Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several dllhost.exe *32 processes running in task manager


  • This topic is locked This topic is locked
21 replies to this topic

#1 sborobleepingcomp

sborobleepingcomp

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 29 March 2014 - 05:07 PM

Computer is running slow when I get online and I have several dll files runnings with above name.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16521
Run by Billie Readell at 17:01:22 on 2014-03-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.2715 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2EBA6790-DAD4-417F-ACD5-7E9BB76EAE66} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2EBA6790-DAD4-417F-ACD5-7E9BB76EAE66}\3456E647572797C496E6B693533323 : DHCPNameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{2EBA6790-DAD4-417F-ACD5-7E9BB76EAE66}\77962756C6563737 : DHCPNameServer = 192.168.2.1 98.159.192.2
TCP: Interfaces\{F716410F-8E44-49CB-A12A-E92B01E14079} : DHCPNameServer = 192.168.0.1 205.171.202.166
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-9 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-9 1139800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-9-13 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-13 393728]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [2014-3-18 1525976]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-9 169048]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140328.001\IDSviA64.sys [2014-3-28 525016]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-9 224416]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-9 433752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-9 144368]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2009-12-28 35840]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-12 172704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-3-28 137648]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-3-29 23048]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-3-29 34336]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-1 59392]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-3-29 23016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-3-29 335168]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-03-29 21:48:17    --------    d-----w-    C:\Users\Billie Readell\AppData\Roaming\SparkTrust
2014-03-29 21:48:17    --------    d-----w-    C:\Users\Billie Readell\AppData\Roaming\DriverCure
2014-03-29 21:48:06    --------    d-----w-    C:\Program Files (x86)\Common Files\SparkTrust
2014-03-29 21:48:01    --------    d-----w-    C:\ProgramData\SparkTrust
2014-03-29 21:48:01    --------    d-----w-    C:\Program Files (x86)\SparkTrust
2014-03-29 21:38:47    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-03-29 20:45:44    98816    ----a-w-    C:\Windows\sed.exe
2014-03-29 20:45:44    256000    ----a-w-    C:\Windows\PEV.exe
2014-03-29 20:45:44    208896    ----a-w-    C:\Windows\MBR.exe
2014-03-29 20:17:35    --------    d-----w-    C:\ProgramData\IObit
2014-03-29 20:17:26    --------    d-----w-    C:\Users\Billie Readell\AppData\Roaming\IObit
2014-03-29 20:17:22    --------    d-----w-    C:\Program Files (x86)\IObit
2014-03-29 19:39:29    186328    ----a-w-    C:\Windows\System32\drivers\tmrkb.sys
2014-03-29 19:39:28    283160    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-03-29 17:28:01    --------    d-----w-    C:\Program Files\CCleaner
2014-03-29 17:26:34    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-29 17:26:33    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-29 17:18:07    --------    d-----w-    C:\Users\Billie Readell\AppData\Roaming\Roxio Log Files
2014-03-29 14:51:21    --------    d-----w-    C:\AdwCleaner
2014-03-28 18:02:28    --------    d-----w-    C:\Users\Billie Readell\AppData\Local\Skype
2014-03-28 17:40:10    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-03-28 01:03:07    --------    d-----w-    C:\Users\Billie Readell\AppData\Roaming\SUPERAntiSpyware.com
2014-03-12 22:19:19    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-12 22:19:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-12 22:19:18    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-12 22:19:18    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-12 22:14:16    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-12 22:14:16    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-12 22:14:16    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-12 22:14:16    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-28 00:38:26    --------    d-----w-    C:\Windows\System32\MRT
2014-02-28 00:31:06    --------    d-----w-    C:\Windows\Migration
2014-02-27 23:50:07    256904    ----a-w-    C:\Windows\SysWow64\drivers\tmcomm.sys
.
==================== Find3M  ====================
.
2014-03-12 22:06:25    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 22:06:25    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-16 00:42:40    608032    ----a-w-    C:\SecurityScanner.dll
.
============= FINISH: 17:01:31.93 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:50 AM

Posted 29 March 2014 - 05:29 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 29 March 2014 - 05:45 PM

Thanks for the quick response. Here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Billie Readell (administrator) on BILLIEREADELL on 29-03-2014 17:40:42
Running from C:\Users\Billie Readell\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3999035689-735648510-22466983-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x124916971B34CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6FEFE2F2-7677-4C92-9022-870B17E3EA67} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default
FF DefaultSearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-07]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://tcceagles.com/landing/index
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: http://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Extension: (RealDownloader) - C:\Users\Billie Readell\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-16]
CHR Extension: (Norton Identity Protection) - C:\Users\Billie Readell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-02-16]
CHR Extension: (Google Wallet) - C:\Users\Billie Readell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-12]

