Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Issues with antimalware service, System Restore, Quick Launch


  • This topic is locked This topic is locked
12 replies to this topic

#1 KAPM

KAPM

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:03 AM

Posted 18 April 2014 - 07:55 PM

Hello,

 

I started having issues with my computer a few days ago, with it running extremely slowly.  Eventual I would get the following error, antimalware service executable has encountered a problem.

 

I tried to use system restore to several different dates, but the restore would not succeed.  

 

I did just enough investigating to be dangerous and uninstalled Microsoft Security Essentials before realizing that it wouldn't be available to reinstall (Note: Currently running Windows XP as I can't afford to upgrade).  

 

Also saw an issue with my quick launch section of the toolbar not being visible.  I did get that back.

 

Wondering what is up with my computer.  Any help would be appreciated.



BC AdBot (Login to Remove)

 


#2 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:03 AM

Posted 18 April 2014 - 08:04 PM

Sorry, didn't mean to post this yet, as I haven't performed the necessary preliminary tasks for posting on this forum and I can't figure out how to delete the post.  Computer is running verrryyyy slowly so it may be awhile.



#3 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:03 AM

Posted 19 April 2014 - 09:27 PM

Alright ready to start.  Thank you for reading this...  :)   I have pasted the DDS.txt file here, but was unable to include the attach.txt file as it said it was too big too upload.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Kristin at 20:09:55 on 2014-04-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.124 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Kristin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uProxyOverride = <local>;*.local
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\docume~1\kristin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kristin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\kristin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361972003250
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://axis-6ef1bb.axiscam.net/activex/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{1E61E0F3-64DE-4081-9A8D-1F797D93A7AC} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
Notify: KNConnection - c:\program files\knconnection\knls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-18 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-18 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-18 411552]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-18 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-18 50344]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-16 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-16 857912]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2011-2-14 1242440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-16 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-16 107736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]
.
=============== Created Last 30 ================
.
2014-04-19 20:22:25 -------- d-----w- c:\program files\CodeStuff
2014-04-19 13:28:16 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2014-04-19 00:39:32 -------- d-----w- c:\documents and settings\kristin\application data\AVAST Software
2014-04-19 00:24:55 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-19 00:24:55 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-19 00:24:53 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-19 00:24:53 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-19 00:24:52 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-19 00:24:36 43152 ----a-w- c:\windows\avastSS.scr
2014-04-19 00:22:26 -------- d-----w- c:\program files\AVAST Software
2014-04-19 00:20:34 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2014-04-17 04:07:27 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-17 03:58:32 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-17 03:58:32 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 03:58:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-03-27 12:16:01 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-27 12:16:01 13312 ------w- c:\windows\system32\xp_eos.exe
.
==================== Find3M  ====================
.
2014-03-12 13:24:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 13:24:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ------w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ------w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ------w- c:\windows\system32\qedit.dll
2013-12-06 13:32:28 0 -c--a-w- c:\program files\GUM6F.tmp
.
============= FINISH: 20:11:44.70 ===============
 

 



#4 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:03 AM

Posted 19 April 2014 - 09:36 PM

:clapping: Attached File  attach.txt   36.8KB   0 downloads

 

Yea!  Figured out how to delete my old attached files, so now I am able to include attach.txt



#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 23 April 2014 - 08:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531587 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:03 AM

Posted 24 April 2014 - 08:19 AM

Attached File  attach.txt   35.93KB   1 downloadsAttached File  attach.txt   35.93KB   1 downloads

 

