Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win64/Patched.H trojan (ESET Threat name)


  • This topic is locked This topic is locked
12 replies to this topic

#1 sarah88

sarah88

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 23 April 2014 - 08:17 PM

Hello,

 

Thanks in advance for your help.

 

When running ESET, it says I am infected with Win64/Patched.H Trojan.

 

I have already run many anti-root kit, anti-malware etc. programs since I also had an issue with my computer playing ads in the background through an application called "Name Not Available" in Volume Mixer and I removed those symptoms using the bleepingcomputer.com thread found here - http://www.bleepingcomputer.com/forums/t/519117/my-computer-is-playing-ads-in-the-background-name-not-available-in-volume-mixer/.

 

However on the #14 post of the above thread where it says to run ESET, my scan did not come up clean as the OP's did. It says I am still infected with Win64/Patched.H Trojan.

 

Log is below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64    
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.2.1   
Run by Mommy at 20:46:48 on 2014-04-23   
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7990.5166 [GMT -4:00]   
.   
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}   
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}   
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}   
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}   
.   
============== Running Processes ===============   
.   
C:\Windows\system32\lsm.exe   
C:\Windows\system32\svchost.exe -k DcomLaunch   
C:\Windows\system32\svchost.exe -k RPCSS   
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted   
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted   
C:\Windows\system32\svchost.exe -k LocalService   
C:\Windows\system32\svchost.exe -k netsvcs   
C:\Windows\system32\svchost.exe -k NetworkService   
C:\Windows\system32\WLANExt.exe   
C:\Windows\System32\spoolsv.exe   
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork   
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   
C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe   
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt   
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe   
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe   
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe   
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE   
C:\Windows\System32\svchost.exe -k HPZ12   
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe   
C:\Windows\System32\svchost.exe -k HPZ12   
C:\Windows\system32\svchost.exe -k imgsvc   
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE   
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe   
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe   
C:\Windows\system32\svchost.exe -k HPService   
C:\Windows\system32\svchost.exe -k bthsvcs   
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted   
C:\Windows\system32\SearchIndexer.exe   
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe   
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe   
C:\Program Files\Windows Media Player\wmpnetwk.exe   
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation   
C:\Windows\system32\Dwm.exe   
C:\Windows\Explorer.EXE   
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe   
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   
C:\Windows\system32\taskhost.exe   
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe   
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE   
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe   
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe   
C:\Windows\system32\taskeng.exe   
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe   
C:\Program Files\Internet Explorer\iexplore.exe   
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE   
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe   
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE   
C:\Windows\system32\SearchFilterHost.exe   
C:\Windows\system32\SearchProtocolHost.exe   
C:\Windows\system32\taskeng.exe   
C:\Windows\system32\wbem\wmiprvse.exe   
C:\Windows\System32\cscript.exe   
.   
============== Pseudo HJT Report ===============   
.   
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll   
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll   
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll   
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>   
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll   
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\ips\ipsbho.dll   
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL   
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll   
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL   
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll   
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll   
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll   
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll   
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll   
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe   
"mRun: [QuickTime Task] ""C:\Program Files (x86)\QuickTime\QTTask.exe"" -atboottime"   
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe   
"mRun: [TrialLicenseUtility] ""C:\Program Files (x86)\Sage\Peachtree\PeachTrialLicenseUtility.exe"" /ini=""C:\Program Files (x86)\Common Files\Peach\PEACHTREE210.INI"""   
mRun: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config   
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe   
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145   
uPolicies-Explorer: NoDrives = dword:0   
mPolicies-Explorer: NoDrives = dword:0   
mPolicies-System: ConsentPromptBehaviorUser = dword:3   
mPolicies-System: EnableUIADesktopToggle = dword:0   
mPolicies-System: PromptOnSecureDesktop = dword:0   
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000   
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105   
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll   
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll   
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll   
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm   
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll   
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab   
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab   
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab   
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab   
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab   
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab   
TCP: NameServer = 192.168.1.1 71.252.0.12   
TCP: Interfaces\{8EB9357C-66C5-40AB-8EF7-C7AB6ECDC98D} : DHCPNameServer = 192.168.1.1 71.252.0.12   
