrvx86;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\bashdefs\20140214.001\BHDrvx86.sys [2014-2-18 1098968]
R1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\nav\1501000.012\ccSetx86.sys [2014-1-18 127064]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7de06000.01b\ccSetx86.sys [2014-1-18 127064]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-10-28 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-2-10 155704]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-2-10 228888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1501000.012\Ironx86.sys [2014-1-18 206936]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\21.1.0.18\NAV.exe [2014-1-18 262288]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2014.6.0.27\NST.exe [2014-1-18 129424]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-2-10 1444120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-1-22 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\ipsdefs\20140228.001\IDSXpx86.sys [2014-3-1 383120]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-19 108032]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-19 84240]
R3 NAVENG;NAVENG;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\virusdefs\20140301.008\NAVENG.SYS [2014-3-2 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\virusdefs\20140301.008\NAVEX15.SYS [2014-3-2 1612376]
S1 MpKsl04f3dc0b;MpKsl04f3dc0b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9a02f99-d377-4e47-a070-ce42276f57f2}\mpksl04f3dc0b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9a02f99-d377-4e47-a070-ce42276f57f2}\MpKsl04f3dc0b.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ad3c2f05a774;Google Update Service (gupdate1c9ad3c2f05a774);c:\program files\google\update\GoogleUpdate.exe [2009-3-25 133104]
S2 HowToSimplified_8eService;HowToSimplifiedService;c:\progra~1\howtos~2\bar\1.bin\8ebarsvc.exe --> c:\progra~1\howtos~2\bar\1.bin\8ebarsvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 AlotService;ALOT Update Service;c:\documents and settings\lorraine ross\application data\alotservice\alotservice.exe [2012-10-22 255880]
.
=============== Created Last 30 ================
.
2014-03-01 03:22:31 877480 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-03-01 03:22:30 800168 ----a-w- c:\windows\system32\deployJava1.dll
2014-02-24 22:38:03 -------- d-----w- c:\documents and settings\lorraine ross\local settings\application data\NPE
2014-02-24 21:36:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-10 11:35:40 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-02-05 18:03:41 -------- d-----w- c:\documents and settings\lorraine ross\local settings\application data\IAC
.
==================== Find3M  ====================
.
2014-02-23 17:49:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 17:49:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
2014-01-18 23:31:50 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 20:46:50 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH: 20:37:53.26 ===============
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 19/01/2009 11:57:20
System Uptime: 02/03/2014 17:40:11 (3 hours ago)
.
Motherboard: CLEVO Co. |  | L390T
Processor: Intel Pentium III Xeon processor | U2E1 | 2261/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 79 GiB total, 48.849 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 93.694 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP980: 04/12/2013 18:13:29 - Software Distribution Service 3.0
RP981: 05/12/2013 18:14:51 - Software Distribution Service 3.0
RP982: 06/12/2013 18:36:24 - Software Distribution Service 3.0
RP983: 08/12/2013 16:26:04 - Software Distribution Service 3.0
RP984: 08/12/2013 19:18:16 - Software Distribution Service 3.0
RP985: 09/12/2013 18:37:59 - Software Distribution Service 3.0
RP986: 10/12/2013 18:51:43 - Software Distribution Service 3.0
RP987: 11/12/2013 15:19:53 - Installed Rapport
RP988: 11/12/2013 19:18:38 - Software Distribution Service 3.0
RP989: 12/12/2013 21:01:30 - Software Distribution Service 3.0
RP990: 12/12/2013 21:35:10 - Software Distribution Service 3.0
RP991: 12/12/2013 23:46:39 - Software Distribution Service 3.0
RP992: 13/12/2013 18:56:32 - Software Distribution Service 3.0
RP993: 13/12/2013 21:00:29 - Software Distribution Service 3.0
RP994: 14/12/2013 21:05:19 - Software Distribution Service 3.0
RP995: 15/12/2013 19:21:41 - Software Distribution Service 3.0
RP996: 16/12/2013 19:03:17 - Software Distribution Service 3.0
RP997: 17/12/2013 20:02:35 - Software Distribution Service 3.0
RP998: 18/12/2013 18:47:05 - Software Distribution Service 3.0
RP999: 19/12/2013 18:34:53 - Software Distribution Service 3.0