Thank you for the response.  Currently I am still having issues, but haven't tried system restore again.  Also, I do not have a windows CD.  Here are the requested logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Kristin at 7:09:10 on 2014-04-24
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.414 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: avast! Antivirus *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uProxyOverride = <local>;*.local
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\docume~1\kristin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kristin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\kristin\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361972003250
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://axis-6ef1bb.axiscam.net/activex/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
Notify: KNConnection - c:\program files\knconnection\knls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2014-4-22 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [2014-4-22 252464]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-18 180632]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-4-22 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-18 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-18 411552]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-18 67824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-16 23256]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-12 13:24:56 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 13:24:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ------w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ------w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ------w- c:\windows\system32\qedit.dll
2013-12-06 13:32:28 0 -c--a-w- c:\program files\GUM6F.tmp
.
============= FINISH:  7:12:09.50 ===============

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,926 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 24 April 2014 - 01:25 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need more information on this knls.dll file.
Notify: KNConnection - c:\program files\knconnection\knls.dll

>>> Run Jotti's malware scan: Please copy this line (in bold):
c:\program files\knconnection\knls.dll
  • Go to Jotti's malware scan
  • and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Capture.JPG
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#8 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:03 AM

Posted 25 April 2014 - 08:48 AM

Attached File  Addition.txt   37.48KB   1 downloads

 

Hello,

 

Thank you so much for your help.  I suspect the file you are inquiring about is from Knowledge Network Surveys.  I used to take part in these but no longer do. I thought I had removed their programs, but it appears I haven't.

 


I need more information on this knls.dll file.
Notify: KNConnection - c:\program files\knconnection\knls.dll

>>> Run Jotti's malware scan: Please copy this line (in bold):
c:\program files\knconnection\knls.dll

 

Here is the Permalink:  http://virusscan.jotti.org/en/scanresult/7b55d6cf99db95652109bee734c6791f78a62c16 

 

Following is the RogueKiller report:

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Kristin [Admin rights]
Mode : Scan -- Date : 04/24/2014 22:36:37
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] FileBackup 1.job : C:\Program Files\Roxio\BackOnTrack\File Backup\TrayProtect.exe - C:\Documents and Settings\Kristin\My Documents\9-12-2010_0908.RBC /Schedule "FileBackup 1" [x][-] -> FOUND
[V1][SUSP PATH] FileBackup 2.job : C:\Program Files\Roxio\BackOnTrack\File Backup\TrayProtect.exe - C:\Documents and Settings\Kristin\My Documents\9-24-2010_1821.RBC /Schedule "FileBackup 2" [x][-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
ÿþ1
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800JB-00JJC0 +++++
--- User ---
[MBR] 2f05fe990cbf9b53b4973965b34316b7
[BSP] 0cd98c529bd87fdfc79934f1125847f1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04242014_223637.txt >>
 
 
 
