Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons of com surrogate processes, slowing computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 compcrewnpt

compcrewnpt

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 17 March 2014 - 07:40 PM

I am working on an Inspiron N7110 that is reportedly "slow". Right away I see many com surrogate, dllhost.exe, processes eating up RAM. I can control the processes by renaming appdata\roaming\syocibo which contains one file named afusor.exe. I need help cleaning this out of the registry, system, etc.

 

Windows 7 Home Premium Version 6.1(Build 7601: Service Pack 1) 64-bit, 4GB RAM.

 

Thank you for your time!

 

p.s. The post shows an edit that I forgot to undo _syocibo instead of syocibo.

 

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Nancy Oliveira at 20:14:28 on 2014-03-17
.
============== Running Processes ================
.
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Netscape Update] regsvr32.exe "C:\Users\Nancy Oliveira\AppData\Local\Netscape\PNGIO.dll"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E966720D-4969-4FDF-9E34-98BD70CDF0B1} : DHCPNameServer = 13.37.0.1 13.37.0.2 13.37.0.3
TCP: Interfaces\{F7E5A52C-AD76-4AFA-926A-F26C3E557FE9} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DellDigitalDelivery;Dell Digital Delivery Service
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? Impcd;Impcd
R? McShield;McAfee McShield
R? mferkdet;McAfee Inc. mferkdet
R? MyWiFiDHCPDNS;Wireless PAN DHCP Server
R? RoxMediaDB12OEM;RoxMediaDB12OEM
R? RoxWatch12;Roxio Hard Drive Watcher 12
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? SkypeUpdate;Skype Updater
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
S? AERTFilters;Andrea RT Filters Service
S? Bluetooth Device Monitor;Bluetooth Device Monitor
S? Bluetooth Media Service;Bluetooth Media Service
S? Bluetooth OBEX Service;Bluetooth OBEX Service
S? btmaux;Intel Bluetooth Auxiliary Service
S? btmhsf;btmhsf
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? cvhsvc;Client Virtualization Handler
S? iBtFltCoex;iBtFltCoex
S? IntcDAud;Intel® Display Audio
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
S? PxHlpa64;PxHlpa64
S? RTL8167;Realtek 8167 NT Driver
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? SftService;SoftThinks Agent Service
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? UNS;Intel® Management and Security Application User Notification Service
.
=============== Created Last 30 ================
.
2014-03-18 00:00:35    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{370E22C0-E8FC-41EE-BABE-B0C50A12D27B}\offreg.dll
2014-03-17 02:48:49    10536864    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{370E22C0-E8FC-41EE-BABE-B0C50A12D27B}\mpengine.dll
2014-03-17 02:18:15    --------    d-----w-    C:\Program Files\CCleaner
2014-03-12 01:35:48    --------    d-----w-    C:\Users\Nancy Oliveira\AppData\Roaming\Malwarebytes
2014-03-12 01:35:37    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-03-12 01:35:36    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-12 01:35:35    --------    d-----w-    C:\Users\Nancy Oliveira\AppData\Local\Programs
2014-03-11 17:28:59    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-11 17:27:13    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-11 17:27:12    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-11 17:27:12    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-11 17:27:10    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-11 17:27:08    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-11 17:27:08    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-11 17:26:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-11 17:26:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-11 17:15:41    --------    d-----w-    C:\Users\Nancy Oliveira\Abong Tools
2014-03-05 01:37:39    --------    d-----w-    C:\Users\Nancy Oliveira\AppData\Roaming\_Syocibo
2014-02-26 03:09:06    --------    d-----w-    C:\Windows\Migration
.
==================== Find3M ====================
.
2014-03-17 02:45:19    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-17 02:45:19    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-03 17:20:54    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 20:14:59.57 ===============

Attached Files


Edited by compcrewnpt, 17 March 2014 - 07:53 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 18 March 2014 - 03:55 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 compcrewnpt

compcrewnpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 18 March 2014 - 08:12 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nancy Oliveira (administrator) on NANCYOLIVEIRA on 18-03-2014 21:09:17
Running from C:\Users\Nancy Oliveira\Desktop\frst64
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-16] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10222080 2010-12-14] (Intel Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2865782947-482093064-272482056-1001\...\Run: [Netscape Update] - regsvr32.exe "C:\Users\Nancy Oliveira\AppData\Local\Netscape\PNGIO.dll"
HKU\S-1-5-21-2865782947-482093064-272482056-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\NANCYO~1\AppData\Local\Temp\sxumhtf\strplcf\wow.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {DDA106D0-EA42-4C6F-89AB-4C533ECC1187} URL = 
SearchScopes: HKCU - {DDA106D0-EA42-4C6F-89AB-4C533ECC1187} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Nancy Oliveira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\Nancy Oliveira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]
 