RP1000: 20/12/2013 19:03:40 - Software Distribution Service 3.0
RP1001: 21/12/2013 18:52:58 - Software Distribution Service 3.0
RP1002: 22/12/2013 19:06:37 - Software Distribution Service 3.0
RP1003: 23/12/2013 18:35:15 - Software Distribution Service 3.0
RP1004: 24/12/2013 18:50:21 - Software Distribution Service 3.0
RP1005: 25/12/2013 19:11:14 - System Checkpoint
RP1006: 25/12/2013 19:14:55 - Software Distribution Service 3.0
RP1007: 26/12/2013 19:28:13 - Software Distribution Service 3.0
RP1008: 27/12/2013 19:04:31 - Software Distribution Service 3.0
RP1009: 28/12/2013 19:09:06 - Software Distribution Service 3.0
RP1010: 30/12/2013 15:36:12 - Software Distribution Service 3.0
RP1011: 31/12/2013 16:44:43 - Software Distribution Service 3.0
RP1012: 01/01/2014 17:32:28 - System Checkpoint
RP1013: 01/01/2014 18:43:16 - Software Distribution Service 3.0
RP1014: 02/01/2014 21:24:09 - Software Distribution Service 3.0
RP1015: 03/01/2014 18:47:35 - Software Distribution Service 3.0
RP1016: 04/01/2014 23:40:58 - Software Distribution Service 3.0
RP1017: 06/01/2014 17:53:31 - Software Distribution Service 3.0
RP1018: 06/01/2014 18:59:15 - Software Distribution Service 3.0
RP1019: 08/01/2014 15:24:29 - Software Distribution Service 3.0
RP1020: 08/01/2014 18:56:40 - Software Distribution Service 3.0
RP1021: 09/01/2014 18:48:29 - Software Distribution Service 3.0
RP1022: 10/01/2014 18:52:29 - System Checkpoint
RP1023: 10/01/2014 19:03:48 - Software Distribution Service 3.0
RP1024: 11/01/2014 18:59:32 - Software Distribution Service 3.0
RP1025: 12/01/2014 18:33:54 - Software Distribution Service 3.0
RP1026: 18/01/2014 18:11:39 - Software Distribution Service 3.0
RP1027: 18/01/2014 18:41:04 - Software Distribution Service 3.0
RP1028: 18/01/2014 21:00:51 - Software Distribution Service 3.0
RP1029: 19/01/2014 00:26:54 - Removed Ask Toolbar.
RP1030: 22/01/2014 18:06:32 - System Checkpoint
RP1031: 25/01/2014 17:23:02 - Installed Rapport
RP1032: 29/01/2014 17:35:34 - System Checkpoint
RP1033: 30/01/2014 18:09:55 - System Checkpoint
RP1034: 05/02/2014 20:59:36 - System Checkpoint
RP1035: 06/02/2014 15:19:50 - Installed Rapport
RP1036: 13/02/2014 16:08:03 - System Checkpoint
RP1037: 15/02/2014 21:00:17 - Software Distribution Service 3.0
RP1038: 16/02/2014 21:31:46 - System Checkpoint
RP1039: 23/02/2014 20:55:52 - System Checkpoint
RP1040: 24/02/2014 19:05:46 - Installed Rapport
RP1041: 24/02/2014 21:35:51 - Installed Java 7 Update 51
RP1042: 24/02/2014 22:56:04 - Norton_Power_Eraser_20140224225559890
RP1043: 26/02/2014 16:03:53 - System Checkpoint
RP1044: 28/02/2014 11:34:15 - System Checkpoint
RP1045: 01/03/2014 03:21:54 - Revo Uninstaller's restore point - Java™ 6 Update 39
RP1046: 01/03/2014 03:22:19 - Removed Java™ 6 Update 35
RP1047: 02/03/2014 16:35:09 - System Checkpoint
.
==== Installed Programs ======================
.
Acronis True Image
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 8.1.4
Apple Application Support
Apple Software Update
ArcSoft MediaImpression
Ask Toolbar
Ask Toolbar Updater
Auslogics Disk Defrag
BisonCam
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CyberLink PowerDVD 8
Dragon NaturallySpeaking 10
DRIVER
ESET Online Scanner v3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HotKey_Driver
Intel® Graphics Media Accelerator Driver
Java 7 Update 51
Java Auto Updater
Java™ SE Runtime Environment 6 Update 1
JMicron JMB38X Flash Media Controller
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MindGenius Education
Motorola SM56 Data Fax Modem
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myibay eBay bid sniper 1.0.40
Nero 8 Essentials
neroxml
Norton AntiVirus
Norton Identity Safe
Olympus DSS Player
Panda ActiveScan 2.0
Picasa 3
Rapport
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB923789)
Segoe UI
Simple Adblock
TeamViewer 5
Trusteer Endpoint Protection
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Updater
VCRedistSetup
Video Converter Bundle
Visual C++ Runtime for Dragon NaturallySpeaking
Vodafone 804SS USB driver Software
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
26/02/2014 14:24:17, error: Service Control Manager [7023]  - The HID Input Service service terminated with the following error:  The specified module could not be found.
26/02/2014 14:24:17, error: Service Control Manager [7000]  - The HowToSimplifiedService service failed to start due to the following error:  The system cannot find the path specified.
24/02/2014 23:03:09, error: PlugPlayManager [11]  - The device Root\LEGACY_SMR410\0000 disappeared from the system without first being prepared for removal.
.
==== End Of File ===========================
 