TCP: Interfaces\{8EB9357C-66C5-40AB-8EF7-C7AB6ECDC98D}\24573796E65637370275F627C646 : DHCPNameServer = 204.197.193.146 204.197.193.145   
TCP: Interfaces\{8EB9357C-66C5-40AB-8EF7-C7AB6ECDC98D}\351627168672370296051646 : DHCPNameServer = 198.224.190.135 198.224.191.135   
TCP: Interfaces\{8EB9357C-66C5-40AB-8EF7-C7AB6ECDC98D}\3516271686723702960586F6E656 : DHCPNameServer = 172.20.10.1   
TCP: Interfaces\{D85817CD-A354-41D6-8F4E-3DC1DBF885ED} : DHCPNameServer = 69.78.134.231 69.78.80.231   
TCP: Interfaces\{F248E9B3-A8C4-423D-A3A7-340FB5ADDCE4} : DHCPNameServer = 10.20.0.1   
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL   
SSODL: WebCheck - <orphaned>   
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL   
LSA: Notification Packages =  DPPassFilter scecli   
"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - ""C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe"" --configure-user-settings --verbose-logging --system-level --multi-install --chrome"   
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll   
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL   
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll   
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL   
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll   
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll   
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe   
x64-Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe   
"x64-Run: [AdobeAAMUpdater-1.0] ""C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"""   
"x64-Run: [BCSSync] ""C:\Program Files\Microsoft Office\Office14\BCSSync.exe"" /DelayServices"   
"x64-RunOnce: [NCPluginUpdater] ""C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe"" Update"   
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll   
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll   
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm   
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab   
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab   
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab   
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL   
x64-Notify: igfxcui - igfxdev.dll   
x64-SSODL: WebCheck - <orphaned>   
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL   
.   
============= SERVICES / DRIVERS ===============   
.   
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1502000.026\symds64.sys [2014-3-27 493656]   
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1502000.026\symefa64.sys [2014-3-27 1148120]   
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [2014-4-15 1525976]   
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1502000.026\ccsetx64.sys [2014-3-27 162392]   
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20140422.001\IDSviA64.sys [2014-4-22 525016]   
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1502000.026\ironx64.sys [2014-3-27 264280]   
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1502000.026\symnets.sys [2014-3-27 593112]   
R2 FileOpenManagerService;FileOpen Manager Service;C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [2012-10-17 335288]   
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]   
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-3 418376]   
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-3 701512]   
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe [2014-3-27 276376]   
R2 psqlWGE;Pervasive PSQL Workgroup Engine;C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2013-1-8 436040]   
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]   
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-9-16 342056]   
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-16 39464]   
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880]   
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]   
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-30 56344]   
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]   
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-5-8 10610400]   
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-3 25928]   
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-21 413800]   
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]   
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]   
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]   
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\amppal.sys [2012-1-9 195584]   
S3 fdrawcmd;Low-level Floppy Driver;C:\Windows\System32\drivers\fdrawcmd.sys [2010-4-24 33144]   
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]   
S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\System32\drivers\htcusbnet.sys [2011-4-24 153600]   
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-17 111616]   
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]   
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]   
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]   
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-16 232992]   
S3 Sage 50 SmartPosting 2014;Sage 50 SmartPosting 2014;C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2014.exe [2013-2-22 329216]   
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]   
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]   
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]   
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]   
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-3 59392]   
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]   
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-8 1255736]   
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]   
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]   
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-16 89600]   
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-8 203264]   
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]   
S4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]   
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]   
S4 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/16 02:01:30;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-9-16 245232]   
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]   
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-4-25 31000]   
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]   
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]   
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]   
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-16 2533400]   
S4 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]   
S4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]   
.   
=============== File Associations ===============   
.   
"FileExt: .txt: Applications\EXCEL.EXE=""C:\Program Files\Microsoft Office\Office14\EXCEL.EXE"" ""%1"" [UserChoice]"   
.   
=============== Created Last 30 ================   
.   