==================== Services (Whitelisted) =================
 
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-16] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-18 21:08 - 2014-03-18 21:09 - 00000000 ____D () C:\Users\Nancy Oliveira\Desktop\frst64
2014-03-18 21:08 - 2014-03-18 21:09 - 00000000 ____D () C:\FRST
2014-03-17 20:16 - 2014-03-17 20:16 - 00001198 _____ () C:\Users\Nancy Oliveira\Desktop\attach.zip
2014-03-17 20:15 - 2014-03-17 20:14 - 00012762 _____ () C:\Users\Nancy Oliveira\Desktop\dds.txt
2014-03-17 20:15 - 2014-03-17 20:14 - 00002619 _____ () C:\Users\Nancy Oliveira\Desktop\attach.txt
2014-03-17 20:13 - 2014-03-18 00:12 - 00688992 ____R (Swearware) C:\Users\Nancy Oliveira\Desktop\dds.com
2014-03-17 03:26 - 2014-03-18 21:07 - 00001758 _____ () C:\Windows\setupact.log
2014-03-17 03:26 - 2014-03-17 03:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 22:18 - 2014-03-16 22:18 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 22:18 - 2014-03-16 22:18 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-16 22:18 - 2014-03-16 22:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-14 23:21 - 2014-03-14 23:21 - 00003288 ____N () C:\bootsqm.dat
2014-03-11 21:35 - 2014-03-16 21:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Roaming\Malwarebytes
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 13:29 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 13:29 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 13:29 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 13:29 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 13:29 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 13:29 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 13:29 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 13:29 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 13:29 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 13:29 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 13:29 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 13:29 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 13:29 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 13:28 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 13:28 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 13:28 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 13:28 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 13:28 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 13:28 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 13:28 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 13:28 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 13:28 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 13:28 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 13:28 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 13:28 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 13:28 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 13:28 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 13:28 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 13:28 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 13:28 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 13:28 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 13:28 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 13:28 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 13:28 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 13:28 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 13:28 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 13:28 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 13:28 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 13:28 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 13:28 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 13:27 - 2014-03-11 13:27 - 00037424 _____ () C:\RPSetup.exe.log
2014-03-11 13:27 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 13:27 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 13:27 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 13:27 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 13:27 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 13:27 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 13:26 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 13:26 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 13:15 - 2014-03-16 23:13 - 00000000 ____D () C:\Users\Nancy Oliveira\Abong Tools
2014-03-04 21:37 - 2014-03-17 20:00 - 00000856 _____ () C:\Windows\Tasks\Security Center Update - 1340720814.job
2014-03-04 21:37 - 2014-03-16 21:10 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo
2014-03-04 21:37 - 2014-03-04 21:37 - 00003882 _____ () C:\Windows\System32\Tasks\Security Center Update - 1340720814
 