==================== Services (Whitelisted) =================

S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-14] (Symantec Corporation)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-27] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140329.002\ENG64.SYS [126040 2014-01-14] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140329.002\EX64.SYS [2099288 2014-01-14] (Symantec Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 17:40 - 2014-03-29 17:41 - 00015536 _____ () C:\Users\Billie Readell\Downloads\FRST.txt
2014-03-29 17:40 - 2014-03-29 17:40 - 00000000 ____D () C:\FRST
2014-03-29 17:39 - 2014-03-29 17:40 - 02157056 _____ (Farbar) C:\Users\Billie Readell\Downloads\FRST64.exe
2014-03-29 17:01 - 2014-03-29 17:03 - 00013283 _____ () C:\Users\Billie Readell\Desktop\attach.txt
2014-03-29 17:01 - 2014-03-29 17:02 - 00013133 _____ () C:\Users\Billie Readell\Desktop\dds.txt
2014-03-29 17:01 - 2014-03-29 17:01 - 00688992 ____R (Swearware) C:\Users\Billie Readell\Downloads\dds.com
2014-03-29 16:48 - 2014-03-29 16:48 - 00001351 _____ () C:\Users\Billie Readell\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-03-29 16:48 - 2014-03-29 16:48 - 00000663 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CF281747-B78B-11E3-81D8-0025645AFE2B.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000492 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000440 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000434 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\DriverCure
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-03-29 16:46 - 2014-03-29 16:46 - 06752440 _____ (SparkTrust) C:\Users\Billie Readell\Downloads\SparkTrust PC Cleaner Plus Setup.exe
2014-03-29 16:38 - 2014-03-29 16:38 - 00015634 _____ () C:\ComboFix.txt
2014-03-29 16:16 - 2014-03-29 17:35 - 00001628 _____ () C:\Windows\PFRO.log
2014-03-29 15:45 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-29 15:45 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-29 15:45 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-29 15:44 - 2014-03-29 16:38 - 00000000 ____D () C:\Qoobox
2014-03-29 15:43 - 2014-03-29 16:11 - 00000000 ____D () C:\Windows\erdnt
2014-03-29 15:41 - 2014-03-29 15:41 - 05192353 ____R (Swearware) C:\Users\Billie Readell\Downloads\ComboFix.exe
2014-03-29 15:17 - 2014-03-29 15:17 - 00001171 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\ProgramData\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-29 15:12 - 2014-03-29 15:12 - 19362952 _____ (IObit ) C:\Users\Billie Readell\Downloads\imfv2-setup-for-review.exe
2014-03-29 15:09 - 2014-03-29 17:40 - 00024041 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 15:07 - 2014-03-29 17:36 - 00000224 _____ () C:\Windows\setupact.log
2014-03-29 15:07 - 2014-03-29 15:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-29 15:01 - 2014-03-29 15:01 - 00000000 ____D () C:\Users\Billie Readell\Downloads\backups
2014-03-29 14:56 - 2014-03-29 14:56 - 00012139 _____ () C:\Users\Billie Readell\Downloads\hijackthis.log
2014-03-29 14:52 - 2014-03-29 14:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HijackThis.exe
2014-03-29 14:39 - 2014-03-29 14:46 - 00000000 ____D () C:\Users\Billie Readell\Downloads\TMRBLog
2014-03-29 14:39 - 2014-03-29 14:39 - 14839344 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\RootkitBusterV5.0-1171x64.exe
2014-03-29 14:39 - 2014-03-29 14:39 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00000000 ____D () C:\Users\Billie Readell\Downloads\log
2014-03-29 14:37 - 2014-03-29 14:37 - 02467424 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HousecallLauncher64.exe
2014-03-29 14:33 - 2014-03-29 14:33 - 00279130 _____ () C:\Users\Billie Readell\Documents\cc_20140329_143258.reg
2014-03-29 12:28 - 2014-03-29 12:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 12:28 - 2014-03-29 12:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-29 12:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 12:18 - 2014-03-29 12:18 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Roxio Log Files
2014-03-29 10:20 - 2014-03-29 10:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Billie Readell\Downloads\tdsskiller(1).exe
2014-03-29 09:51 - 2014-03-29 09:54 - 00000000 ____D () C:\AdwCleaner
2014-03-29 09:50 - 2014-03-29 09:50 - 01950720 _____ () C:\Users\Billie Readell\Downloads\adwcleaner.exe
2014-03-29 02:22 - 2014-03-29 02:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 17:50 - 2014-03-28 17:50 - 03972608 _____ () C:\Users\Billie Readell\Downloads\RogueKiller(1).exe
2014-03-28 13:02 - 2014-03-28 13:02 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Skype
2014-03-28 12:55 - 2014-03-28 12:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 12:40 - 2014-03-29 15:37 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-27 20:10 - 2014-03-29 17:37 - 00003368 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-27 20:10 - 2014-03-29 17:37 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-27 20:03 - 2014-03-27 20:03 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\SUPERAntiSpyware.com
2014-03-27 19:54 - 2014-03-27 19:53 - 00028630 _____ () C:\RPSetup.exe.log
2014-03-12 17:28 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 17:28 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 17:28 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 17:28 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 17:28 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 17:28 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 17:28 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 17:28 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 17:28 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 17:28 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 17:28 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 17:28 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 17:28 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 17:28 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 17:28 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 17:28 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 17:28 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 17:28 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 17:28 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 17:28 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 17:28 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 17:28 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 17:28 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 17:28 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 17:28 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 17:28 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 17:28 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 17:28 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 17:28 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 17:28 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 17:28 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 17:28 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 17:28 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 17:28 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 17:28 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 17:28 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 17:28 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 17:28 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 17:28 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 17:28 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 17:19 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 17:19 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 17:19 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 17:19 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 17:14 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 17:14 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 17:14 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 17:14 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-27 20:10 - 2014-02-27 20:10 - 00000000 ____D () C:\Users\Billie Readell\Desktop\log
2014-02-27 19:38 - 2014-03-22 12:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-27 19:32 - 2014-03-01 04:04 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 19:17 - 2014-02-27 19:17 - 00164650 _____ () C:\Users\Billie Readell\AppData\Local\census.cache
2014-02-27 19:16 - 2014-02-27 19:16 - 00085442 _____ () C:\Users\Billie Readell\AppData\Local\ars.cache
2014-02-27 18:50 - 2012-06-05 02:37 - 00256904 _____ (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2014-02-27 18:48 - 2014-02-27 18:48 - 00000036 _____ () C:\Users\Billie Readell\AppData\Local\housecall.guid.cache
2014-02-27 18:47 - 2014-02-27 18:47 - 02002944 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HousecallLauncher.exe