 

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 02 March 2014 - 04:39 PM

Hello Aliselle,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

    1.

    Download AdwCleaner
    [list]

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

  • Once the scan has completed click Clean to clean your machine of anything it finds.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Aliselle

Aliselle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 05 March 2014 - 10:09 PM

Hi there fireman4it, 

 

Thanks very much for your assistance, its much appreciated and sorry for the delay in replying but I have only just returned to my friends pc today so thanks also for your patients.

Below are the log files you requested.

 

 

# AdwCleaner v3.020 - Report created 05/03/2014 at 21:03:32
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lorraine Ross - LORRAINE-99600
# Running from : D:\Documents and Settings\Lorraine Ross\My Documents\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : AlotService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Lorraine Ross\Application Data\alotappbar
Folder Deleted : C:\Documents and Settings\Lorraine Ross\Application Data\alotservice
Folder Deleted : C:\Documents and Settings\Lorraine Ross\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Maddy\Local Settings\Application Data\AskToolbar
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A531D99C-5A22-449B-83DA-872725C6D0ED}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\alot
Key Deleted : HKCU\Software\alotservice
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10438 octets] - [05/03/2014 21:00:19]
AdwCleaner[S0].txt - [10553 octets] - [05/03/2014 21:03:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10614 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2014 01
Ran by Lorraine Ross (administrator) on LORRAINE-99600 on 05-03-2014 22:11:51
Running from C:\Documents and Settings\Lorraine Ross\Local Settings\Temporary Internet Files\Content.IE5\5G402RD9
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Lorraine Ross\Local Settings\Temporary Internet Files\Content.IE5\5G402RD9\FRST[1].exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-583907252-1606980848-1801674531-1004\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-28] (Google Inc.)
Lsa: [Authentication Packages] msv1_0 relog_ap
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?ilc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Panda ActiveScan 2.0) - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-02-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-23]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2014-01-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2008-08-07] (Acronis)
R2 DM1Service; C:\Program Files\Olympus\DeviceDetector\DM1Service.exe [69632 2007-02-16] (OLYMPUS IMAGING CORP.)
S2 gupdate1c9ad3c2f05a774; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-25] (Google Inc.)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation)
S2 HowToSimplified_8eService; C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebarsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2014-01-10] (Symantec Corporation)
R3 Cam5607; C:\WINDOWS\System32\Drivers\BisonC07.sys [1069608 2008-03-31] (Bison Electronics. Inc. )
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-01-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-01-18] (Symantec Corporation)
R3 IDSxpx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140303.001\IDSxpx86.sys [383120 2014-01-22] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140305.001\NAVENG.SYS [93272 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140305.001\NAVEX15.SYS [1612376 2014-01-31] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-27] (Intel Corporation)
R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-28] ()
R3 SRTSP; C:\WINDOWS\system32\drivers\NAV\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-01-18] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\system32\drivers\NAV\1501000.012\SYMTDI.SYS [421592 2013-09-26] (Symantec Corporation)
R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2009-01-19] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2009-01-19] (Acronis)
S3 catchme; \??\C:\DOCUME~1\LORRAI~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 MpKsl04f3dc0b; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9A02F99-D377-4E47-A070-CE42276F57F2}\MpKsl04f3dc0b.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U3 TlntSvr; 
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 22:11 - 2014-03-05 22:11 - 00000000 ____D () C:\FRST
2014-03-05 21:17 - 2014-03-05 21:17 - 00010695 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\AdwCleaner[S0].txt
2014-03-05 21:00 - 2014-03-05 21:03 - 00000000 ____D () C:\AdwCleaner
2014-03-03 11:42 - 2014-03-03 11:42 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Ahead
2014-03-03 11:41 - 2014-03-03 11:41 - 00000803 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Internet Explorer.lnk
2014-03-03 11:41 - 2014-03-03 11:41 - 00000000 __SHD () C:\Documents and Settings\Maddy\IETldCache
2014-03-03 11:40 - 2014-03-03 11:41 - 00000738 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Outlook Express.lnk
2014-03-03 11:38 - 2014-03-03 11:43 - 00000178 ___SH () C:\Documents and Settings\Maddy\ntuser.ini
2014-03-03 11:38 - 2014-03-03 11:41 - 00000000 ___RD () C:\Documents and Settings\Maddy\Start Menu\Programs\Accessories
2014-03-03 11:38 - 2014-03-03 11:41 - 00000000 ____D () C:\Documents and Settings\Maddy
2014-03-03 11:38 - 2014-03-03 11:40 - 00000788 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Windows Media Player.lnk
2014-03-03 11:38 - 2011-10-25 19:16 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Trusteer
2014-03-03 11:38 - 2011-07-16 16:02 - 00000000 ____D () C:\Documents and Settings\Maddy\Application Data\Trusteer
2014-03-03 11:38 - 2009-10-13 20:15 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Microsoft Help
2014-03-03 11:38 - 2009-05-21 08:18 - 00000000 ____D () C:\Documents and Settings\Maddy\Application Data\Macromedia
2014-03-03 11:38 - 2009-01-19 11:55 - 00001599 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Remote Assistance.lnk
2014-03-02 20:37 - 2014-03-02 20:47 - 00019956 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\attach.txt
2014-03-02 20:37 - 2014-03-02 20:47 - 00012528 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\dds.txt
2014-03-02 20:17 - 2014-03-02 20:17 - 00688992 ____R (Swearware) C:\Documents and Settings\Lorraine Ross\Desktop\dds.com
2014-03-02 14:23 - 2014-03-02 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-03-01 03:22 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-03-01 03:22 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-02-24 22:57 - 2014-02-24 22:57 - 00001798 _____ () C:\Documents and Settings\All Users\Application Data\SMRResults410.dat
2014-02-24 22:38 - 2014-02-24 22:56 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\NPE
2014-02-24 21:36 - 2014-02-24 21:36 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-24 21:36 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-24 21:36 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-24 21:36 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-24 21:36 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-15 21:26 - 2014-02-15 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-15 21:06 - 2014-02-15 21:06 - 00013038 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-15 21:04 - 2014-02-15 21:05 - 00005579 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-15 12:09 - 2014-02-15 21:26 - 00016213 _____ () C:\WINDOWS\KB2916036.log