==================== One Month Modified Files and Folders =======
 
2014-03-18 21:09 - 2014-03-18 21:08 - 00000000 ____D () C:\Users\Nancy Oliveira\Desktop\frst64
2014-03-18 21:09 - 2014-03-18 21:08 - 00000000 ____D () C:\FRST
2014-03-18 21:09 - 2011-09-08 09:04 - 01937858 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 21:07 - 2014-03-17 03:26 - 00001758 _____ () C:\Windows\setupact.log
2014-03-18 21:05 - 2013-08-01 16:17 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Local\Netscape
2014-03-18 21:04 - 2013-11-28 19:31 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 21:04 - 2011-09-08 07:38 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-18 21:04 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 00:12 - 2014-03-17 20:13 - 00688992 ____R (Swearware) C:\Users\Nancy Oliveira\Desktop\dds.com
2014-03-17 20:54 - 2013-11-28 19:31 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 20:47 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 20:47 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-17 20:46 - 2013-11-28 19:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 20:16 - 2014-03-17 20:16 - 00001198 _____ () C:\Users\Nancy Oliveira\Desktop\attach.zip
2014-03-17 20:14 - 2014-03-17 20:15 - 00012762 _____ () C:\Users\Nancy Oliveira\Desktop\dds.txt
2014-03-17 20:14 - 2014-03-17 20:15 - 00002619 _____ () C:\Users\Nancy Oliveira\Desktop\attach.txt
2014-03-17 20:00 - 2014-03-04 21:37 - 00000856 _____ () C:\Windows\Tasks\Security Center Update - 1340720814.job
2014-03-17 19:58 - 2013-06-01 17:16 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-17 19:52 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 03:26 - 2014-03-17 03:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 03:25 - 2009-07-14 00:45 - 00322280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 23:13 - 2014-03-11 13:15 - 00000000 ____D () C:\Users\Nancy Oliveira\Abong Tools
2014-03-16 23:08 - 2011-12-25 10:40 - 00000000 ____D () C:\Users\Nancy Oliveira
2014-03-16 23:01 - 2013-11-28 19:33 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 22:45 - 2013-11-28 19:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 22:45 - 2013-11-28 19:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-16 22:45 - 2011-09-08 07:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 22:40 - 2013-06-01 17:16 - 00004016 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-16 22:30 - 2011-09-08 08:01 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-16 22:30 - 2011-09-08 07:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-16 22:30 - 2011-09-08 07:55 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-16 22:18 - 2014-03-16 22:18 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 22:18 - 2014-03-16 22:18 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-16 22:18 - 2014-03-16 22:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 21:10 - 2014-03-04 21:37 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo
2014-03-16 21:10 - 2013-11-28 19:30 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-16 21:10 - 2013-03-17 09:06 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Roaming\SoftGrid Client
2014-03-16 21:10 - 2011-09-08 07:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-16 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-16 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-16 21:09 - 2013-11-28 19:31 - 00000000 ____D () C:\Program Files\Google
2014-03-16 21:09 - 2013-11-28 19:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-16 21:09 - 2011-12-25 16:31 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-03-16 21:09 - 2011-09-08 07:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 21:09 - 2011-09-08 07:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-16 21:08 - 2014-03-11 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 21:05 - 2010-11-21 03:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-16 21:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-16 20:51 - 2013-11-28 19:31 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Local\Google
2014-03-16 20:51 - 2011-09-08 07:41 - 00000000 ____D () C:\ProgramData\Skype
2014-03-16 20:51 - 2011-09-08 07:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-14 23:21 - 2014-03-14 23:21 - 00003288 ____N () C:\bootsqm.dat
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Roaming\Malwarebytes
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 20:58 - 2011-02-10 10:02 - 00000000 ____D () C:\Windows\panther
2014-03-11 13:27 - 2014-03-11 13:27 - 00037424 _____ () C:\RPSetup.exe.log
2014-03-11 13:22 - 2011-09-08 07:41 - 00000000 ____D () C:\ProgramData\Cozi
2014-03-11 12:07 - 2011-09-08 08:07 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-11 12:07 - 2011-09-08 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-04 21:37 - 2014-03-04 21:37 - 00003882 _____ () C:\Windows\System32\Tasks\Security Center Update - 1340720814
2014-03-01 02:05 - 2014-03-11 13:28 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-11 13:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-11 13:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-11 13:29 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-11 13:28 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-11 13:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-11 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-11 13:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-11 13:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-11 13:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-11 13:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-11 13:28 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-11 13:29 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-11 13:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-11 13:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-11 13:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-11 13:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-11 13:28 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-11 13:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-11 13:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-11 13:29 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-11 13:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:43 - 2014-03-11 13:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:42 - 2014-03-11 13:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-11 13:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-11 13:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-11 13:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-11 13:28 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-11 13:28 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-11 13:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-11 13:28 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-11 13:28 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-11 13:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-11 13:29 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-11 13:28 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-11 13:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-11 13:28 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-11 13:29 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-11 13:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-11 13:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 23:48 - 2011-02-10 12:10 - 00776038 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 17:30 - 2013-06-01 17:16 - 00000000 ____D () C:\Program Files\My Dell
2014-02-20 17:30 - 2012-02-12 12:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-19 20:49 - 2013-11-28 19:31 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 20:49 - 2013-11-28 19:31 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 21:24 - 2009-07-14 01:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2865782947-482093064-272482056-1001\$792f41990b73e2f47b46706eb422a6b8
 