==================== One Month Modified Files and Folders =======

2014-03-29 17:42 - 2012-10-17 16:52 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\CrashDumps
2014-03-29 17:41 - 2014-03-29 17:40 - 00015536 _____ () C:\Users\Billie Readell\Downloads\FRST.txt
2014-03-29 17:40 - 2014-03-29 17:40 - 00000000 ____D () C:\FRST
2014-03-29 17:40 - 2014-03-29 17:39 - 02157056 _____ (Farbar) C:\Users\Billie Readell\Downloads\FRST64.exe
2014-03-29 17:40 - 2014-03-29 15:09 - 00024041 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 17:40 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-29 17:37 - 2014-03-27 20:10 - 00003368 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-29 17:37 - 2014-03-27 20:10 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-29 17:36 - 2014-03-29 15:07 - 00000224 _____ () C:\Windows\setupact.log
2014-03-29 17:36 - 2010-02-20 23:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 17:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 17:35 - 2014-03-29 16:16 - 00001628 _____ () C:\Windows\PFRO.log
2014-03-29 17:03 - 2014-03-29 17:01 - 00013283 _____ () C:\Users\Billie Readell\Desktop\attach.txt
2014-03-29 17:02 - 2014-03-29 17:01 - 00013133 _____ () C:\Users\Billie Readell\Desktop\dds.txt
2014-03-29 17:01 - 2014-03-29 17:01 - 00688992 ____R (Swearware) C:\Users\Billie Readell\Downloads\dds.com
2014-03-29 16:48 - 2014-03-29 16:48 - 00001351 _____ () C:\Users\Billie Readell\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-03-29 16:48 - 2014-03-29 16:48 - 00000663 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CF281747-B78B-11E3-81D8-0025645AFE2B.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000492 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000440 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000434 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\DriverCure
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-03-29 16:46 - 2014-03-29 16:46 - 06752440 _____ (SparkTrust) C:\Users\Billie Readell\Downloads\SparkTrust PC Cleaner Plus Setup.exe
2014-03-29 16:38 - 2014-03-29 16:38 - 00015634 _____ () C:\ComboFix.txt
2014-03-29 16:38 - 2014-03-29 15:44 - 00000000 ____D () C:\Qoobox
2014-03-29 16:36 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-29 16:21 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 16:21 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 16:11 - 2014-03-29 15:43 - 00000000 ____D () C:\Windows\erdnt
2014-03-29 16:02 - 2010-02-20 23:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 16:01 - 2012-05-10 08:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 15:41 - 2014-03-29 15:41 - 05192353 ____R (Swearware) C:\Users\Billie Readell\Downloads\ComboFix.exe
2014-03-29 15:37 - 2014-03-28 12:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-29 15:17 - 2014-03-29 15:17 - 00001171 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\ProgramData\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-29 15:14 - 2010-04-19 13:04 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4092E8F6-6208-4941-85D0-90C505F90538}
2014-03-29 15:12 - 2014-03-29 15:12 - 19362952 _____ (IObit ) C:\Users\Billie Readell\Downloads\imfv2-setup-for-review.exe
2014-03-29 15:07 - 2014-03-29 15:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-29 15:02 - 2009-12-28 20:28 - 00000000 ___RD () C:\Users\Billie Readell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 15:01 - 2014-03-29 15:01 - 00000000 ____D () C:\Users\Billie Readell\Downloads\backups
2014-03-29 14:56 - 2014-03-29 14:56 - 00012139 _____ () C:\Users\Billie Readell\Downloads\hijackthis.log
2014-03-29 14:52 - 2014-03-29 14:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HijackThis.exe
2014-03-29 14:46 - 2014-03-29 14:39 - 00000000 ____D () C:\Users\Billie Readell\Downloads\TMRBLog
2014-03-29 14:39 - 2014-03-29 14:39 - 14839344 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\RootkitBusterV5.0-1171x64.exe
2014-03-29 14:39 - 2014-03-29 14:39 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00000000 ____D () C:\Users\Billie Readell\Downloads\log
2014-03-29 14:37 - 2014-03-29 14:37 - 02467424 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HousecallLauncher64.exe
2014-03-29 14:33 - 2014-03-29 14:33 - 00279130 _____ () C:\Users\Billie Readell\Documents\cc_20140329_143258.reg
2014-03-29 14:12 - 2010-02-26 17:51 - 00000000 ____D () C:\Users\Billie Readell\Tracing
2014-03-29 14:12 - 2009-09-13 00:48 - 00000000 ____D () C:\Windows\Panther
2014-03-29 13:07 - 2010-10-03 19:33 - 00000000 ____D () C:\Windows\Minidump
2014-03-29 12:30 - 2014-03-29 12:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 12:28 - 2014-03-29 12:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-29 12:18 - 2014-03-29 12:18 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Roxio Log Files
2014-03-29 12:12 - 2010-03-03 13:25 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Skype
2014-03-29 12:08 - 2013-03-18 12:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 10:56 - 2010-02-20 23:33 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 10:56 - 2010-02-20 23:33 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 10:20 - 2014-03-29 10:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Billie Readell\Downloads\tdsskiller(1).exe
2014-03-29 09:54 - 2014-03-29 09:51 - 00000000 ____D () C:\AdwCleaner
2014-03-29 09:50 - 2014-03-29 09:50 - 01950720 _____ () C:\Users\Billie Readell\Downloads\adwcleaner.exe
2014-03-29 02:22 - 2014-03-29 02:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 17:50 - 2014-03-28 17:50 - 03972608 _____ () C:\Users\Billie Readell\Downloads\RogueKiller(1).exe
2014-03-28 13:06 - 2011-01-25 17:00 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\CBS Interactive
2014-03-28 13:02 - 2014-03-28 13:02 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Skype
2014-03-28 12:59 - 2010-03-03 13:22 - 00000000 ____D () C:\ProgramData\Skype
2014-03-28 12:55 - 2014-03-28 12:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 12:55 - 2010-03-03 13:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-28 12:25 - 2009-09-12 22:18 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-28 12:16 - 2011-04-01 15:31 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-27 20:10 - 2011-04-01 15:28 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Windows Live
2014-03-27 20:03 - 2014-03-27 20:03 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\SUPERAntiSpyware.com
2014-03-27 20:03 - 2011-04-01 09:08 - 00000000 ____D () C:\Windows\pss
2014-03-27 19:53 - 2014-03-27 19:54 - 00028630 _____ () C:\RPSetup.exe.log
2014-03-27 19:21 - 2009-09-12 22:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-27 19:21 - 2009-09-12 22:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-23 16:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 12:15 - 2014-02-27 19:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-22 12:12 - 2010-01-13 18:44 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 22:52 - 2010-03-03 13:32 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-13 03:23 - 2009-07-13 23:45 - 00343552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:22 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:22 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 17:06 - 2012-05-10 08:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 17:06 - 2012-05-10 08:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:06 - 2011-12-08 15:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 00:35 - 2013-03-18 12:02 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Mozilla
2014-03-01 04:04 - 2014-02-27 19:32 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 01:05 - 2014-03-12 17:28 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-12 17:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-12 17:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-12 17:28 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-12 17:28 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-12 17:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-12 17:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-12 17:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-12 17:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-12 17:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-12 17:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-12 17:28 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-12 17:28 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-12 17:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-12 17:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-12 17:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-12 17:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-12 17:28 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-12 17:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-12 17:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-12 17:28 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-12 17:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:43 - 2014-03-12 17:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:42 - 2014-03-12 17:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-12 17:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-12 17:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-12 17:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-12 17:28 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-12 17:28 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-12 17:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-12 17:28 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-12 17:28 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-12 17:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-12 17:28 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-12 17:28 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-12 17:28 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-12 17:28 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-12 17:28 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-12 17:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-12 17:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 20:11 - 2009-12-28 20:32 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\VirtualStore
2014-02-27 20:10 - 2014-02-27 20:10 - 00000000 ____D () C:\Users\Billie Readell\Desktop\log
2014-02-27 19:29 - 2009-09-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-27 19:17 - 2014-02-27 19:17 - 00164650 _____ () C:\Users\Billie Readell\AppData\Local\census.cache
2014-02-27 19:16 - 2014-02-27 19:16 - 00085442 _____ () C:\Users\Billie Readell\AppData\Local\ars.cache
2014-02-27 18:48 - 2014-02-27 18:48 - 00000036 _____ () C:\Users\Billie Readell\AppData\Local\housecall.guid.cache
2014-02-27 18:47 - 2014-02-27 18:47 - 02002944 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HousecallLauncher.exe
2014-02-27 17:47 - 2013-01-19 22:59 - 00000000 ____D () C:\Firefox
2014-02-27 06:47 - 2010-02-20 23:32 - 00000000 ____D () C:\Program Files\Google
2014-02-27 06:47 - 2010-02-19 13:59 - 00000000 ____D () C:\Program Files (x86)\Google

Alureon:
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\wow.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 10:15

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Billie Readell at 2014-03-29 17:42:43
Running from C:\Users\Billie Readell\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: avast! Antivirus (Disabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Out of date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.102 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.0 - IObit)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216038FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft UI Engine (x32 Version: 6.3.2348.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.0.0 - SparkTrust) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