2014-02-10 11:35 - 2014-02-10 11:35 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 22:11 - 2014-03-05 22:11 - 00000000 ____D () C:\FRST
2014-03-05 22:07 - 2009-06-30 23:07 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 21:56 - 2009-06-30 23:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 21:56 - 2009-01-19 11:54 - 01410847 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-05 21:55 - 2009-01-19 12:36 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-03-05 21:55 - 2009-01-19 12:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-05 21:55 - 2009-01-19 12:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-05 21:54 - 2009-01-19 12:19 - 00000178 ___SH () C:\Documents and Settings\Lorraine Ross\ntuser.ini
2014-03-05 21:54 - 2009-01-19 12:18 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-05 21:54 - 2009-01-19 12:18 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross
2014-03-05 21:46 - 2012-07-30 15:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-05 21:17 - 2014-03-05 21:17 - 00010695 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\AdwCleaner[S0].txt
2014-03-05 21:03 - 2014-03-05 21:00 - 00000000 ____D () C:\AdwCleaner
2014-03-05 20:39 - 2009-11-19 14:36 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-05 16:09 - 2009-07-18 21:28 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{75F200BC-5D38-479C-BFC5-20D1DCED97CD}.job
2014-03-05 16:03 - 2008-04-14 12:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-03 11:43 - 2014-03-03 11:38 - 00000178 ___SH () C:\Documents and Settings\Maddy\ntuser.ini
2014-03-03 11:42 - 2014-03-03 11:42 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Ahead
2014-03-03 11:41 - 2014-03-03 11:41 - 00000803 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Internet Explorer.lnk
2014-03-03 11:41 - 2014-03-03 11:41 - 00000000 __SHD () C:\Documents and Settings\Maddy\IETldCache
2014-03-03 11:41 - 2014-03-03 11:40 - 00000738 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Outlook Express.lnk
2014-03-03 11:41 - 2014-03-03 11:38 - 00000000 ___RD () C:\Documents and Settings\Maddy\Start Menu\Programs\Accessories
2014-03-03 11:41 - 2014-03-03 11:38 - 00000000 ____D () C:\Documents and Settings\Maddy
2014-03-03 11:40 - 2014-03-03 11:38 - 00000788 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Windows Media Player.lnk
2014-03-02 20:47 - 2014-03-02 20:37 - 00019956 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\attach.txt
2014-03-02 20:47 - 2014-03-02 20:37 - 00012528 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\dds.txt
2014-03-02 20:17 - 2014-03-02 20:17 - 00688992 ____R (Swearware) C:\Documents and Settings\Lorraine Ross\Desktop\dds.com
2014-03-02 14:23 - 2014-03-02 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-03-02 14:23 - 2011-07-16 18:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2014-03-02 14:23 - 2009-03-25 11:23 - 00000000 ____D () C:\Program Files\Google
2014-03-01 21:30 - 2013-10-27 10:12 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Unity
2014-03-01 21:26 - 2009-08-14 14:33 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Application Data\uTorrent
2014-03-01 16:04 - 2014-01-18 22:47 - 00000000 ____D () C:\Avenger
2014-03-01 16:04 - 2013-10-20 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-03-01 03:22 - 2009-01-19 12:40 - 00000000 ____D () C:\Program Files\Java
2014-02-28 21:44 - 2009-11-29 18:23 - 00000000 ____D () C:\Documents and Settings\m and e
2014-02-28 21:08 - 2012-12-12 21:04 - 00132805 _____ () C:\WINDOWS\setupapi.log
2014-02-28 21:08 - 2012-12-12 21:04 - 00000232 _____ () C:\WINDOWS\setupact.log
2014-02-28 17:40 - 2011-07-16 20:37 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-24 22:57 - 2014-02-24 22:57 - 00001798 _____ () C:\Documents and Settings\All Users\Application Data\SMRResults410.dat
2014-02-24 22:56 - 2014-02-24 22:38 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\NPE
2014-02-24 22:56 - 2009-01-19 12:31 - 00000327 __RSH () C:\boot.ini
2014-02-24 22:38 - 2014-01-18 22:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-02-24 21:36 - 2014-02-24 21:36 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-24 19:06 - 2013-10-20 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-02-23 17:49 - 2012-07-30 15:34 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-23 17:49 - 2011-07-15 22:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-16 10:02 - 2009-01-19 12:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-15 21:26 - 2014-02-15 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-15 21:26 - 2014-02-15 12:09 - 00016213 _____ () C:\WINDOWS\KB2916036.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00358613 _____ () C:\WINDOWS\FaxSetup.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00171448 _____ () C:\WINDOWS\ocgen.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00136823 _____ () C:\WINDOWS\tsoc.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00118805 _____ () C:\WINDOWS\comsetup.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00072038 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00058479 _____ () C:\WINDOWS\iis6.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00019836 _____ () C:\WINDOWS\ocmsn.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00017922 _____ () C:\WINDOWS\msgsocm.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-15 21:26 - 2012-12-12 21:03 - 00038515 _____ () C:\WINDOWS\updspapi.log
2014-02-15 21:20 - 2009-01-19 12:33 - 00598990 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-15 21:14 - 2013-10-20 15:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-15 21:11 - 2009-01-19 13:09 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-15 21:06 - 2014-02-15 21:06 - 00013038 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-15 21:06 - 2012-12-12 21:04 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-15 21:06 - 2009-07-14 22:47 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-15 21:05 - 2014-02-15 21:04 - 00005579 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-10 11:35 - 2014-02-10 11:35 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-02-06 03:54 - 2008-04-14 12:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2008-04-14 12:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 23:26 - 2012-07-29 19:46 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 23:26 - 2010-06-15 15:33 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 23:26 - 2009-07-14 22:47 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 23:26 - 2009-07-14 22:47 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 23:26 - 2009-01-19 11:54 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 23:26 - 2008-04-14 12:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 23:26 - 2008-04-14 12:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 23:26 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 23:26 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 23:26 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 23:26 - 2007-08-13 18:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 22:24 - 2008-04-14 12:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
 