and here is the Farbar Recovery Scan Tool report:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by Kristin (administrator) on CFK-30051ACBF9E on 24-04-2014 22:52:34
Running from C:\Documents and Settings\Kristin\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(SupportSoft, Inc.) C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Primax Electronics Ltd.) C:\WINDOWS\system32\ICO.EXE
() C:\WINDOWS\system32\FSRremoS.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Primax Electronics Ltd.) C:\WINDOWS\system32\Pelmiced.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Dropbox, Inc.) C:\Documents and Settings\Kristin\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2006-01-13] (HP)
HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\WINDOWS\system32\ICO.EXE [57344 2003-11-20] (Primax Electronics Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-18] (AVAST Software)
Winlogon\Notify\KNConnection: c:\program files\knconnection\knls.dll (VoiceFive Networks, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Kristin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Kristin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Kristin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB6D328D084B7CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://axis-6ef1bb.axiscam.net/activex/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: InfoAtoms - C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2013-03-21]
FF HKLM\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files\KNConnection
FF Extension: KNConnection - C:\Program Files\KNConnection [2011-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\Kristin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\Kristin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Kristin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-29]
CHR Extension: (Google Search) - C:\Documents and Settings\Kristin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Kristin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Kristin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-18]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-22] (AVAST Software)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5049352 2013-10-10] (Carbonite, Inc. (www.carbonite.com))
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [1242440 2011-02-14] (SupportSoft, Inc.)
S2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [X]
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-18] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-04-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-18] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-04-22] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252464 2014-04-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-18] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-18] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-18] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-18] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-18] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-18] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [369024 2006-08-15] (Broadcom Corporation)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-24] (Malwarebytes Corporation)
R3 pelmouse; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
R3 pelusblf; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
S3 RT2500; C:\WINDOWS\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2013-03-22] ()
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]
U1 WS2IFSL; 
S3 XDva356; \??\C:\WINDOWS\system32\XDva356.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-24 22:52 - 2014-04-24 22:53 - 00016950 _____ () C:\Documents and Settings\Kristin\Desktop\FRST.txt
2014-04-24 22:52 - 2014-04-24 22:52 - 00000000 ____D () C:\FRST
2014-04-24 22:49 - 2014-04-24 22:49 - 00001975 _____ () C:\Documents and Settings\Kristin\Desktop\RKreport[0]_D_04242014_224910.txt
2014-04-24 22:36 - 2014-04-24 22:36 - 00001925 _____ () C:\Documents and Settings\Kristin\Desktop\RKreport[0]_S_04242014_223637.txt
2014-04-24 22:20 - 2014-04-24 22:50 - 00000000 ____D () C:\Documents and Settings\Kristin\Desktop\RK_Quarantine
2014-04-24 22:20 - 2014-04-24 22:20 - 03972608 _____ () C:\Documents and Settings\Kristin\Desktop\RogueKiller.exe
2014-04-24 22:18 - 2014-04-24 22:19 - 01048576 _____ (Farbar) C:\Documents and Settings\Kristin\Desktop\FRST.exe
2014-04-24 22:17 - 2014-04-24 22:17 - 00000081 _____ () C:\Documents and Settings\Kristin\Desktop\042414.txt
2014-04-22 07:29 - 2014-04-22 07:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2014-04-22 07:05 - 2014-04-22 07:29 - 00013571 _____ () C:\WINDOWS\KB2808679.log
2014-04-22 06:55 - 2014-04-22 06:55 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
2014-04-22 06:38 - 2014-04-22 06:34 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-04-22 06:38 - 2014-04-22 06:31 - 00252464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-04-22 06:31 - 2014-04-22 06:31 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2014-04-19 20:24 - 2014-04-24 18:51 - 00007461 _____ () C:\Documents and Settings\Kristin\Desktop\Attach.zip
2014-04-19 20:08 - 2014-04-19 20:08 - 00688992 ____R (Swearware) C:\Documents and Settings\Kristin\Desktop\dds.com
2014-04-19 14:23 - 2014-04-19 14:23 - 00000000 ___HD () C:\Documents and Settings\All Users\Start Menu\Programs\Startup (Disabled by Starter)
2014-04-19 14:22 - 2014-04-19 14:22 - 00001724 _____ () C:\Documents and Settings\Kristin\Desktop\CodeStuff Starter.lnk
2014-04-19 14:22 - 2014-04-19 14:22 - 00000000 ____D () C:\Program Files\CodeStuff
2014-04-19 14:22 - 2014-04-19 14:22 - 00000000 ____D () C:\Documents and Settings\Kristin\Start Menu\Programs\CodeStuff Starter
2014-04-19 09:59 - 2014-04-19 09:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Intuit
2014-04-19 07:28 - 2014-04-19 07:28 - 00025992 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\pgdfgsvc.exe
2014-04-18 18:39 - 2014-04-18 18:39 - 00000000 ____D () C:\Documents and Settings\Kristin\Application Data\AVAST Software
2014-04-18 18:26 - 2014-04-22 06:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-04-18 18:25 - 2014-04-24 18:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-18 18:24 - 2014-04-18 18:24 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-18 18:24 - 2014-04-18 18:24 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-18 18:24 - 2014-04-18 18:24 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-04-18 18:22 - 2014-04-18 18:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 18:20 - 2014-04-18 18:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-04-18 18:16 - 2014-04-18 18:20 - 88882192 _____ (AVAST Software) C:\Documents and Settings\Kristin\Desktop\avast_free_antivirus_setup.exe
2014-04-17 22:36 - 2014-04-17 22:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-16 22:07 - 2014-04-24 21:01 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-16 21:59 - 2014-04-16 21:59 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 21:58 - 2014-04-17 22:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-16 21:58 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-16 21:58 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-08 21:20 - 2014-04-08 21:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 20:58 - 2014-04-08 21:05 - 00011232 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 16:45 - 2014-04-08 21:20 - 00012818 _____ () C:\WINDOWS\KB2922229.log
2014-04-04 06:43 - 2014-04-04 06:43 - 00259719 _____ () C:\Documents and Settings\Kristin\Desktop\Windows 8 Upgrade Assistant.mht
2014-03-27 17:48 - 2014-04-24 18:17 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-27 17:48 - 2014-04-08 20:50 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-27 07:09 - 2014-03-27 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 07:07 - 2014-03-27 07:09 - 00004087 _____ () C:\WINDOWS\KB2934207.log
2014-03-27 06:16 - 2014-02-25 19:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-27 06:16 - 2014-02-25 19:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
 