22-03-2014 17:11:08 Windows Update
28-03-2014 00:33:26 Removed Compatibility Pack for the 2007 Office system
28-03-2014 00:45:24 Removed Microsoft Office PowerPoint Viewer 2007 (English)
28-03-2014 00:54:28 Removed Dell DataSafe Local Backup
28-03-2014 17:12:17 Removed Windows Live Sync
28-03-2014 17:14:37 Windows Live Essentials
28-03-2014 17:15:31 WLSetup

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-03-29 16:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00F2A301-1224-4679-85B7-DCF0ABA608EC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3999035689-735648510-22466983-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {096F4044-E8F5-4D18-BFB0-2A40AAD3685F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-20] (Google Inc.)
Task: {404ABB56-C1EE-4302-80AB-A4E4812B9EF3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {4EC5289E-21B1-472D-B6BE-241167D2959F} - System32\Tasks\{6EF78A9C-BA6F-4716-A781-AC9DBC63D4C6} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {550CECDD-2802-4B19-8602-8C35C35AB0E4} - System32\Tasks\D59BPXJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {5F4908C8-DA65-45BE-907B-1181BC97BCB1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3999035689-735648510-22466983-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {822BF2ED-7771-4F3D-BF15-27B5FF581E9B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {8518CD2E-210C-4274-95CD-3C2B4EA483B6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {88156278-8253-4626-89E2-23B32CD00ED9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A00F677D-4E5C-40B2-A37D-CD6795E51EFB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3999035689-735648510-22466983-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DCD0F88C-05DC-4902-9619-7CEAF4CF4C75} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3999035689-735648510-22466983-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EE63E76B-1ED1-46BC-AE75-7C470DDC5946} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-20] (Google Inc.)
Task: {F6498D07-B031-49CE-A1E4-C13BBDFACFD0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CF281747-B78B-11E3-81D8-0025645AFE2B.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-06-09 13:39 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2014-03-29 02:22 - 2014-03-29 02:22 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2014 05:42:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00193244
Faulting process id: 0x664
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:42:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00073244
Faulting process id: 0xd28
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:41:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00073244
Faulting process id: 0xdcc
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:41:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00073244
Faulting process id: 0xdfc
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:41:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00183244
Faulting process id: 0xd50
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:39:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000f3244
Faulting process id: 0x1330
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:39:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000b3244
Faulting process id: 0xdf0
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:39:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000b3244
Faulting process id: 0xdbc
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:38:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000b3244
Faulting process id: 0xe28
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3

Error: (03/29/2014 05:38:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore, version: 0.0.0.0, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000b3244
Faulting process id: 0xd60
Faulting application start time: 0xiexplore0
Faulting application path: iexplore1
Faulting module path: iexplore2
Report Id: iexplore3


System errors:
=============
Error: (03/29/2014 05:35:56 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (03/29/2014 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/29/2014 05:08:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-29 15:55:22.193
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-29 15:55:22.053
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 4056.36 MB
Available physical RAM: 2121.11 MB
Total Pagefile: 8110.91 MB
Available Pagefile: 6135.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:386.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2B391CB6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:50 AM

Posted 29 March 2014 - 06:29 PM

Click on Start > type in appwiz.cpl in the search box and press Enter
Find and uninstall the following programs from the list:
 

SparkTrust

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 29 March 2014 - 06:39 PM

It gave some errors after it ran and rebooted but here is the log.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Billie Readell at 2014-03-29 18:33:01 Run:1
Running from C:\Users\Billie Readell\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3999035689-735648510-22466983-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\wow.dll ATTENTION! ====> ZeroAccess?
BHO-x32: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-03-29 16:48 - 2014-03-29 16:48 - 00001351 _____ () C:\Users\Billie Readell\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-03-29 16:48 - 2014-03-29 16:48 - 00000663 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CF281747-B78B-11E3-81D8-0025645AFE2B.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000492 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000440 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000434 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\DriverCure
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-03-29 16:48 - 2014-03-29 16:48 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-03-29 16:46 - 2014-03-29 16:46 - 06752440 _____ (SparkTrust) C:\Users\Billie Readell\Downloads\SparkTrust PC Cleaner Plus Setup.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CF281747-B78B-11E3-81D8-0025645AFE2B.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
C:\Users\Billie Readell\AppData\Local\Temp
end
*****************

HKU\S-1-5-21-3999035689-735648510-22466983-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Unable to delete key
HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
catchme => Service deleted successfully.
"C:\Users\Billie Readell\Desktop\SparkTrust PC Cleaner Plus.lnk" => File/Directory not found.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CF281747-B78B-11E3-81D8-0025645AFE2B.job => Moved successfully.
"C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job" => File/Directory not found.
"C:\Windows\Tasks\SparkTrust Update Version3.job" => File/Directory not found.
"C:\Windows\Tasks\SparkTrust Registration3.job" => File/Directory not found.
C:\Users\Billie Readell\AppData\Roaming\SparkTrust => Moved successfully.
"C:\Users\Billie Readell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust" => File/Directory not found.
C:\Users\Billie Readell\AppData\Roaming\DriverCure => Moved successfully.
C:\ProgramData\SparkTrust => Moved successfully.
"C:\Program Files (x86)\SparkTrust" => File/Directory not found.
C:\Users\Billie Readell\Downloads\SparkTrust PC Cleaner Plus Setup.exe => Moved successfully.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_CF281747-B78B-11E3-81D8-0025645AFE2B.job not found.
C:\Windows\Tasks\SparkTrust Registration3.job not found.
C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job not found.
C:\Windows\Tasks\SparkTrust Update Version3.job not found.

"C:\Users\Billie Readell\AppData\Local\Temp" directory move:

C:\Users\Billie Readell\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\DDS.txt => Moved successfully.
Could not move "C:\Users\Billie Readell\AppData\Local\Temp\etilqs_FhQIwYCx7AqHeFr" => Scheduled to move on reboot.
Could not move "C:\Users\Billie Readell\AppData\Local\Temp\etilqs_tgBRKmz7l6TQI41" => Scheduled to move on reboot.
Could not move "C:\Users\Billie Readell\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Billie Readell\AppData\Local\Temp\~nsu.tmp\Au_.exe => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp129E.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp336.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp45F3.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp4639.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp4659.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp46A7.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp4E3D.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp5727.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp5DF0.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp64EF.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp665F.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp6BB0.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp70FC.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp7538.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp80A8.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp883A.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp9715.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmp9C65.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpA247.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpA807.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpAAAE.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpAC89.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpBC32.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpC492.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpCB74.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpCF89.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpD1D5.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpD8BD.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpDB10.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpE1D9.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpF623.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\tmpFE64.tmp => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\wow.dll => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\speoetn\sfpjfpw\wow.ini => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\iecompatuaCache\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\IECompatCache\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\888\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\716\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\6112\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\6092\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\6076\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\6048\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\604\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5900\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5844\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5836\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5808\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5800\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5776\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5756\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5656\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\548\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5320\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5288\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5264\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5232\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5216\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5200\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5160\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5088\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\508\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5064\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\5040\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4912\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4904\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4816\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4776\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4744\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4628\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4612\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4556\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4552\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4544\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4488\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4472\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4452\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4412\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4364\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4360\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4336\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\432\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4200\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4080\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4060\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\4056\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3928\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3848\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3840\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3824\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3820\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3816\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3812\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3808\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3804\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3800\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3796\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3792\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3784\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3780\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3772\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3756\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3748\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3744\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3740\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3732\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3716\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3708\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3704\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3692\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3684\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3656\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3648\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\364\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3624\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3600\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3596\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3592\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3584\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3584\DBA5BLN8.txt => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3580\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3568\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3552\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3548\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3544\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3540\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3536\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3532\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3524\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\352\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3516\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3468\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3424\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3416\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3408\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3396\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3372\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3368\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3364\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3332\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3324\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3304\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3284\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3276\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3268\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3228\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3216\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3200\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3108\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3100\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\3000\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2960\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2948\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2940\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2916\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2912\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2908\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2900\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2844\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2840\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2832\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2828\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2756\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2692\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2656\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2592\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2580\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2576\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2564\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2548\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2428\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2416\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2356\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2348\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2328\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2272\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2268\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2248\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2244\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2164\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2148\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2132\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2116\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2100\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2092\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2072\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\2044\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1992\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1968\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1948\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1936\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1928\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1908\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1876\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1848\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1820\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1780\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1772\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1660\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1636\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1560\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1532\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1508\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1480\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1404\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1372\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1356\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1336\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1288\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1232\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1232\FN7XKH3O.txt => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1204\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1176\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\108\container.dat => Moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\cache\1028\container.dat => Moved successfully.
Could not move "C:\Users\Billie Readell\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-29 18:35:07)<=

C:\Users\Billie Readell\AppData\Local\Temp\etilqs_FhQIwYCx7AqHeFr => Is moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\etilqs_tgBRKmz7l6TQI41 => Is moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Billie Readell\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:50 AM

Posted 30 March 2014 - 03:38 AM

What kind of errors?

 

Can you please run a new scan with FRST and post back the results?

 

Also let me know if the dllhost.exe*32 processes are still several or only 1 as it should be.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 March 2014 - 09:37 AM

It was a couple of errors that showed after I ran the fix. I cant remember exactly what they were. I believe it was about a file missing.

 

No dll files are in my task manager now. Here is the latest FRST scan.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Billie Readell (administrator) on BILLIEREADELL on 30-03-2014 09:34:28
Running from C:\Users\Billie Readell\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x124916971B34CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6FEFE2F2-7677-4C92-9022-870B17E3EA67} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default
FF DefaultSearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-07]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://tcceagles.com/landing/index
CHR DefaultSearchProvider: Ask
CHR DefaultSearchURL: http://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Extension: (RealDownloader) - C:\Users\Billie Readell\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-16]
CHR Extension: (Norton Identity Protection) - C:\Users\Billie Readell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-02-16]
CHR Extension: (Google Wallet) - C:\Users\Billie Readell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-12]