Some content of TEMP:
====================
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ApnStub.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\DataCard_Setup.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flashplayer11x32_aih.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flash_player_32bit.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ResetDevice.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{0955101F-01E3-48D6-8565-105624A22410}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{19A963E3-2F06-4A8E-B684-A39CCBC0824D}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2E8EF830-CBBA-491B-B4B1-686262CDCCE8}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2FE46D34-66C0-4E72-B591-001B91101E8A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{75EC1C62-15D5-4D26-9838-C7FE4E94F935}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{86A6DA24-65BA-42AA-B0B8-A5EBB47EC434}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{9CAD1B74-A57E-4E19-9B19-47E7B56F2043}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{B5C38DCF-0A58-4AA5-849E-F3F0C02A050A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\speedupmypc.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbedrs.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbGam2.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\TB_6.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\{69CEE058-A70B-498B-858C-4417A76F07A0}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2014 01
Ran by Lorraine Ross (administrator) on LORRAINE-99600 on 05-03-2014 22:11:51
Running from C:\Documents and Settings\Lorraine Ross\Local Settings\Temporary Internet Files\Content.IE5\5G402RD9
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\Lorraine Ross\Local Settings\Temporary Internet Files\Content.IE5\5G402RD9\FRST[1].exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-583907252-1606980848-1801674531-1004\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-28] (Google Inc.)
Lsa: [Authentication Packages] msv1_0 relog_ap
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?ilc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Panda ActiveScan 2.0) - C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-02-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-23]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2014-01-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2008-08-07] (Acronis)
R2 DM1Service; C:\Program Files\Olympus\DeviceDetector\DM1Service.exe [69632 2007-02-16] (OLYMPUS IMAGING CORP.)
S2 gupdate1c9ad3c2f05a774; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-25] (Google Inc.)
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation)
S2 HowToSimplified_8eService; C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebarsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [1098968 2014-01-10] (Symantec Corporation)
R3 Cam5607; C:\WINDOWS\System32\Drivers\BisonC07.sys [1069608 2008-03-31] (Bison Electronics. Inc. )
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-01-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-01-18] (Symantec Corporation)
R3 IDSxpx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140303.001\IDSxpx86.sys [383120 2014-01-22] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140305.001\NAVENG.SYS [93272 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140305.001\NAVEX15.SYS [1612376 2014-01-31] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-27] (Intel Corporation)
R0 pavboot; C:\WINDOWS\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-28] ()
R3 SRTSP; C:\WINDOWS\system32\drivers\NAV\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-01-18] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\system32\drivers\NAV\1501000.012\SYMTDI.SYS [421592 2013-09-26] (Symantec Corporation)
R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2009-01-19] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2009-01-19] (Acronis)
S3 catchme; \??\C:\DOCUME~1\LORRAI~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S1 MpKsl04f3dc0b; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B9A02F99-D377-4E47-A070-CE42276F57F2}\MpKsl04f3dc0b.sys [X]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U3 TlntSvr; 
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 22:11 - 2014-03-05 22:11 - 00000000 ____D () C:\FRST
2014-03-05 21:17 - 2014-03-05 21:17 - 00010695 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\AdwCleaner[S0].txt
2014-03-05 21:00 - 2014-03-05 21:03 - 00000000 ____D () C:\AdwCleaner
2014-03-03 11:42 - 2014-03-03 11:42 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Ahead
2014-03-03 11:41 - 2014-03-03 11:41 - 00000803 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Internet Explorer.lnk
2014-03-03 11:41 - 2014-03-03 11:41 - 00000000 __SHD () C:\Documents and Settings\Maddy\IETldCache
2014-03-03 11:40 - 2014-03-03 11:41 - 00000738 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Outlook Express.lnk
2014-03-03 11:38 - 2014-03-03 11:43 - 00000178 ___SH () C:\Documents and Settings\Maddy\ntuser.ini
2014-03-03 11:38 - 2014-03-03 11:41 - 00000000 ___RD () C:\Documents and Settings\Maddy\Start Menu\Programs\Accessories
2014-03-03 11:38 - 2014-03-03 11:41 - 00000000 ____D () C:\Documents and Settings\Maddy
2014-03-03 11:38 - 2014-03-03 11:40 - 00000788 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Windows Media Player.lnk
2014-03-03 11:38 - 2011-10-25 19:16 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Trusteer
2014-03-03 11:38 - 2011-07-16 16:02 - 00000000 ____D () C:\Documents and Settings\Maddy\Application Data\Trusteer
2014-03-03 11:38 - 2009-10-13 20:15 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Microsoft Help
2014-03-03 11:38 - 2009-05-21 08:18 - 00000000 ____D () C:\Documents and Settings\Maddy\Application Data\Macromedia
2014-03-03 11:38 - 2009-01-19 11:55 - 00001599 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Remote Assistance.lnk
2014-03-02 20:37 - 2014-03-02 20:47 - 00019956 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\attach.txt
2014-03-02 20:37 - 2014-03-02 20:47 - 00012528 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\dds.txt
2014-03-02 20:17 - 2014-03-02 20:17 - 00688992 ____R (Swearware) C:\Documents and Settings\Lorraine Ross\Desktop\dds.com
2014-03-02 14:23 - 2014-03-02 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-03-01 03:22 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\WINDOWS\system32\npdeployJava1.dll
2014-03-01 03:22 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2014-02-24 22:57 - 2014-02-24 22:57 - 00001798 _____ () C:\Documents and Settings\All Users\Application Data\SMRResults410.dat
2014-02-24 22:38 - 2014-02-24 22:56 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\NPE
2014-02-24 21:36 - 2014-02-24 21:36 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-24 21:36 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-02-24 21:36 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-02-24 21:36 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-02-24 21:36 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-02-15 21:26 - 2014-02-15 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-15 21:06 - 2014-02-15 21:06 - 00013038 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-15 21:04 - 2014-02-15 21:05 - 00005579 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-15 12:09 - 2014-02-15 21:26 - 00016213 _____ () C:\WINDOWS\KB2916036.log