==================== One Month Modified Files and Folders =======
 
2014-04-24 22:53 - 2014-04-24 22:52 - 00016950 _____ () C:\Documents and Settings\Kristin\Desktop\FRST.txt
2014-04-24 22:52 - 2014-04-24 22:52 - 00000000 ____D () C:\FRST
2014-04-24 22:51 - 2010-08-28 09:17 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB2A2D11-A3F5-491F-A86A-ECB1317998EC}.job
2014-04-24 22:51 - 2010-05-21 12:32 - 02040513 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-24 22:50 - 2014-04-24 22:20 - 00000000 ____D () C:\Documents and Settings\Kristin\Desktop\RK_Quarantine
2014-04-24 22:49 - 2014-04-24 22:49 - 00001975 _____ () C:\Documents and Settings\Kristin\Desktop\RKreport[0]_D_04242014_224910.txt
2014-04-24 22:36 - 2014-04-24 22:36 - 00001925 _____ () C:\Documents and Settings\Kristin\Desktop\RKreport[0]_S_04242014_223637.txt
2014-04-24 22:24 - 2012-03-30 18:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-24 22:20 - 2014-04-24 22:20 - 03972608 _____ () C:\Documents and Settings\Kristin\Desktop\RogueKiller.exe
2014-04-24 22:19 - 2014-04-24 22:18 - 01048576 _____ (Farbar) C:\Documents and Settings\Kristin\Desktop\FRST.exe
2014-04-24 22:17 - 2014-04-24 22:17 - 00000081 _____ () C:\Documents and Settings\Kristin\Desktop\042414.txt
2014-04-24 21:54 - 2010-10-18 06:16 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cb6ebe4b4665dc.job
2014-04-24 21:01 - 2014-04-16 22:07 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 20:35 - 2010-05-21 12:39 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-24 18:51 - 2014-04-19 20:24 - 00007461 _____ () C:\Documents and Settings\Kristin\Desktop\Attach.zip
2014-04-24 18:43 - 2014-04-18 18:25 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-04-24 18:20 - 2012-12-19 19:18 - 00000000 ___RD () C:\Documents and Settings\Kristin\My Documents\Dropbox
2014-04-24 18:20 - 2012-12-19 19:12 - 00000000 ____D () C:\Documents and Settings\Kristin\Application Data\Dropbox
2014-04-24 18:18 - 2010-05-21 12:30 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-24 18:17 - 2014-03-27 17:48 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-24 18:17 - 2010-10-18 06:16 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cb6ebe48c9d1fe.job
2014-04-24 18:17 - 2004-08-10 06:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-24 18:08 - 2012-05-02 18:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-04-24 18:08 - 2010-05-21 12:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-24 18:08 - 2010-05-21 04:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-24 18:08 - 2010-05-21 04:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-24 07:20 - 2012-05-09 06:41 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-04-24 07:20 - 2010-08-16 07:48 - 00000178 ___SH () C:\Documents and Settings\Kristin\ntuser.ini
2014-04-24 07:13 - 2011-06-18 22:02 - 00422470 _____ () C:\WINDOWS\setupapi.log
2014-04-23 22:20 - 2012-03-25 10:30 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-22 20:18 - 2010-08-16 07:48 - 00000000 ____D () C:\Documents and Settings\Kristin
2014-04-22 07:29 - 2014-04-22 07:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2014-04-22 07:29 - 2014-04-22 07:05 - 00013571 _____ () C:\WINDOWS\KB2808679.log
2014-04-22 07:29 - 2010-05-21 04:47 - 02053192 _____ () C:\WINDOWS\FaxSetup.log
2014-04-22 07:29 - 2010-05-21 04:47 - 01031865 _____ () C:\WINDOWS\ocgen.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00947223 _____ () C:\WINDOWS\tsoc.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00692643 _____ () C:\WINDOWS\comsetup.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00631330 _____ () C:\WINDOWS\msmqinst.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00419176 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00361198 _____ () C:\WINDOWS\netfxocm.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00245599 _____ () C:\WINDOWS\iis6.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00142909 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00113999 _____ () C:\WINDOWS\ocmsn.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00104653 _____ () C:\WINDOWS\tabletoc.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00103181 _____ () C:\WINDOWS\msgsocm.log
2014-04-22 07:29 - 2010-05-21 04:47 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-22 06:55 - 2014-04-22 06:55 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