==================== Services (Whitelisted) =================

S4 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-14] (Symantec Corporation)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20140328.001\IDSvia64.sys [525016 2014-03-27] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140329.002\ENG64.SYS [126040 2014-01-14] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20140329.002\EX64.SYS [2099288 2014-01-14] (Symantec Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 17:42 - 2014-03-29 17:43 - 00029910 _____ () C:\Users\Billie Readell\Downloads\Addition.txt
2014-03-29 17:40 - 2014-03-30 09:34 - 00013600 _____ () C:\Users\Billie Readell\Downloads\FRST.txt
2014-03-29 17:40 - 2014-03-30 09:34 - 00000000 ____D () C:\FRST
2014-03-29 17:39 - 2014-03-29 17:40 - 02157056 _____ (Farbar) C:\Users\Billie Readell\Downloads\FRST64.exe
2014-03-29 17:01 - 2014-03-29 17:03 - 00013283 _____ () C:\Users\Billie Readell\Desktop\attach.txt
2014-03-29 17:01 - 2014-03-29 17:02 - 00013133 _____ () C:\Users\Billie Readell\Desktop\dds.txt
2014-03-29 17:01 - 2014-03-29 17:01 - 00688992 ____R (Swearware) C:\Users\Billie Readell\Downloads\dds.com
2014-03-29 16:38 - 2014-03-29 16:38 - 00015634 _____ () C:\ComboFix.txt
2014-03-29 16:16 - 2014-03-29 18:34 - 00003048 _____ () C:\Windows\PFRO.log
2014-03-29 15:45 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-29 15:45 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-29 15:45 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-29 15:45 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-29 15:44 - 2014-03-29 16:38 - 00000000 ____D () C:\Qoobox
2014-03-29 15:43 - 2014-03-29 16:11 - 00000000 ____D () C:\Windows\erdnt
2014-03-29 15:41 - 2014-03-29 15:41 - 05192353 ____R (Swearware) C:\Users\Billie Readell\Downloads\ComboFix.exe
2014-03-29 15:17 - 2014-03-29 15:17 - 00001171 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\ProgramData\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-29 15:12 - 2014-03-29 15:12 - 19362952 _____ (IObit ) C:\Users\Billie Readell\Downloads\imfv2-setup-for-review.exe
2014-03-29 15:09 - 2014-03-29 18:37 - 00032630 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 15:07 - 2014-03-29 18:34 - 00000280 _____ () C:\Windows\setupact.log
2014-03-29 15:07 - 2014-03-29 15:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-29 15:01 - 2014-03-29 15:01 - 00000000 ____D () C:\Users\Billie Readell\Downloads\backups
2014-03-29 14:56 - 2014-03-29 14:56 - 00012139 _____ () C:\Users\Billie Readell\Downloads\hijackthis.log
2014-03-29 14:52 - 2014-03-29 14:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HijackThis.exe
2014-03-29 14:39 - 2014-03-29 14:46 - 00000000 ____D () C:\Users\Billie Readell\Downloads\TMRBLog
2014-03-29 14:39 - 2014-03-29 14:39 - 14839344 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\RootkitBusterV5.0-1171x64.exe
2014-03-29 14:39 - 2014-03-29 14:39 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00000000 ____D () C:\Users\Billie Readell\Downloads\log
2014-03-29 14:37 - 2014-03-29 14:37 - 02467424 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HousecallLauncher64.exe
2014-03-29 14:33 - 2014-03-29 14:33 - 00279130 _____ () C:\Users\Billie Readell\Documents\cc_20140329_143258.reg
2014-03-29 12:28 - 2014-03-29 12:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 12:28 - 2014-03-29 12:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-29 12:26 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 12:18 - 2014-03-29 12:18 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Roxio Log Files
2014-03-29 10:20 - 2014-03-29 10:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Billie Readell\Downloads\tdsskiller(1).exe
2014-03-29 09:51 - 2014-03-29 09:54 - 00000000 ____D () C:\AdwCleaner
2014-03-29 09:50 - 2014-03-29 09:50 - 01950720 _____ () C:\Users\Billie Readell\Downloads\adwcleaner.exe
2014-03-29 02:22 - 2014-03-29 02:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 17:50 - 2014-03-28 17:50 - 03972608 _____ () C:\Users\Billie Readell\Downloads\RogueKiller(1).exe
2014-03-28 13:02 - 2014-03-28 13:02 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Skype
2014-03-28 12:55 - 2014-03-28 12:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 12:40 - 2014-03-29 15:37 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-27 20:10 - 2014-03-29 18:34 - 00003368 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-27 20:10 - 2014-03-29 18:34 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-27 20:03 - 2014-03-27 20:03 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\SUPERAntiSpyware.com
2014-03-27 19:54 - 2014-03-27 19:53 - 00028630 _____ () C:\RPSetup.exe.log
2014-03-12 17:28 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 17:28 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 17:28 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 17:28 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 17:28 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 17:28 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 17:28 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 17:28 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 17:28 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 17:28 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 17:28 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 17:28 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 17:28 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 17:28 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 17:28 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 17:28 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 17:28 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 17:28 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 17:28 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 17:28 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 17:28 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 17:28 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 17:28 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 17:28 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 17:28 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 17:28 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 17:28 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 17:28 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 17:28 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 17:28 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 17:28 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 17:28 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 17:28 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 17:28 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 17:28 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 17:28 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 17:28 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 17:28 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 17:28 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 17:28 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 17:19 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 17:19 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 17:19 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 17:19 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 17:14 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 17:14 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 17:14 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 17:14 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-03-30 09:35 - 2014-03-29 17:40 - 00013600 _____ () C:\Users\Billie Readell\Downloads\FRST.txt
2014-03-30 09:34 - 2014-03-29 17:40 - 00000000 ____D () C:\FRST
2014-03-30 09:33 - 2010-02-20 23:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-30 09:32 - 2014-03-29 15:09 - 00032630 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 09:32 - 2012-05-10 08:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 18:41 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 18:41 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 18:38 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-29 18:34 - 2014-03-29 16:16 - 00003048 _____ () C:\Windows\PFRO.log
2014-03-29 18:34 - 2014-03-29 15:07 - 00000280 _____ () C:\Windows\setupact.log
2014-03-29 18:34 - 2014-03-27 20:10 - 00003368 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-29 18:34 - 2014-03-27 20:10 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3999035689-735648510-22466983-1000
2014-03-29 18:34 - 2010-02-20 23:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 18:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 18:31 - 2012-10-17 16:52 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\CrashDumps
2014-03-29 17:43 - 2014-03-29 17:42 - 00029910 _____ () C:\Users\Billie Readell\Downloads\Addition.txt
2014-03-29 17:40 - 2014-03-29 17:39 - 02157056 _____ (Farbar) C:\Users\Billie Readell\Downloads\FRST64.exe
2014-03-29 17:03 - 2014-03-29 17:01 - 00013283 _____ () C:\Users\Billie Readell\Desktop\attach.txt
2014-03-29 17:02 - 2014-03-29 17:01 - 00013133 _____ () C:\Users\Billie Readell\Desktop\dds.txt
2014-03-29 17:01 - 2014-03-29 17:01 - 00688992 ____R (Swearware) C:\Users\Billie Readell\Downloads\dds.com
2014-03-29 16:38 - 2014-03-29 16:38 - 00015634 _____ () C:\ComboFix.txt
2014-03-29 16:38 - 2014-03-29 15:44 - 00000000 ____D () C:\Qoobox
2014-03-29 16:36 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-29 16:11 - 2014-03-29 15:43 - 00000000 ____D () C:\Windows\erdnt
2014-03-29 15:41 - 2014-03-29 15:41 - 05192353 ____R (Swearware) C:\Users\Billie Readell\Downloads\ComboFix.exe
2014-03-29 15:37 - 2014-03-28 12:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-29 15:17 - 2014-03-29 15:17 - 00001171 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\ProgramData\IObit
2014-03-29 15:17 - 2014-03-29 15:17 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-29 15:14 - 2010-04-19 13:04 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4092E8F6-6208-4941-85D0-90C505F90538}
2014-03-29 15:12 - 2014-03-29 15:12 - 19362952 _____ (IObit ) C:\Users\Billie Readell\Downloads\imfv2-setup-for-review.exe
2014-03-29 15:07 - 2014-03-29 15:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-29 15:02 - 2009-12-28 20:28 - 00000000 ___RD () C:\Users\Billie Readell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-29 15:01 - 2014-03-29 15:01 - 00000000 ____D () C:\Users\Billie Readell\Downloads\backups
2014-03-29 14:56 - 2014-03-29 14:56 - 00012139 _____ () C:\Users\Billie Readell\Downloads\hijackthis.log
2014-03-29 14:52 - 2014-03-29 14:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HijackThis.exe
2014-03-29 14:46 - 2014-03-29 14:39 - 00000000 ____D () C:\Users\Billie Readell\Downloads\TMRBLog
2014-03-29 14:39 - 2014-03-29 14:39 - 14839344 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\RootkitBusterV5.0-1171x64.exe
2014-03-29 14:39 - 2014-03-29 14:39 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00186328 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-03-29 14:39 - 2014-03-29 14:39 - 00000000 ____D () C:\Users\Billie Readell\Downloads\log
2014-03-29 14:37 - 2014-03-29 14:37 - 02467424 _____ (Trend Micro Inc.) C:\Users\Billie Readell\Downloads\HousecallLauncher64.exe
2014-03-29 14:33 - 2014-03-29 14:33 - 00279130 _____ () C:\Users\Billie Readell\Documents\cc_20140329_143258.reg
2014-03-29 14:12 - 2010-02-26 17:51 - 00000000 ____D () C:\Users\Billie Readell\Tracing
2014-03-29 14:12 - 2009-09-13 00:48 - 00000000 ____D () C:\Windows\Panther
2014-03-29 13:07 - 2010-10-03 19:33 - 00000000 ____D () C:\Windows\Minidump
2014-03-29 12:30 - 2014-03-29 12:28 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-29 12:28 - 2014-03-29 12:28 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00001107 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 12:26 - 2014-03-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-29 12:18 - 2014-03-29 12:18 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Roxio Log Files
2014-03-29 12:12 - 2010-03-03 13:25 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\Skype
2014-03-29 12:08 - 2013-03-18 12:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 10:56 - 2010-02-20 23:33 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 10:56 - 2010-02-20 23:33 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 10:20 - 2014-03-29 10:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Billie Readell\Downloads\tdsskiller(1).exe
2014-03-29 09:54 - 2014-03-29 09:51 - 00000000 ____D () C:\AdwCleaner
2014-03-29 09:50 - 2014-03-29 09:50 - 01950720 _____ () C:\Users\Billie Readell\Downloads\adwcleaner.exe
2014-03-29 02:22 - 2014-03-29 02:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 17:50 - 2014-03-28 17:50 - 03972608 _____ () C:\Users\Billie Readell\Downloads\RogueKiller(1).exe
2014-03-28 13:06 - 2011-01-25 17:00 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\CBS Interactive
2014-03-28 13:02 - 2014-03-28 13:02 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Skype
2014-03-28 12:59 - 2010-03-03 13:22 - 00000000 ____D () C:\ProgramData\Skype
2014-03-28 12:55 - 2014-03-28 12:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-28 12:55 - 2010-03-03 13:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-28 12:25 - 2009-09-12 22:18 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-28 12:16 - 2011-04-01 15:31 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-27 20:10 - 2011-04-01 15:28 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Windows Live
2014-03-27 20:03 - 2014-03-27 20:03 - 00000000 ____D () C:\Users\Billie Readell\AppData\Roaming\SUPERAntiSpyware.com
2014-03-27 20:03 - 2011-04-01 09:08 - 00000000 ____D () C:\Windows\pss
2014-03-27 19:53 - 2014-03-27 19:54 - 00028630 _____ () C:\RPSetup.exe.log
2014-03-27 19:21 - 2009-09-12 22:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-27 19:21 - 2009-09-12 22:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-23 16:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 12:15 - 2014-02-27 19:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-22 12:12 - 2010-01-13 18:44 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 22:52 - 2010-03-03 13:32 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-13 03:23 - 2009-07-13 23:45 - 00343552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:22 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:22 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 17:06 - 2012-05-10 08:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 17:06 - 2012-05-10 08:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 17:06 - 2011-12-08 15:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 00:35 - 2013-03-18 12:02 - 00000000 ____D () C:\Users\Billie Readell\AppData\Local\Mozilla
2014-03-01 04:04 - 2014-02-27 19:32 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 01:05 - 2014-03-12 17:28 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 00:17 - 2014-03-12 17:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 00:16 - 2014-03-12 17:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 23:58 - 2014-03-12 17:28 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 23:52 - 2014-03-12 17:28 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 23:51 - 2014-03-12 17:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 23:42 - 2014-03-12 17:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 23:40 - 2014-03-12 17:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 23:37 - 2014-03-12 17:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 23:33 - 2014-03-12 17:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 23:33 - 2014-03-12 17:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 23:32 - 2014-03-12 17:28 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 23:30 - 2014-03-12 17:28 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 23:23 - 2014-03-12 17:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 23:17 - 2014-03-12 17:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 23:11 - 2014-03-12 17:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 23:02 - 2014-03-12 17:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 22:54 - 2014-03-12 17:28 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 22:52 - 2014-03-12 17:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 22:51 - 2014-03-12 17:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 22:47 - 2014-03-12 17:28 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 22:43 - 2014-03-12 17:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 22:43 - 2014-03-12 17:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 22:42 - 2014-03-12 17:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 22:40 - 2014-03-12 17:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 22:38 - 2014-03-12 17:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 22:37 - 2014-03-12 17:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 22:35 - 2014-03-12 17:28 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 22:18 - 2014-03-12 17:28 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 22:16 - 2014-03-12 17:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 22:14 - 2014-03-12 17:28 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 22:10 - 2014-03-12 17:28 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 22:03 - 2014-03-12 17:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 22:00 - 2014-03-12 17:28 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 21:57 - 2014-03-12 17:28 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 21:38 - 2014-03-12 17:28 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 21:32 - 2014-03-12 17:28 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 21:27 - 2014-03-12 17:28 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 21:25 - 2014-03-12 17:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 21:25 - 2014-03-12 17:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 09:32