Files to move or delete:
====================
C:\Users\Nancy Oliveira\3151429.exe
C:\Users\Nancy Oliveira\wgsdgsdgdsgsd.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 16:46
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nancy Oliveira at 2014-03-18 21:09:58
Running from C:\Users\Nancy Oliveira\Desktop\frst64
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.13.1.0 - Ask.com) <==== ATTENTION
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{0EEBAFB5-CB0F-4E1A-A33F-4ECAF15CE2F9}) (Version: 1.5.1249.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}) (Version: 1.0.1.0489 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{451A5ECC-C9A5-4944-B28D-23656C9E03D0}) (Version: 14.1.2000 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
11-03-2014 20:29:23 Removed Java™ 6 Update 24 (64-bit)
12-03-2014 00:44:28 Removed Java™ 6 Update 30
15-03-2014 02:20:32 Removed TrustedID
17-03-2014 00:44:32 Restore Operation
17-03-2014 02:18:45 Windows Update
17-03-2014 02:22:45 Removed Java™ 6 Update 30
17-03-2014 02:23:38 Removed Java™ 6 Update 24 (64-bit)
17-03-2014 02:25:04 Removed TrustedID
17-03-2014 02:36:02 Removed Cozi
17-03-2014 07:00:33 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1F18CDED-2AA8-4F8D-8A07-FFE91F29DDD0} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {251719CC-9724-4A45-A9B8-F234B1EC2CB5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-08-23] () <==== ATTENTION
Task: {417ED1C7-B964-4FB7-BE25-15DFF2947744} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {A2E44110-D5FA-41DC-A98C-DA4473E47F87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {A6A8F7EC-9B93-4D15-A831-44C9149901E6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {AD0773F2-FE10-4F84-A062-0B1391C06383} - System32\Tasks\Security Center Update - 1340720814 => C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo\afusor.exe [2013-10-01] (Cloud Company) <==== ATTENTION
Task: {D459A516-258A-4BF8-B4BF-455D8217EE7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {E8E7E9CD-428A-432F-9378-C14273005A38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {F640C636-2B3D-494A-9B13-5B7C37F49B1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 1340720814.job => C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo\afusor.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-16 12:37 - 2011-06-16 12:37 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-09-08 08:39 - 2011-03-26 19:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-16 12:37 - 2011-06-16 12:37 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-05-30 11:29 - 2011-05-30 11:29 - 02055816 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-05-30 11:29 - 2011-05-30 11:29 - 01719144 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2011-05-30 11:25 - 2011-05-30 11:25 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2011-05-30 11:25 - 2011-05-30 11:25 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: GameServer52F => "C:\Users\Nancy Oliveira\AppData\Roaming\SoftGrid Client\WINBE21.exe"
MSCONFIG\startupreg: Netscape => regsvr32.exe "C:\Users\Nancy Oliveira\AppData\Local\Netscape\PDSNC15.dll"
MSCONFIG\startupreg: Netscape Update => regsvr32.exe "C:\Users\Nancy Oliveira\AppData\Local\Netscape\GLU32.dll"
MSCONFIG\startupreg: {ED707B70-C10F-489B-A71D-5D30774080F7} => rundll32 "C:\Users\Nancy Oliveira\AppData\Local\Microsoft Games\{ED707B70-C10F-489B-A71D-5D30774080F7}\fgldhn.dll",DllRegisterServer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/18/2014 09:05:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 09:04:47 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: The McShield scanning service cannot find any configuration in the registry
 
Error: (03/17/2014 07:36:38 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: The McShield scanning service cannot find any configuration in the registry
 
Error: (03/17/2014 07:36:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/17/2014 03:26:44 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/17/2014 03:26:44 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
 
System errors:
=============
Error: (03/18/2014 09:07:58 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/18/2014 09:07:36 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/18/2014 09:07:35 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/18/2014 09:07:35 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/18/2014 09:07:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/18/2014 09:05:47 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated with service-specific error %%5046.
 
Error: (03/18/2014 09:04:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:55:13 PM on ‎3/‎17/‎2014 was unexpected.
 