2014-02-10 11:35 - 2014-02-10 11:35 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 22:11 - 2014-03-05 22:11 - 00000000 ____D () C:\FRST
2014-03-05 22:07 - 2009-06-30 23:07 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 21:56 - 2009-06-30 23:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 21:56 - 2009-01-19 11:54 - 01410847 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-05 21:55 - 2009-01-19 12:36 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-03-05 21:55 - 2009-01-19 12:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-05 21:55 - 2009-01-19 12:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-05 21:54 - 2009-01-19 12:19 - 00000178 ___SH () C:\Documents and Settings\Lorraine Ross\ntuser.ini
2014-03-05 21:54 - 2009-01-19 12:18 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-05 21:54 - 2009-01-19 12:18 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross
2014-03-05 21:46 - 2012-07-30 15:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-05 21:17 - 2014-03-05 21:17 - 00010695 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\AdwCleaner[S0].txt
2014-03-05 21:03 - 2014-03-05 21:00 - 00000000 ____D () C:\AdwCleaner
2014-03-05 20:39 - 2009-11-19 14:36 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-05 16:09 - 2009-07-18 21:28 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{75F200BC-5D38-479C-BFC5-20D1DCED97CD}.job
2014-03-05 16:03 - 2008-04-14 12:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-03 11:43 - 2014-03-03 11:38 - 00000178 ___SH () C:\Documents and Settings\Maddy\ntuser.ini
2014-03-03 11:42 - 2014-03-03 11:42 - 00000000 ____D () C:\Documents and Settings\Maddy\Local Settings\Application Data\Ahead
2014-03-03 11:41 - 2014-03-03 11:41 - 00000803 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Internet Explorer.lnk
2014-03-03 11:41 - 2014-03-03 11:41 - 00000000 __SHD () C:\Documents and Settings\Maddy\IETldCache
2014-03-03 11:41 - 2014-03-03 11:40 - 00000738 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Outlook Express.lnk
2014-03-03 11:41 - 2014-03-03 11:38 - 00000000 ___RD () C:\Documents and Settings\Maddy\Start Menu\Programs\Accessories
2014-03-03 11:41 - 2014-03-03 11:38 - 00000000 ____D () C:\Documents and Settings\Maddy
2014-03-03 11:40 - 2014-03-03 11:38 - 00000788 _____ () C:\Documents and Settings\Maddy\Start Menu\Programs\Windows Media Player.lnk
2014-03-02 20:47 - 2014-03-02 20:37 - 00019956 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\attach.txt
2014-03-02 20:47 - 2014-03-02 20:37 - 00012528 _____ () C:\Documents and Settings\Lorraine Ross\Desktop\dds.txt
2014-03-02 20:17 - 2014-03-02 20:17 - 00688992 ____R (Swearware) C:\Documents and Settings\Lorraine Ross\Desktop\dds.com
2014-03-02 14:23 - 2014-03-02 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-03-02 14:23 - 2011-07-16 18:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2014-03-02 14:23 - 2009-03-25 11:23 - 00000000 ____D () C:\Program Files\Google
2014-03-01 21:30 - 2013-10-27 10:12 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\Unity
2014-03-01 21:26 - 2009-08-14 14:33 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Application Data\uTorrent
2014-03-01 16:04 - 2014-01-18 22:47 - 00000000 ____D () C:\Avenger
2014-03-01 16:04 - 2013-10-20 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-03-01 03:22 - 2009-01-19 12:40 - 00000000 ____D () C:\Program Files\Java
2014-02-28 21:44 - 2009-11-29 18:23 - 00000000 ____D () C:\Documents and Settings\m and e
2014-02-28 21:08 - 2012-12-12 21:04 - 00132805 _____ () C:\WINDOWS\setupapi.log
2014-02-28 21:08 - 2012-12-12 21:04 - 00000232 _____ () C:\WINDOWS\setupact.log
2014-02-28 17:40 - 2011-07-16 20:37 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-24 22:57 - 2014-02-24 22:57 - 00001798 _____ () C:\Documents and Settings\All Users\Application Data\SMRResults410.dat
2014-02-24 22:56 - 2014-02-24 22:38 - 00000000 ____D () C:\Documents and Settings\Lorraine Ross\Local Settings\Application Data\NPE
2014-02-24 22:56 - 2009-01-19 12:31 - 00000327 __RSH () C:\boot.ini
2014-02-24 22:38 - 2014-01-18 22:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-02-24 21:36 - 2014-02-24 21:36 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-02-24 19:06 - 2013-10-20 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-02-23 17:49 - 2012-07-30 15:34 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-23 17:49 - 2011-07-15 22:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-16 10:02 - 2009-01-19 12:53 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-15 21:26 - 2014-02-15 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-15 21:26 - 2014-02-15 12:09 - 00016213 _____ () C:\WINDOWS\KB2916036.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00358613 _____ () C:\WINDOWS\FaxSetup.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00171448 _____ () C:\WINDOWS\ocgen.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00136823 _____ () C:\WINDOWS\tsoc.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00118805 _____ () C:\WINDOWS\comsetup.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00072038 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00058479 _____ () C:\WINDOWS\iis6.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00019836 _____ () C:\WINDOWS\ocmsn.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00017922 _____ () C:\WINDOWS\msgsocm.log
2014-02-15 21:26 - 2012-12-12 21:04 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-15 21:26 - 2012-12-12 21:03 - 00038515 _____ () C:\WINDOWS\updspapi.log
2014-02-15 21:20 - 2009-01-19 12:33 - 00598990 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-15 21:14 - 2013-10-20 15:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-15 21:11 - 2009-01-19 13:09 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-15 21:06 - 2014-02-15 21:06 - 00013038 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-15 21:06 - 2012-12-12 21:04 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-15 21:06 - 2009-07-14 22:47 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-15 21:05 - 2014-02-15 21:04 - 00005579 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-10 11:35 - 2014-02-10 11:35 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-02-06 03:54 - 2008-04-14 12:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2008-04-14 12:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 23:26 - 2012-07-29 19:46 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 23:26 - 2010-06-15 15:33 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 23:26 - 2009-07-14 22:47 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 23:26 - 2009-07-14 22:47 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 23:26 - 2009-01-19 13:11 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 23:26 - 2009-01-19 11:54 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 23:26 - 2008-04-14 12:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 23:26 - 2008-04-14 12:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 23:26 - 2008-04-14 12:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 23:26 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 23:26 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 23:26 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 23:26 - 2007-08-13 18:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 22:24 - 2008-04-14 12:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
 