2014-04-22 06:55 - 2014-04-18 18:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-04-22 06:54 - 2011-03-16 06:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-22 06:34 - 2014-04-22 06:38 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-04-22 06:31 - 2014-04-22 06:38 - 00252464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-04-22 06:31 - 2014-04-22 06:31 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2014-04-19 20:08 - 2014-04-19 20:08 - 00688992 ____R (Swearware) C:\Documents and Settings\Kristin\Desktop\dds.com
2014-04-19 19:38 - 2010-08-25 09:24 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-04-19 14:23 - 2014-04-19 14:23 - 00000000 ___HD () C:\Documents and Settings\All Users\Start Menu\Programs\Startup (Disabled by Starter)
2014-04-19 14:22 - 2014-04-19 14:22 - 00001724 _____ () C:\Documents and Settings\Kristin\Desktop\CodeStuff Starter.lnk
2014-04-19 14:22 - 2014-04-19 14:22 - 00000000 ____D () C:\Program Files\CodeStuff
2014-04-19 14:22 - 2014-04-19 14:22 - 00000000 ____D () C:\Documents and Settings\Kristin\Start Menu\Programs\CodeStuff Starter
2014-04-19 09:59 - 2014-04-19 09:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Intuit
2014-04-19 09:29 - 2010-05-21 04:45 - 00000328 __RSH () C:\boot.ini
2014-04-19 09:29 - 2004-08-10 06:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-04-19 09:29 - 2004-08-10 06:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-19 07:28 - 2014-04-19 07:28 - 00025992 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\pgdfgsvc.exe
2014-04-18 19:48 - 2010-05-21 04:46 - 00182768 _____ () C:\WINDOWS\setupact.log
2014-04-18 18:39 - 2014-04-18 18:39 - 00000000 ____D () C:\Documents and Settings\Kristin\Application Data\AVAST Software
2014-04-18 18:24 - 2014-04-18 18:24 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-04-18 18:24 - 2014-04-18 18:24 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-04-18 18:24 - 2014-04-18 18:24 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-04-18 18:24 - 2014-04-18 18:24 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-04-18 18:22 - 2014-04-18 18:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-18 18:20 - 2014-04-18 18:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-04-18 18:20 - 2014-04-18 18:16 - 88882192 _____ (AVAST Software) C:\Documents and Settings\Kristin\Desktop\avast_free_antivirus_setup.exe
2014-04-17 22:36 - 2014-04-17 22:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-17 22:36 - 2011-04-19 20:37 - 00000000 ____D () C:\Documents and Settings\Kristin\Application Data\Malwarebytes
2014-04-17 22:35 - 2014-04-16 21:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-17 18:32 - 2010-05-21 04:39 - 00000000 ____D () C:\WINDOWS\pchealth
2014-04-16 22:05 - 2011-01-25 21:51 - 00001945 ____C () C:\WINDOWS\epplauncher.mif
2014-04-16 21:59 - 2014-04-16 21:59 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-16 21:59 - 2011-04-19 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-10 20:10 - 2012-09-14 06:46 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-08 21:20 - 2014-04-08 21:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 21:20 - 2014-04-08 16:45 - 00012818 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 21:20 - 2010-05-21 04:47 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 21:19 - 2010-08-15 09:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-08 21:15 - 2013-08-11 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-08 21:06 - 2010-05-21 13:21 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-08 21:05 - 2014-04-08 20:58 - 00011232 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 21:05 - 2010-05-21 13:07 - 00156669 _____ () C:\WINDOWS\updspapi.log
2014-04-08 21:04 - 2010-05-21 14:46 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-08 20:50 - 2014-03-27 17:48 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-07 06:57 - 2010-08-16 13:06 - 00000000 ____D () C:\Documents and Settings\Kristin\Application Data\ZoomBrowser EX
2014-04-07 06:57 - 2010-08-16 13:05 - 00000000 ____D () C:\Documents and Settings\Kristin\Application Data\CameraWindowDC
2014-04-05 08:08 - 2013-03-18 07:05 - 00014536 _____ () C:\Documents and Settings\Kristin\Desktop\Uniforms.xlsx
2014-04-04 06:43 - 2014-04-04 06:43 - 00259719 _____ () C:\Documents and Settings\Kristin\Desktop\Windows 8 Upgrade Assistant.mht
2014-04-03 09:51 - 2014-04-16 21:58 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-16 21:58 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-27 07:09 - 2014-03-27 07:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-27 07:09 - 2014-03-27 07:07 - 00004087 _____ () C:\WINDOWS\KB2934207.log
2014-03-25 06:38 - 2010-08-16 07:49 - 00000178 ___SH () C:\Documents and Settings\Phil\ntuser.ini
 