Error: (03/17/2014 08:54:32 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (03/17/2014 07:58:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (03/17/2014 07:58:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
Microsoft Office Sessions:
=========================
Error: (03/18/2014 09:05:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 09:04:47 PM) (Source: McLogEvent)(User: NT AUTHORITY)
Description: 
 
Error: (03/17/2014 07:36:38 PM) (Source: McLogEvent)(User: NT AUTHORITY)
Description: 
 
Error: (03/17/2014 07:36:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/17/2014 03:26:45 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/17/2014 03:26:44 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/17/2014 03:26:44 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 63%
Total physical RAM: 3990.17 MB
Available physical RAM: 1472.58 MB
Total Pagefile: 7978.52 MB
Available Pagefile: 3855.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:399.71 GB) NTFS
Drive e: (2GB) (Removable) (Total:1.86 GB) (Free:0.57 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 0CA2D1F3)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 19 March 2014 - 05:16 AM

Ok, let's start to delete the malware:


Step 1

Please download this attached Attached File  fixlist.txt   1.22KB   15 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 compcrewnpt

compcrewnpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 19 March 2014 - 06:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Nancy Oliveira at 2014-03-19 19:51:36 Run:1
Running from C:\Users\Nancy Oliveira\Desktop\frst64
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
HKU\S-1-5-21-2865782947-482093064-272482056-1001\...\Run: [Netscape Update] - regsvr32.exe "C:\Users\Nancy Oliveira\AppData\Local\Netscape\PNGIO.dll"
C:\Users\Nancy Oliveira\AppData\Local\Netscape
HKU\S-1-5-21-2865782947-482093064-272482056-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\NANCYO~1\AppData\Local\Temp\sxumhtf\strplcf\wow.dll ATTENTION! ====> ZeroAccess?
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf
C:\$Recycle.Bin\S-1-5-21-2865782947-482093064-272482056-1001\$792f41990b73e2f47b46706eb422a6b8
C:\Users\Nancy Oliveira\3151429.exe
C:\Users\Nancy Oliveira\wgsdgsdgdsgsd.exe
Task: {AD0773F2-FE10-4F84-A062-0B1391C06383} - System32\Tasks\Security Center Update - 1340720814 => C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo\afusor.exe [2013-10-01] (Cloud Company) <==== ATTENTION
C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo
Task: C:\Windows\Tasks\Security Center Update - 1340720814.job => C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo\afusor.exe
C:\Users\Nancy Oliveira\AppData\Roaming\SoftGrid Client
C:\Users\Nancy Oliveira\AppData\Local\Microsoft Games\{ED707B70-C10F-489B-A71D-5D30774080F7}
Reboot:
*****************
 
C:\Windows\syswow64\svchost.exe => No running process found
HKU\S-1-5-21-2865782947-482093064-272482056-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Netscape Update => Value deleted successfully.
C:\Users\Nancy Oliveira\AppData\Local\Netscape => Moved successfully.
HKU\S-1-5-21-2865782947-482093064-272482056-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
 
"C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf" directory move:
 
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp1385.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp13A5.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp1534.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp1708.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp1999.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp1A85.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp207B.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp23C7.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp249.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp24A2.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp298.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp2B15.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp4C0.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp51E1.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp52C6.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp57EE.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp5947.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp714C.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp7734.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp77DD.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp77E1.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp7983.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp7AE9.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp7E91.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp80A3.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp814F.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp81EC.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp8249.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp8268.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp842D.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp8803.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp89C8.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp8B78.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp8BE9.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp8DFD.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp8E59.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp900F.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp91F3.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9203.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp929E.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp93E5.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp956C.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9685.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9819.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9951.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp99DE.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9A6B.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9B84.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9C30.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9DA5.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmp9FD8.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpA16C.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpA3DC.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpA6C9.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpA718.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpA728.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpA831.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpA93A.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpAB99.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpAC35.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpB03E.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpB08D.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpB395.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpB6E0.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpB70E.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpB7BA.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpBCC9.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpBDA4.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpBE11.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpBFE5.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpC081.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpC8E.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpCC08.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpCD5C.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpD206.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpD242.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpDBCD.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpDC59.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpDF66.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpE02F.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpE08E.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpE199.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpE418.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpE501.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpE9D1.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEA10.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEA7D.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEBD4.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEC70.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEDB8.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEE63.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEEE0.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEEFF.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpEFDA.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF067.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF13C.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF18B.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF25A.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF279.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF2A8.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF343.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF4E.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF509.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF6F.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF72B.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF72C.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpF7F5.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpFA08.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpFD82.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\tmpFE6B.tmp => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\wow.dll => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\wow.ini => Moved successfully.
Could not move "C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf" directory. => Scheduled to move on reboot.
 