Some content of TEMP:
====================
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ApnStub.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\DataCard_Setup.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flashplayer11x32_aih.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flash_player_32bit.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ResetDevice.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{0955101F-01E3-48D6-8565-105624A22410}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{19A963E3-2F06-4A8E-B684-A39CCBC0824D}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2E8EF830-CBBA-491B-B4B1-686262CDCCE8}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2FE46D34-66C0-4E72-B591-001B91101E8A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{75EC1C62-15D5-4D26-9838-C7FE4E94F935}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{86A6DA24-65BA-42AA-B0B8-A5EBB47EC434}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{9CAD1B74-A57E-4E19-9B19-47E7B56F2043}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{B5C38DCF-0A58-4AA5-849E-F3F0C02A050A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\speedupmypc.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbedrs.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbGam2.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\TB_6.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\{69CEE058-A70B-498B-858C-4417A76F07A0}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 05 March 2014 - 10:59 PM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   3.27KB   12 downloads

 

 

2.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Aliselle

Aliselle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 06 March 2014 - 04:03 AM

Hi there, 

I clicked on fixlist.txt to download (friend always uses IE but was struggling to get on the net through there so used Chrome which I'm not used to) expecting to, at some point, be given the option of where to download but went straight to her Downloads folder, getting a bit confused now but think it was just the 1 .txt file there, checked the desktop and same file was also there plus 1 other file which was named something very similar to the file/program FRST/FRST64 but was definitely not the fore mentioned and was also a .txt file.

I changed Chromes settings to download, by default, to her desktop, deleted the file/.txt that went to her downloads and the 2 .txt files on her desktop that had been produced by clicking your link, restarted and tried the process afresh thinking that it first went wrong because of the download destination thing.

2 files were produced, but both were .txt files so did nothing further.

 

After clicking your link for Malwarebytes Anti-Rootkit the file type that downloaded was a .exe file and not a zip file, to be honest it looked fine and also thought about going in through her copy Malwarebytes and downloading the Anti-Rootkit that way but as we're asked not to do any more fixes etc ourselves I would rather your input first before next step.

 

Thanks again for your invaluable help.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 06 March 2014 - 01:25 PM

As long as the fixlist.txt is on the desktop with FRST just follow my directions for running the fix. Go ahead and just run the MBAR exe to run the program.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Aliselle

Aliselle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 07 March 2014 - 03:13 AM

Hi there,

Long story short, Ran MBytes Anti-Rootkit successfully, It found nothing, did produce 2 logs which I tried to post numerous times but when one copied to post ok, the second would replace the first, tried posting in the other box but copying and pasting the files as norm just wouldnt work, ie i couldnt get even 1 log on.

FRST has never been produced by clicking fixlist.txt 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 07 March 2014 - 01:28 PM

You download the fixlist.txt to your desktop. Then you run FRST and click the Fix button. This will produce a fixlog.txt on your desktop. Post that log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Aliselle

Aliselle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 09 March 2014 - 02:17 PM

 Hi there my name is Lorrs and as Alisell cant get to my pc at the moment she has asked me to post this log. She asked me to tell you that she discovered that when we pressed the fixlist.txt we did get a fixlist.txt log file but FRST was being downloaded to the temp file, running itself and producing the log that way, as you said FRST  had to be run from the same location as fixlist.txt the log may or may not be correct. 

Thanks very much for your help.

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 HowToSimplified_8eService; C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebarsvc.exe [X]
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ApnStub.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\DataCard_Setup.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flashplayer11x32_aih.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flash_player_32bit.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ResetDevice.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{0955101F-01E3-48D6-8565-105624A22410}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{19A963E3-2F06-4A8E-B684-A39CCBC0824D}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2E8EF830-CBBA-491B-B4B1-686262CDCCE8}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2FE46D34-66C0-4E72-B591-001B91101E8A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{75EC1C62-15D5-4D26-9838-C7FE4E94F935}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{86A6DA24-65BA-42AA-B0B8-A5EBB47EC434}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{9CAD1B74-A57E-4E19-9B19-47E7B56F2043}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{B5C38DCF-0A58-4AA5-849E-F3F0C02A050A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\speedupmypc.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbedrs.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbGam2.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\TB_6.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\{69CEE058-A70B-498B-858C-4417A76F07A0}-GoogleUpdateSetup.exe


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 09 March 2014 - 06:11 PM

You don.t press the fixlist.txt.

 

 

Make sure that FRST and fixlist.txt are in the same location as each other. It doesn't matter where just the same location.

The run FRST and click the fix button. It will then produce a log named fixlog.txt {notice the name change from fixlist.txt to fixlog.txt}.  The fixlog.txt will be in the same location as FRST is located. I need the fixlog.txt.