Files to move or delete:
====================
C:\Documents and Settings\Kristin\jagex_runescape_preferences.dat
C:\Documents and Settings\Kristin\jagex_runescape_preferences2.dat
C:\Documents and Settings\Phillip\jagex_runescape_preferences.dat
C:\Documents and Settings\Phillip\jagex_runescape_preferences2.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Kristin\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Kristin\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage32.exe
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage64.exe
C:\Documents and Settings\Kristin\Local Settings\temp\installhelper.dll
C:\Documents and Settings\Kristin\Local Settings\temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih[1].exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fe.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fex64.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Kristin\Local Settings\temp\ntdll_dump.dll
C:\Documents and Settings\Kristin\Local Settings\temp\SearchHelper.exe
C:\Documents and Settings\Kristin\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\Kristin\Local Settings\temp\SRAssetsHelper.dll
C:\Documents and Settings\Kristin\Local Settings\temp\Strongvault.exe
C:\Documents and Settings\Kristin\Local Settings\temp\tbMixi.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,926 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 25 April 2014 - 10:26 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
Winlogon\Notify\KNConnection: c:\program files\knconnection\knls.dll (VoiceFive Networks, Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
FF Extension: InfoAtoms - C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2013-03-21]
FF HKLM\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files\KNConnection
FF Extension: KNConnection - C:\Program Files\KNConnection [2011-08-22]
S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X]
U1 WS2IFSL;
S3 XDva356; \??\C:\WINDOWS\system32\XDva356.sys [X]
C:\Documents and Settings\Kristin\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Kristin\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage32.exe
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage64.exe
C:\Documents and Settings\Kristin\Local Settings\temp\installhelper.dll
C:\Documents and Settings\Kristin\Local Settings\temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih[1].exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fe.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fex64.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Kristin\Local Settings\temp\ntdll_dump.dll
C:\Documents and Settings\Kristin\Local Settings\temp\SearchHelper.exe
C:\Documents and Settings\Kristin\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\Kristin\Local Settings\temp\SRAssetsHelper.dll
C:\Documents and Settings\Kristin\Local Settings\temp\Strongvault.exe
C:\Documents and Settings\Kristin\Local Settings\temp\tbMixi.dll