4/23/2014 23:15 -------- d-----w- C:\Users\Mommy\AppData\Local\VirtualStore
4/23/2014 23:11 -------- d-sh--w- C:\$RECYCLE.BIN
4/23/2014 20:06 -------- d-----w- C:\Program Files (x86)\ESET
4/23/2014 19:50 -------- d-----w- C:\Program Files\CCleaner
4/23/2014 16:22 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
4/23/2014 15:39 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{655854E0-7129-4B3D-9E5D-C97BA9B2258B}\mpengine.dll
4/23/2014 15:26 -------- d-----w- C:\Windows\ERUNT
4/23/2014 15:12 -------- d-----w- C:\AdwCleaner
4/23/2014 15:09 -------- d-----w- C:\Users\Mommy\AppData\Local\Apps
4/23/2014 15:09 -------- d-----w- C:\Users\Mommy\AppData\Local\Deployment
4/23/2014 1:11 -------- d-----w- C:\TDSSKiller_Quarantine
4/22/2014 21:23 0 ----a-w- C:\Windows\System32\olepro32.DLL
4/22/2014 21:23 0 ----a-w- C:\Windows\System32\MSVBVM60.DLL
4/22/2014 21:23 0 ----a-w- C:\Windows\System32\atiuxpag.dll
4/22/2014 21:23 0 ----a-w- C:\Windows\System32\atiumdva.dll
4/22/2014 21:23 0 ----a-w- C:\Windows\System32\atiumdag.dll
4/22/2014 21:23 0 ----a-w- C:\Windows\System32\atiu9pag.dll
4/22/2014 21:23 0 ----a-w- C:\Windows\System32\atidxx32.dll
4/22/2014 21:03 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
4/22/2014 21:02 2467424 ----a-w- C:\HousecallLauncher64.exe
4/22/2014 15:05 -------- d-----w- C:\Users\Mommy\AppData\Roaming\Malwarebytes
4/21/2014 15:21 -------- d-----w- C:\Users\Mommy\AppData\Local\Programs
4/17/2014 14:27 -------- d-sh--w- C:\Users\Mommy\AppData\Local\EmieUserList
4/17/2014 14:27 -------- d-sh--w- C:\Users\Mommy\AppData\Local\EmieSiteList
4/17/2014 14:14 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
4/9/2014 1:54 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
4/8/2014 22:47 -------- d-----w- C:\Users\Mommy\AppData\Local\IsolatedStorage
4/8/2014 21:44 -------- d-----w- C:\Users\Mommy\AppData\Roaming\Intuit
4/7/2014 23:36 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
4/7/2014 23:35 -------- d-----w- C:\Users\Mommy\AppData\Local\Apple Computer
3/31/2014 16:30 -------- d-----w- C:\Users\Mommy\AppData\Roaming\InstaPostage
3/31/2014 16:26 -------- d-----w- C:\Program Files (x86)\Endicia
3/31/2014 16:25 -------- d-----w- C:\Users\Mommy\AppData\Roaming\Endicia
3/31/2014 16:25 -------- d-----w- C:\Program Files\Envelope Manager
3/31/2014 2:22 -------- d-----w- C:\Users\Mommy\AppData\Roaming\DYMO Stamps
3/31/2014 2:22 -------- d-----w- C:\Program Files (x86)\DYMO Stamps
3/30/2014 8:06 -------- d-----w- C:\Users\Mommy\AppData\Local\Corel
3/27/2014 14:48 -------- d-----w- C:\Users\Mommy\AppData\Local\HuluDesktop
3/27/2014 14:44 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\symnets.sys
3/27/2014 14:44 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\symelam.sys
3/27/2014 14:44 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\srtsp64.sys
3/27/2014 14:44 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\symds64.sys
3/27/2014 14:44 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\srtspx64.sys
3/27/2014 14:44 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1502000.026\ironx64.sys
3/27/2014 14:44 162392 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\ccsetx64.sys
3/27/2014 14:44 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1502000.026\symefa64.sys
3/27/2014 14:43 -------- d-----w- C:\Windows\System32\drivers\NISx64\1502000.026
3/25/2014 16:42 -------- d-----w- C:\Users\Mommy\AppData\Roaming\hpqlog
3/25/2014 16:30 -------- d-----w- C:\ProgramData\WWINTEST3
.   
==================== Find3M  ====================   
.   
3/31/2014 13:35 270496 ------w- C:\Windows\System32\MpSigStub.exe
3/6/2014 9:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
3/6/2014 9:31 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
3/6/2014 8:59 66048 ----a-w- C:\Windows\System32\iesetup.dll
3/6/2014 8:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
3/6/2014 8:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
3/6/2014 8:32 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
3/6/2014 8:29 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
3/6/2014 8:29 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
3/6/2014 8:15 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
3/6/2014 8:11 5784064 ----a-w- C:\Windows\System32\jscript9.dll
3/6/2014 8:02 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
3/6/2014 8:02 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
3/6/2014 8:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
3/6/2014 7:56 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
3/6/2014 7:46 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
3/6/2014 7:38 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
3/6/2014 7:36 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
3/6/2014 7:13 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
3/6/2014 7:11 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
3/6/2014 6:40 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
3/6/2014 6:22 2260480 ----a-w- C:\Windows\System32\wininet.dll
3/6/2014 5:41 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
3/4/2014 9:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
3/4/2014 9:44 243712 ----a-w- C:\Windows\System32\wow64.dll
3/4/2014 9:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
3/4/2014 9:44 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
3/4/2014 9:17 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
3/4/2014 9:17 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
3/4/2014 9:16 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
3/4/2014 9:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
3/4/2014 8:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
3/4/2014 8:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2/7/2014 1:23 3156480 ----a-w- C:\Windows\System32\win32k.sys
2/4/2014 2:35 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2/4/2014 2:35 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2/4/2014 2:32 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2/4/2014 2:32 624128 ----a-w- C:\Windows\System32\qedit.dll
2/4/2014 2:28 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2/4/2014 2:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2/4/2014 2:04 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2/4/2014 2:00 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
1/29/2014 2:32 484864 ----a-w- C:\Windows\System32\wer.dll
1/29/2014 2:06 381440 ----a-w- C:\Windows\SysWow64\wer.dll
1/28/2014 2:32 228864 ----a-w- C:\Windows\System32\wwansvc.dll
1/24/2014 2:37 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
12/5/2013 23:00 923784 ----a-w- C:\Program Files\cbsidlm-cbsi145-PriceBlink_for_Internet_Explorer-SEO-75851124.exe
.   
============= FINISH: 20:56:07.91 ===============   
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 24 April 2014 - 04:38 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 sarah88