Edited by fireman4it, 09 March 2014 - 06:12 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Aliselle

Aliselle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 11 March 2014 - 04:21 PM

Hi there,
Below, i hope, is the log file you asked for.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2014
Ran by Lorraine Ross at 2014-03-11 21:08:57 Run:1
Running from C:\Documents and Settings\Lorraine Ross\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 HowToSimplified_8eService; C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebarsvc.exe [X]
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ApnStub.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\DataCard_Setup.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flashplayer11x32_aih.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flash_player_32bit.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ResetDevice.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{0955101F-01E3-48D6-8565-105624A22410}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{19A963E3-2F06-4A8E-B684-A39CCBC0824D}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2E8EF830-CBBA-491B-B4B1-686262CDCCE8}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2FE46D34-66C0-4E72-B591-001B91101E8A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{75EC1C62-15D5-4D26-9838-C7FE4E94F935}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{86A6DA24-65BA-42AA-B0B8-A5EBB47EC434}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{9CAD1B74-A57E-4E19-9B19-47E7B56F2043}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{B5C38DCF-0A58-4AA5-849E-F3F0C02A050A}.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\speedupmypc.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbedrs.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbGam2.dll
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\TB_6.exe
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\{69CEE058-A70B-498B-858C-4417A76F07A0}-GoogleUpdateSetup.exe
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} => Value deleted successfully.
HKCR\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HowToSimplified_8eService => Service deleted successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ApnStub.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\contentDATs.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\DataCard_Setup.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flashplayer11x32_aih.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\install_flash_player_32bit.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\mssinstaller.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\ResetDevice.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\SecurityScan_Release.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{0955101F-01E3-48D6-8565-105624A22410}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{19A963E3-2F06-4A8E-B684-A39CCBC0824D}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2E8EF830-CBBA-491B-B4B1-686262CDCCE8}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{2FE46D34-66C0-4E72-B591-001B91101E8A}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{75EC1C62-15D5-4D26-9838-C7FE4E94F935}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{86A6DA24-65BA-42AA-B0B8-A5EBB47EC434}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{9CAD1B74-A57E-4E19-9B19-47E7B56F2043}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\setup{B5C38DCF-0A58-4AA5-849E-F3F0C02A050A}.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\speedupmypc.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbedrs.dll => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\tbGam2.dll => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\TB_6.exe => Moved successfully.
C:\Documents and Settings\Lorraine Ross\Local Settings\temp\{69CEE058-A70B-498B-858C-4417A76F07A0}-GoogleUpdateSetup.exe => Moved successfully.
 
==== End of Fixlog ====


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 11 March 2014 - 05:48 PM

 

Hi there,
Below, i hope, is the log file you asked for.

Yes it is. Great job!

 

We will run a couple other scanners to make sure nothing is left on the machine.

 

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
 

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

 

 

Things to include in your next reply::

JRT.txt

Eset log

How is the machine running now?


Edited by fireman4it, 11 March 2014 - 05:48 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 13 March 2014 - 10:27 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Aliselle

Aliselle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 14 March 2014 - 01:15 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Lorraine Ross on 14/03/2014 at 15:29:48.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Hi there, below are the logs you requested.
Since we last spoke to you my friend was using her pc and had left it for a while and from her other room heard the xp "start/shutdown" noise so she came back to her pc and it had restarted itself and there was a message box, bottom right of screen, which read words to the effect "explorer had to apply an urgent update and restart because of a security risk." 
I hope this helps and sorry for the delay in replying, but its the first chance live had to get back to the infected pc.
 
 
Successfully deleted: [Folder] "C:\Program Files\alot"
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Lorraine Ross on 14/03/2014 at 15:29:48.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\alot"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/03/2014 at 15:39:23.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1956070bb43d3e4fa13dd01ba8d8a910
# engine=16973
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-07 12:12:28
# local_time=2014-02-07 12:12:28 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774142 0 2 80966494 80966494 0 0
# compatibility_mode=3590 16777213 100 87 660797 210721334 0 0
# scanned=140603
# found=1
# cleaned=1
# scan_time=4949
sh=83F567786A9532433B832E0A7CCBCCDDD418D481 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Lorraine Ross\Local Settings\temp\jar_cache7893769829489587293.tmp"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1956070bb43d3e4fa13dd01ba8d8a910
# engine=17452
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-14 05:03:53
# local_time=2014-03-14 05:03:53 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774142 0 2 84051179 84051179 0 0
# compatibility_mode=3590 16777213 100 87 3749082 213806019 0 0
# scanned=145920
# found=11
# cleaned=11
# scan_time=4394
sh=A27B03D2E1D305A1017B1D5754F071F198A2EBCD ft=1 fh=78bfc2ccb09796ad vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\All Users\Application Data\Updater\Uninstall.exe"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Game_Master_2.1\hk64tbGam2.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Game_Master_2.1\hktbGam2.dll"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Game_Master_2.1\ldrtbGam0.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Game_Master_2.1\ldrtbGam2.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Game_Master_2.1\tbGam0.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Game_Master_2.1\tbGam2.dll"
sh=AADF0D01571CDF323227B5C5880B76F5AD026A35 ft=1 fh=c356f278a69be97c vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Lorraine Ross\Local Settings\temp\ApnStub.exe.xBAD"
sh=5954E4AFC6E23EBF0F660ABA0EF5DDC40751160D ft=1 fh=a82d1e1f094a024a vn="Win32/SpeedUpMyPC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Lorraine Ross\Local Settings\temp\speedupmypc.exe.xBAD"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Lorraine Ross\Local Settings\temp\tbedrs.dll.xBAD"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Lorraine Ross\Local Settings\temp\tbGam2.dll.xBAD"


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:24 PM

Posted 15 March 2014 - 12:36 PM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users