==================== End Of Log ============================



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:50 AM

Posted 30 March 2014 - 09:44 AM

Good work! :)

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 March 2014 - 10:05 AM

No Problem.

 

Step 1

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/30/2014 09:56:22 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/30/2014 09:57:21 AM
Execution time: 0 hours(s), 0 minute(s), and 59 seconds(s)
 

Step 2

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Billie Readell [Admin rights]
Mode : Scan -- Date : 03/30/2014 10:01:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @firefox.exe (BeginBufferedAnimation) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289DF38)
[Address] EAT @firefox.exe (BeginBufferedPaint) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289B741)
[Address] EAT @firefox.exe (BeginPanningFeedback) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728B76AF)
[Address] EAT @firefox.exe (BufferedPaintClear) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289BBDB)
[Address] EAT @firefox.exe (BufferedPaintInit) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289B8D4)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289DE83)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCE19)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289E428)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A7525)
[Address] EAT @firefox.exe (CloseThemeData) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x72891FA1)
[Address] EAT @firefox.exe (DrawThemeBackground) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289D464)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A436D)
[Address] EAT @firefox.exe (DrawThemeEdge) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BC01C)
[Address] EAT @firefox.exe (DrawThemeIcon) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BD123)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289E776)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289E5C5)
[Address] EAT @firefox.exe (DrawThemeText) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289DB21)
[Address] EAT @firefox.exe (DrawThemeTextEx) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289A70C)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A786D)
[Address] EAT @firefox.exe (EnableTheming) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BC9FF)
[Address] EAT @firefox.exe (EndBufferedAnimation) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289ACE8)
[Address] EAT @firefox.exe (EndBufferedPaint) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289ACE8)
[Address] EAT @firefox.exe (EndPanningFeedback) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728B762C)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289CF26)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCDCF)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCD86)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BC893)
[Address] EAT @firefox.exe (GetCurrentThemeName) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A63AE)
[Address] EAT @firefox.exe (GetThemeAppProperties) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289EBD6)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289DA9E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A7155)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A0190)
[Address] EAT @firefox.exe (GetThemeBitmap) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x72894B9C)
[Address] EAT @firefox.exe (GetThemeBool) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x72896651)
[Address] EAT @firefox.exe (GetThemeColor) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728927C0)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BC346)
[Address] EAT @firefox.exe (GetThemeEnumValue) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728927C0)
[Address] EAT @firefox.exe (GetThemeFilename) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BB997)
[Address] EAT @firefox.exe (GetThemeFont) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A76A2)
[Address] EAT @firefox.exe (GetThemeInt) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728927C0)
[Address] EAT @firefox.exe (GetThemeIntList) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BB86E)
[Address] EAT @firefox.exe (GetThemeMargins) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x72892F97)
[Address] EAT @firefox.exe (GetThemeMetric) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A55B4)
[Address] EAT @firefox.exe (GetThemePartSize) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289289F)
[Address] EAT @firefox.exe (GetThemePosition) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BB80D)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A0923)
[Address] EAT @firefox.exe (GetThemeRect) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BB936)
[Address] EAT @firefox.exe (GetThemeStream) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BB8CF)
[Address] EAT @firefox.exe (GetThemeString) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BB7A1)
[Address] EAT @firefox.exe (GetThemeSysBool) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCB86)
[Address] EAT @firefox.exe (GetThemeSysColor) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A5530)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCA32)
[Address] EAT @firefox.exe (GetThemeSysFont) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BC3D8)
[Address] EAT @firefox.exe (GetThemeSysInt) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BC5E7)
[Address] EAT @firefox.exe (GetThemeSysSize) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCC61)
[Address] EAT @firefox.exe (GetThemeSysString) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BC553)
[Address] EAT @firefox.exe (GetThemeTextExtent) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728989FE)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A778C)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289E1A1)
[Address] EAT @firefox.exe (GetWindowTheme) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A535B)
[Address] EAT @firefox.exe (HitTestThemeBackground) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A2DC1)
[Address] EAT @firefox.exe (IsAppThemed) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A7009)
[Address] EAT @firefox.exe (IsCompositionActive) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728965DF)
[Address] EAT @firefox.exe (IsThemeActive) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A6F36)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x7289281C)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCB3F)
[Address] EAT @firefox.exe (IsThemePartDefined) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728930CF)
[Address] EAT @firefox.exe (OpenThemeData) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x72895F29)
[Address] EAT @firefox.exe (OpenThemeDataEx) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A06FE)
[Address] EAT @firefox.exe (SetThemeAppProperties) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728BCCEC)
[Address] EAT @firefox.exe (SetWindowTheme) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728A7AFC)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x72899E39)
[Address] EAT @firefox.exe (ThemeInitApiHook) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x72894571)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : apphelp.dll -> HOOKED (C:\Windows\SysWOW64\UxTheme.dll @ 0x728B75ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM500JI +++++
--- User ---
[MBR] 90d9372705368b674b3b011c782c1729
[BSP] cfedb53062b99d9f326185456d9b091e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03302014_100136.txt >>