sarah88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 24 April 2014 - 09:28 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by SYSTEM on MININT-QNATQUQ on 24-04-2014 10:08:39
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1092528 2012-10-17] (FileOpen Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrialLicenseUtility] => C:\Program Files (x86)\Sage\Peachtree\PeachTrialLicenseUtility.exe [505344 2013-02-22] (Sage Software)
HKLM-x32\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe [320816 2013-02-22] (Sage Software, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mommy\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Sara Thomas\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Susan Bryant\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
Lsa: [Notification Packages] DPPassFilter scecli

==================== Services (Whitelisted) =================

S4 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
S2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService64.exe [335288 2012-10-17] (FileOpen Systems Inc.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [436040 2013-01-08] (Pervasive Software Inc.)
S3 Sage 50 SmartPosting 2014; C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2014.exe [329216 2013-02-22] (Sage Software, Inc.)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (simonowen.com)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [153600 2010-12-14] (HTC Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20140423.001\IDSvia64.sys [525016 2014-03-27] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20140423.034\ENG64.SYS [126040 2014-02-03] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20140423.034\EX64.SYS [2099288 2014-02-03] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-04] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-05] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-24 09:45 - 2014-04-24 10:08 - 00000000 ____D () C:\FRST
2014-04-23 20:24 - 2014-04-23 20:24 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\VirtualStore
2014-04-23 16:56 - 2014-04-23 16:59 - 00014688 _____ () C:\Users\Mommy\Desktop\attach.txt
2014-04-23 16:56 - 2014-04-23 16:57 - 00026680 _____ () C:\Users\Mommy\Desktop\dds.txt
2014-04-23 15:19 - 2014-04-23 15:19 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Yahoo!
2014-04-23 15:15 - 2014-04-23 15:15 - 00000000 ____D () C:\Users\Mommy\AppData\Local\VirtualStore
2014-04-23 15:14 - 2014-04-24 05:48 - 00000168 _____ () C:\Windows\setupact.log
2014-04-23 15:14 - 2014-04-24 05:18 - 00002486 _____ () C:\Windows\PFRO.log
2014-04-23 15:14 - 2014-04-23 15:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 15:10 - 2014-04-23 15:11 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-23 12:06 - 2014-04-23 12:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-23 11:50 - 2014-04-23 11:50 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 08:22 - 2014-04-23 10:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-23 07:26 - 2014-04-23 07:26 - 00000000 ____D () C:\Windows\ERUNT
2014-04-23 07:12 - 2014-04-23 07:17 - 00000000 ____D () C:\AdwCleaner
2014-04-23 07:09 - 2014-04-23 07:10 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Deployment
2014-04-23 07:09 - 2014-04-23 07:09 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Apps\2.0
2014-04-22 17:11 - 2014-04-22 17:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-22 15:00 - 2014-04-22 16:08 - 00000000 ____D () C:\users\dub_cm_auto
2014-04-22 14:27 - 2014-04-23 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-04-22 14:23 - 2014-04-22 14:23 - 04142142 _____ () C:\Users\Mommy\Downloads\tdsskiller.zip
2014-04-22 13:47 - 2014-04-22 13:47 - 01027499 _____ () C:\Users\Mommy\AppData\Local\census.cache
2014-04-22 13:45 - 2014-04-22 13:45 - 00236674 _____ () C:\Users\Mommy\AppData\Local\ars.cache
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\olepro32.DLL
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\MSVBVM60.DLL
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiuxpag.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiumdva.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiumdag.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiu9pag.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atidxx32.dll
2014-04-22 13:03 - 2013-09-01 23:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2014-04-22 13:02 - 2014-04-22 13:02 - 02467424 _____ (Trend Micro Inc.) C:\HousecallLauncher64.exe
2014-04-22 13:02 - 2014-04-22 13:02 - 00000036 _____ () C:\Users\Mommy\AppData\Local\housecall.guid.cache
2014-04-22 07:05 - 2014-04-22 07:05 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Malwarebytes
2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Malwarebytes
2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 __SHD () C:\Users\Susan Bryant\AppData\Local\EmieUserList
2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 __SHD () C:\Users\Susan Bryant\AppData\Local\EmieSiteList
2014-04-17 21:32 - 2014-04-23 08:28 - 00000089 _____ () C:\Windows\System32\ghzecrq.eid
2014-04-17 21:27 - 2014-04-23 10:25 - 00037888 _____ () C:\Windows\System32\ngyby.fpd