C:\$RECYCLE.BIN\S-1-5-21-2865782947-482093064-272482056-1001\$792f41990b73e2f47b46706eb422a6b8 => Moved successfully.
C:\Users\Nancy Oliveira\3151429.exe => Moved successfully.
C:\Users\Nancy Oliveira\wgsdgsdgdsgsd.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD0773F2-FE10-4F84-A062-0B1391C06383} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD0773F2-FE10-4F84-A062-0B1391C06383} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1340720814 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1340720814 => Key deleted successfully.
C:\Users\Nancy Oliveira\AppData\Roaming\Syocibo => Moved successfully.
C:\Windows\Tasks\Security Center Update - 1340720814.job => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Roaming\SoftGrid Client => Moved successfully.
C:\Users\Nancy Oliveira\AppData\Local\Microsoft Games\{ED707B70-C10F-489B-A71D-5D30774080F7} => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-19 19:54:29)<=
 
C:\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf => Moved successfully.
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nancy Oliveira (administrator) on NANCYOLIVEIRA on 19-03-2014 19:56:03
Running from C:\Users\Nancy Oliveira\Desktop\frst64
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-16] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10222080 2010-12-14] (Intel Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {DDA106D0-EA42-4C6F-89AB-4C533ECC1187} URL = 
SearchScopes: HKCU - {DDA106D0-EA42-4C6F-89AB-4C533ECC1187} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Nancy Oliveira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\Nancy Oliveira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]
 
==================== Services (Whitelisted) =================
 
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-16] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-19 19:52 - 2014-03-19 19:52 - 00000358 _____ () C:\Windows\PFRO.log
2014-03-18 21:08 - 2014-03-19 19:56 - 00000000 ____D () C:\Users\Nancy Oliveira\Desktop\frst64
2014-03-18 21:08 - 2014-03-19 19:56 - 00000000 ____D () C:\FRST
2014-03-17 20:16 - 2014-03-17 20:16 - 00001198 _____ () C:\Users\Nancy Oliveira\Desktop\attach.zip
2014-03-17 20:15 - 2014-03-17 20:14 - 00012762 _____ () C:\Users\Nancy Oliveira\Desktop\dds.txt
2014-03-17 20:15 - 2014-03-17 20:14 - 00002619 _____ () C:\Users\Nancy Oliveira\Desktop\attach.txt
2014-03-17 20:13 - 2014-03-18 00:12 - 00688992 ____R (Swearware) C:\Users\Nancy Oliveira\Desktop\dds.com
2014-03-17 03:26 - 2014-03-19 19:53 - 00001870 _____ () C:\Windows\setupact.log
2014-03-17 03:26 - 2014-03-17 03:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 22:18 - 2014-03-16 22:18 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 22:18 - 2014-03-16 22:18 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-16 22:18 - 2014-03-16 22:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-14 23:21 - 2014-03-14 23:21 - 00003288 ____N () C:\bootsqm.dat
2014-03-11 21:35 - 2014-03-16 21:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Roaming\Malwarebytes
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 13:29 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 13:29 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 13:29 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 13:29 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 13:29 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 13:29 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 13:29 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 13:29 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 13:29 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 13:29 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 13:29 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 13:29 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 13:29 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 13:28 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 13:28 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 13:28 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 13:28 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 13:28 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 13:28 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 13:28 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 13:28 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 13:28 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 13:28 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 13:28 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 13:28 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 13:28 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 13:28 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 13:28 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 13:28 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 13:28 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 13:28 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 13:28 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 13:28 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 13:28 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 13:28 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 13:28 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 13:28 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 13:28 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 13:28 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 13:28 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 13:27 - 2014-03-11 13:27 - 00037424 _____ () C:\RPSetup.exe.log
2014-03-11 13:27 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 13:27 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 13:27 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 13:27 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 13:27 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 13:27 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 13:26 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 13:26 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 13:15 - 2014-03-16 23:13 - 00000000 ____D () C:\Users\Nancy Oliveira\Abong Tools
 