Step 3 upcoming



#10 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 March 2014 - 10:55 AM

Step 3

 

10:05:59.0758 0x0ab4  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
10:06:05.0576 0x0ab4  ============================================================
10:06:05.0577 0x0ab4  Current date / time: 2014/03/30 10:06:05.0576
10:06:05.0577 0x0ab4  SystemInfo:
10:06:05.0577 0x0ab4  
10:06:05.0577 0x0ab4  OS Version: 6.1.7601 ServicePack: 1.0
10:06:05.0577 0x0ab4  Product type: Workstation
10:06:05.0577 0x0ab4  ComputerName: BILLIEREADELL
10:06:05.0577 0x0ab4  UserName: Billie Readell
10:06:05.0577 0x0ab4  Windows directory: C:\Windows
10:06:05.0577 0x0ab4  System windows directory: C:\Windows
10:06:05.0577 0x0ab4  Running under WOW64
10:06:05.0577 0x0ab4  Processor architecture: Intel x64
10:06:05.0578 0x0ab4  Number of processors: 2
10:06:05.0578 0x0ab4  Page size: 0x1000
10:06:05.0578 0x0ab4  Boot type: Normal boot
10:06:05.0578 0x0ab4  ============================================================
10:06:05.0756 0x0ab4  KLMD registered as C:\Windows\system32\drivers\76930288.sys
10:06:05.0848 0x0ab4  System UUID: {B89E89A5-7A9F-9AEB-EDF9-91DC5AF35686}
10:06:06.0341 0x0ab4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:06:06.0349 0x0ab4  ============================================================
10:06:06.0349 0x0ab4  \Device\Harddisk0\DR0:
10:06:06.0349 0x0ab4  MBR partitions:
10:06:06.0349 0x0ab4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
10:06:06.0349 0x0ab4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
10:06:06.0349 0x0ab4  ============================================================
10:06:06.0390 0x0ab4  C: <-> \Device\Harddisk0\DR0\Partition2
10:06:06.0390 0x0ab4  ============================================================
10:06:06.0390 0x0ab4  Initialize success
10:06:06.0390 0x0ab4  ============================================================
10:06:30.0982 0x082c  KLMD registered as C:\Windows\system32\drivers\12052300.sys
10:06:31.0591 0x082c  Deinitialize success

Step 4

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/30/2014
Scan Time: 10:26:28 AM
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.30.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Billie Readell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 256490
Time Elapsed: 11 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Step 5

HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : BILLIEREADELL
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : BillieReadell\Billie Readell
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-03-30 10:30:32
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 38s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 32

   Objects scanned . . . : 3,622,006
   Files scanned . . . . : 35,363
   Remnants scanned  . . : 2,680,549 files / 906,094 keys

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKU\S-1-5-21-3999035689-735648510-22466983-1000\Software\Local AppWizard-Generated Applications\PCOptimizerPro\ (PCOptimizerPro)

Cookies _____________________________________________________________________

   C:\Users\Billie Readell\AppData\Roaming\Microsoft\Windows\Cookies\15JXCFZ9.txt
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:ads.ookla.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:ads.yahoo.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:at.atwola.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:atdmt.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:casalemedia.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:collective-media.net
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:doubleclick.net
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:interclick.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:media6degrees.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:mediaplex.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:ru4.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:serving-sys.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:xiti.com
   C:\Users\Billie Readell\AppData\Roaming\Mozilla\Firefox\Profiles\yfysyam7.default\cookies.sqlite:zedo.com

Step 6

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus           
Norton Internet Security   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 38  
 Java version out of Date!
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

All done. Appreciate all your help thus far.
 

 



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:50 AM

Posted 30 March 2014 - 11:40 AM

Hello,

 

 

There should have a bigger log file from TDSSKiller in the root folder of drive C:\

Please upload the log at pastebin.com and post the link to the log in your next reply.

 

Also please do this:

 

Please download the following file =>  and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Also I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either avast! Antivirus or Norton Internet Security.

 

Also make sure that you turn on the real-time protection of your Antivirus.

 

 

Also your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

  • Download the latest version of Java SE 8.
  • Click the Java SE 8  "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-8-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
    Java™ 6 Update 38
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-8-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

  • Please download JavaRa 2.5 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

It's your call. smile.png

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.06 to your PC's desktop.
 

  • Uninstall Adobe Reader 9 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 
Visit Microsoft's Windows Update Site Frequently
 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

Finally post a new log from SecurityCheck.

 

 

Regards,

Georgi


cXfZ4wS.png


#12 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 March 2014 - 11:49 AM

http://pastebin.com/5uL5ewSm

 

Sorry for the miss of that item. I will post the rest in another reply.



#13 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 March 2014 - 12:26 PM

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8    
 Java version out of Date!
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 



#14 sborobleepingcomp

sborobleepingcomp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 30 March 2014 - 12:28 PM

It says above my java is out of date but its not. I just went to it and tried to update and it said i had current version.



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:50 AM

Posted 30 March 2014 - 01:11 PM

Hello,

 

 

No worries about Java. SecurityCheck needs to be updated to cover it. :)

 

I noticed the following error as well:

 

 Windows Security Center service is not running! This report may not be accurate!

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Also please post the fixlog.txt from the steps in my previous post. :)

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users