2014-04-17 21:21 - 2014-04-23 10:25 - 00000102 _____ () C:\Windows\System32\pwcmm.yxw
2014-04-17 21:21 - 2014-04-17 21:21 - 00000064 _____ () C:\Windows\System32\wgou.mon
2014-04-17 21:05 - 2014-04-17 21:05 - 00301959 ____S () C:\Windows\System32\vfhcs.ftu
2014-04-17 06:27 - 2014-04-17 06:27 - 00000000 __SHD () C:\Users\Mommy\AppData\Local\EmieUserList
2014-04-17 06:27 - 2014-04-17 06:27 - 00000000 __SHD () C:\Users\Mommy\AppData\Local\EmieSiteList
2014-04-17 06:15 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-17 06:15 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-17 06:15 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-17 06:15 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-17 06:15 - 2014-03-06 00:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-17 06:15 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-17 06:15 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-17 06:15 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-17 06:15 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-17 06:15 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-17 06:14 - 2014-03-06 02:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-17 06:14 - 2014-03-06 01:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-17 06:14 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-17 06:14 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-17 06:14 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-17 06:14 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-17 06:14 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-17 06:14 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-17 06:14 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-17 06:14 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-17 06:14 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-17 06:14 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-17 06:14 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-17 06:14 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-17 06:14 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-17 06:14 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-17 06:14 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-17 06:14 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-17 06:14 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-17 06:14 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-17 06:14 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-17 06:14 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-17 06:14 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-17 06:14 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-17 06:14 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-17 06:14 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-17 06:14 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-17 06:14 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-17 06:14 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-17 06:14 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-17 06:14 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-17 06:14 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-17 06:14 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-17 06:14 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-17 06:14 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-17 06:14 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-17 06:14 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-17 06:14 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-15 22:14 - 2014-04-15 22:14 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\CrashDumps
2014-04-15 20:22 - 2014-04-15 20:22 - 00654074 _____ () C:\Users\Mommy\Downloads\Download.csv
2014-04-08 17:54 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-08 17:54 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-08 17:54 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-08 17:54 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-08 17:54 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-08 17:54 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 17:54 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 17:54 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 17:54 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 17:54 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 17:54 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 17:54 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-08 17:54 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-08 17:54 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-08 17:54 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-08 17:54 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 17:54 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-08 14:47 - 2014-04-08 14:47 - 00000000 ____D () C:\Users\Mommy\AppData\Local\IsolatedStorage
2014-04-08 13:44 - 2014-04-08 13:44 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Intuit
2014-04-07 15:36 - 2014-04-07 15:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-07 15:35 - 2014-04-07 15:35 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Apple Computer