==================== One Month Modified Files and Folders =======
 
2014-03-19 19:56 - 2014-03-18 21:08 - 00000000 ____D () C:\Users\Nancy Oliveira\Desktop\frst64
2014-03-19 19:56 - 2014-03-18 21:08 - 00000000 ____D () C:\FRST
2014-03-19 19:54 - 2013-11-28 19:31 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 19:54 - 2013-11-28 19:31 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 19:53 - 2014-03-17 03:26 - 00001870 _____ () C:\Windows\setupact.log
2014-03-19 19:53 - 2011-09-08 07:38 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-19 19:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 19:52 - 2014-03-19 19:52 - 00000358 _____ () C:\Windows\PFRO.log
2014-03-19 19:51 - 2011-12-25 17:17 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Local\Microsoft Games
2014-03-19 19:51 - 2011-12-25 10:40 - 00000000 ____D () C:\Users\Nancy Oliveira
2014-03-19 19:51 - 2011-09-08 09:04 - 01965183 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 19:46 - 2013-06-01 17:16 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-19 19:45 - 2013-11-28 19:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 19:33 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 19:33 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 19:29 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 00:12 - 2014-03-17 20:13 - 00688992 ____R (Swearware) C:\Users\Nancy Oliveira\Desktop\dds.com
2014-03-17 20:16 - 2014-03-17 20:16 - 00001198 _____ () C:\Users\Nancy Oliveira\Desktop\attach.zip
2014-03-17 20:14 - 2014-03-17 20:15 - 00012762 _____ () C:\Users\Nancy Oliveira\Desktop\dds.txt
2014-03-17 20:14 - 2014-03-17 20:15 - 00002619 _____ () C:\Users\Nancy Oliveira\Desktop\attach.txt
2014-03-17 03:26 - 2014-03-17 03:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 03:25 - 2009-07-14 00:45 - 00322280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-16 23:13 - 2014-03-11 13:15 - 00000000 ____D () C:\Users\Nancy Oliveira\Abong Tools
2014-03-16 23:01 - 2013-11-28 19:33 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 22:45 - 2013-11-28 19:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 22:45 - 2013-11-28 19:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-16 22:45 - 2011-09-08 07:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 22:40 - 2013-06-01 17:16 - 00004016 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-16 22:30 - 2011-09-08 08:01 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-16 22:30 - 2011-09-08 07:55 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-16 22:30 - 2011-09-08 07:55 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-03-16 22:18 - 2014-03-16 22:18 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-16 22:18 - 2014-03-16 22:18 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-16 22:18 - 2014-03-16 22:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-16 21:10 - 2013-11-28 19:30 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-16 21:10 - 2011-09-08 07:11 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-16 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-16 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-16 21:09 - 2013-11-28 19:31 - 00000000 ____D () C:\Program Files\Google
2014-03-16 21:09 - 2013-11-28 19:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-16 21:09 - 2011-12-25 16:31 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-03-16 21:09 - 2011-09-08 07:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 21:09 - 2011-09-08 07:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-16 21:08 - 2014-03-11 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 21:05 - 2010-11-21 03:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-16 21:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-16 20:51 - 2013-11-28 19:31 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Local\Google
2014-03-16 20:51 - 2011-09-08 07:41 - 00000000 ____D () C:\ProgramData\Skype
2014-03-16 20:51 - 2011-09-08 07:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-14 23:21 - 2014-03-14 23:21 - 00003288 ____N () C:\bootsqm.dat
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\Users\Nancy Oliveira\AppData\Roaming\Malwarebytes
2014-03-11 21:35 - 2014-03-11 21:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 20:58 - 2011-02-10 10:02 - 00000000 ____D () C:\Windows\panther
2014-03-11 13:27 - 2014-03-11 13:27 - 00037424 _____ () C:\RPSetup.exe.log
2014-03-11 13:22 - 2011-09-08 07:41 - 00000000 ____D () C:\ProgramData\Cozi
2014-03-11 12:07 - 2011-09-08 08:07 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-11 12:07 - 2011-09-08 08:07 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-01 02:05 - 2014-03-11 13:28 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-11 13:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-11 13:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-11 13:29 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-11 13:28 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-11 13:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-11 13:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-11 13:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-11 13:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-11 13:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-11 13:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-11 13:28 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-11 13:29 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-11 13:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-11 13:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-11 13:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-11 13:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-11 13:28 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-11 13:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-11 13:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-11 13:29 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-11 13:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:43 - 2014-03-11 13:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:42 - 2014-03-11 13:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-11 13:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-11 13:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-11 13:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-11 13:28 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-11 13:28 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-11 13:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-11 13:28 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-11 13:28 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-11 13:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-11 13:29 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-11 13:28 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-11 13:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-11 13:28 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-11 13:29 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-11 13:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-11 13:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 23:48 - 2011-02-10 12:10 - 00776038 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 17:30 - 2013-06-01 17:16 - 00000000 ____D () C:\Program Files\My Dell
2014-02-20 17:30 - 2012-02-12 12:00 - 00000000 ____D () C:\ProgramData\PCDr
2014-02-19 20:49 - 2013-11-28 19:31 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-19 20:49 - 2013-11-28 19:31 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 21:24 - 2009-07-14 01:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 16:46
 