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#10 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:03 AM

Posted 28 April 2014 - 09:53 AM

I'm including the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014
Ran by Kristin at 2014-04-28 08:46:46 Run:1
Running from C:\Documents and Settings\Kristin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\KNConnection: c:\program files\knconnection\knls.dll (VoiceFive Networks, Inc.)
BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
FF Extension: InfoAtoms - C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2013-03-21]
FF HKLM\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files\KNConnection
FF Extension: KNConnection - C:\Program Files\KNConnection [2011-08-22]
S3 WPRO_40_1340;
system32\drivers\WPRO_40_1340.sys [X]
U1 WS2IFSL;
S3 XDva356; \??\C:\WINDOWS\system32\XDva356.sys [X]
C:\Documents and Settings\Kristin\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Kristin\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage32.exe
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage64.exe
C:\Documents and Settings\Kristin\Local Settings\temp\installhelper.dll
C:\Documents and Settings\Kristin\Local Settings\temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih[1].exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local
Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fe.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fex64.exe
C:\Documents and Settings\Kristin\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Kristin\Local Settings\temp\ntdll_dump.dll
C:\Documents and Settings\Kristin\Local Settings\temp\SearchHelper.exe
C:\Documents and Settings\Kristin\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\Kristin\Local Settings\temp\SRAssetsHelper.dll
C:\Documents and Settings\Kristin\Local Settings\temp\Strongvault.exe
C:\Documents and Settings\Kristin\Local Settings\temp\tbMixi.dll

End

*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\KNConnection => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: Google Toolbar Notifier BHO - => Key not found.
HKCR\CLSID\BHO: Google Toolbar Notifier BHO - => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614} => Value deleted successfully.
C:\Program Files\KNConnection => Moved successfully.
WPRO_40_1340 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
XDva356 => Service deleted successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\AskSLib.dll => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\contentDATs.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage32.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\imagepackage64.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\installhelper.dll => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\install_flashplayer11x32axau_gtbd_chrd_dn_aih[1].exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
"C:\Documents and Settings\Kristin\Local" => File/Directory not found.
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fe.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\mpam-fex64.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\mssinstaller.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\SearchHelper.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\SecurityScan_Release.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\SRAssetsHelper.dll => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\Strongvault.exe => Moved successfully.
C:\Documents and Settings\Kristin\Local Settings\temp\tbMixi.dll => Moved successfully.

==== End of Fixlog ====

 

and here is the checkup.txt:

 

 Results of screen317's Security Check version 0.99.82 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus               
Microsoft Security Essentials  
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 39 
 Java 7 Update 25 
 Java version out of Date!
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

 

I will do some testing of my system later today and post the results then.

 

Thank you again for your assistance.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,926 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 28 April 2014 - 10:34 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u55.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 39
Java 7 Update 25


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,926 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 04 May 2014 - 08:21 AM

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,926 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 10 May 2014 - 08:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users