2014-04-04 12:49 - 2014-04-04 12:49 - 00000000 ____D () C:\Users\Susan Bryant\FirefoxPortable
2014-04-04 12:41 - 2014-04-04 12:41 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Google
2014-04-04 12:27 - 2014-04-04 12:27 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Hewlett-Packard
2014-04-04 12:25 - 2014-04-04 12:25 - 00144232 _____ () C:\Users\Susan Bryant\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ___RD () C:\Users\Susan Bryant\Virtual Machines
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ___RD () C:\Users\Susan Bryant\Podcasts
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Apple Computer
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Adobe
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Wondershare
2014-04-04 12:24 - 2014-04-23 20:42 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Mozilla
2014-04-04 12:24 - 2014-04-23 20:24 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Adobe
2014-04-04 12:24 - 2014-04-22 16:04 - 00000000 ____D () C:\users\Susan Bryant
2014-04-04 12:24 - 2014-04-04 12:25 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Hewlett-Packard
2014-04-04 12:24 - 2014-04-04 12:24 - 00000020 ___SH () C:\Users\Susan Bryant\ntuser.ini
2014-04-04 12:24 - 2013-02-17 14:11 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Microsoft Help
2014-04-04 12:24 - 2010-09-16 01:10 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Macromedia
2014-04-03 21:21 - 2014-04-07 11:01 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\CrashDumps
2014-04-02 11:56 - 2014-04-02 11:56 - 00000000 ____D () C:\Users\Sara Thomas\Documents\Endicia
2014-04-02 11:56 - 2014-04-02 11:56 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Endicia
2014-03-31 08:30 - 2014-03-31 08:31 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\InstaPostage
2014-03-31 08:26 - 2014-04-04 17:06 - 00000807 _____ () C:\Users\Public\Desktop\dazzle.lnk
2014-03-31 08:26 - 2014-03-31 08:26 - 00001276 _____ () C:\Users\Public\Desktop\DYMO Printable Postage.lnk
2014-03-31 08:26 - 2014-03-31 08:26 - 00000000 ____D () C:\Program Files (x86)\Endicia
2014-03-31 08:25 - 2014-03-31 08:25 - 00000000 ____D () C:\Users\Mommy\Documents\Endicia
2014-03-31 08:25 - 2014-03-31 08:25 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Endicia
2014-03-31 08:25 - 2014-03-31 08:25 - 00000000 ____D () C:\Program Files\Envelope Manager
2014-03-31 08:23 - 2014-03-31 08:23 - 00117752 _____ () C:\Users\Mommy\Desktop\EndiciaStandardFullSetup.exe
2014-03-30 18:22 - 2014-03-30 18:22 - 00001047 _____ () C:\Users\Public\Desktop\DYMO Stamps.lnk
2014-03-30 18:22 - 2014-03-30 18:22 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\DYMO Stamps
2014-03-30 18:22 - 2014-03-30 18:22 - 00000000 ____D () C:\Program Files (x86)\DYMO Stamps
2014-03-30 18:21 - 2014-03-30 18:22 - 04063024 _____ () C:\Users\Mommy\Desktop\DYMOstampsWebSetup.exe
2014-03-30 14:15 - 2012-11-24 11:12 - 00001031 _____ () C:\Users\Mommy\Desktop\Adobe Download Assistant.lnk
2014-03-30 00:06 - 2014-03-30 00:07 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Corel
2014-03-30 00:05 - 2014-03-30 00:05 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Corel
2014-03-29 17:59 - 2014-04-23 09:48 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMommy
2014-03-29 17:59 - 2014-04-23 09:48 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForMommy.job
2014-03-28 09:52 - 2014-03-28 09:52 - 00000000 ____D () C:\Users\Sara Thomas\FirefoxPortable
2014-03-28 09:51 - 2014-03-28 09:51 - 27615216 _____ (PortableApps.com) C:\Users\Sara Thomas\Downloads\FirefoxPortable_28.0_English.paf.exe
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Google
2014-03-28 09:47 - 2014-03-28 09:47 - 00144232 _____ () C:\Users\Sara Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Hewlett-Packard
2014-03-28 09:46 - 2014-04-16 19:54 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Mozilla
2014-03-28 09:46 - 2014-04-16 19:47 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Adobe
2014-03-28 09:46 - 2014-03-28 09:52 - 00000000 ____D () C:\users\Sara Thomas
2014-03-28 09:46 - 2014-03-28 09:46 - 00000020 ___SH () C:\Users\Sara Thomas\ntuser.ini
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ___RD () C:\Users\Sara Thomas\Virtual Machines
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ___RD () C:\Users\Sara Thomas\Podcasts
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Hewlett-Packard
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Apple Computer
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Adobe
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Wondershare
2014-03-28 09:46 - 2013-02-17 14:11 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Microsoft Help
2014-03-28 09:46 - 2010-09-16 01:10 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Macromedia
2014-03-27 06:46 - 2014-03-27 06:46 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-25 08:42 - 2014-03-25 08:42 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\hpqlog
2014-03-25 08:30 - 2014-03-25 08:47 - 00000000 ____D () C:\ProgramData\WWINTEST3