==================== End Of Log ============================


#6 compcrewnpt

compcrewnpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 20 March 2014 - 07:25 AM

...just to let everyone know, the "coms" are gone. Awaiting final instruction. There's BEER in your future!



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 20 March 2014 - 01:10 PM

Great, this looks much better already!
How is your computer running now? Everything ok or ar there still any problems remaining?
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#8 compcrewnpt

compcrewnpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 20 March 2014 - 08:42 PM

All seems normal now.

 

NOTE:(Windows 7)

 

This line

"A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt."

 

should read

"A log file is created at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt."

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e3613b95f635543a00cbc3bc8551f06
# engine=17534
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-20 11:34:30
# local_time=2014-03-20 07:34:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 146901920 0 0
# scanned=149470
# found=12
# cleaned=0
# scan_time=3476
sh=E1EC979689F945F51A57A3A31F231DA18E83FE55 ft=1 fh=7f0933eff2788abe vn="a variant of Win32/Kryptik.AXJL trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nancy Oliveira\3151429.exe.xBAD"
sh=E99E5702EB4DC11A3BB96DDAAF22A1567DD43EA9 ft=1 fh=d79cd78645526374 vn="Win32/Sirefef.EV trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nancy Oliveira\wgsdgsdgdsgsd.exe.xBAD"
sh=D0D146C228C74616BACE03313231A82A2F490233 ft=1 fh=dc1659a36b760474 vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nancy Oliveira\AppData\Local\Microsoft Games\{ED707B70-C10F-489B-A71D-5D30774080F7}\fgldhn.dll"
sh=BF306278C6A12F71EEC361ED8D988F236F48A674 ft=1 fh=a4bab29873b752b4 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nancy Oliveira\AppData\Local\Netscape\PNGIO.dll"
sh=E55016DD8CE0A209727746A4935A67330403A0AA ft=1 fh=d531859197d102f8 vn="Win64/Wowlik.F trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nancy Oliveira\AppData\Local\Temp\sxumhtf\strplcf\wow.dll.xBAD"
sh=CA2028B6BB491D4A831E41B841F54258C275F84D ft=1 fh=50c348c2d296bfdf vn="a variant of Win32/Kryptik.BXDO trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nancy Oliveira\AppData\Roaming\SoftGrid Client\WINBE21.exe"
sh=D2F8452D8F25ED55D448E3102BDFEB7E7DD14FB9 ft=1 fh=ca9df5c8ad9e0823 vn="Win32/Spy.Zbot.ABA trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Nancy Oliveira\AppData\Roaming\Syocibo\afusor.exe"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Nancy Oliveira\Abong Tools\ccsetup411.exe"
sh=30CF12D4FB45C301AA90EDB892C7E234CEA24B09 ft=1 fh=5caafb661c545739 vn="a variant of Win32/InstallBrain.BH potentially unwanted application" ac=I fn="C:\Users\Nancy Oliveira\Downloads\PCPerformerSetup.exe"
sh=D13901C3915B54D2131DE15EA574E72E6DE9BBB0 ft=1 fh=0997e653a4dd77fb vn="Win32/Toolbar.Inbox.H potentially unwanted application" ac=I fn="C:\Users\Nancy Oliveira\Downloads\PublicTransportSetup.exe"


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 21 March 2014 - 05:29 AM

Thank you for the hint with the correct path to the ESET log. I should adapt this instruction for 64-bit systems indeed.
But the log looks very good. There is no more active malware. The found malware threats are already in quarantine, so we're done!


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Adobe Reader X MUI




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#10 compcrewnpt

compcrewnpt
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 21 March 2014 - 05:49 AM

Enjoy that BEER, aharonov! You deserve it.



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 21 March 2014 - 05:53 AM

Thank you very much!
Take care.

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 PM

Posted 21 March 2014 - 05:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users