==================== One Month Modified Files and Folders =======

2014-04-24 10:08 - 2014-04-24 09:45 - 00000000 ____D () C:\FRST
2014-04-24 06:06 - 2010-09-16 00:45 - 01221165 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 06:03 - 2012-04-02 18:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-24 06:02 - 2011-01-13 18:13 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 05:56 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 05:56 - 2009-07-13 20:45 - 00026192 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 05:49 - 2011-01-13 18:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 05:48 - 2014-04-23 15:14 - 00000168 _____ () C:\Windows\setupact.log
2014-04-24 05:48 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 05:18 - 2014-04-23 15:14 - 00002486 _____ () C:\Windows\PFRO.log
2014-04-23 20:42 - 2014-04-04 12:24 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Mozilla
2014-04-23 20:24 - 2014-04-23 20:24 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\VirtualStore
2014-04-23 20:24 - 2014-04-04 12:24 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Adobe
2014-04-23 16:59 - 2014-04-23 16:56 - 00014688 _____ () C:\Users\Mommy\Desktop\attach.txt
2014-04-23 16:57 - 2014-04-23 16:56 - 00026680 _____ () C:\Users\Mommy\Desktop\dds.txt
2014-04-23 16:31 - 2014-03-10 17:39 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Adobe
2014-04-23 15:19 - 2014-04-23 15:19 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Yahoo!
2014-04-23 15:19 - 2012-01-07 15:07 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-04-23 15:15 - 2014-04-23 15:15 - 00000000 ____D () C:\Users\Mommy\AppData\Local\VirtualStore
2014-04-23 15:14 - 2014-04-23 15:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-23 15:11 - 2014-04-23 15:10 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-23 15:10 - 2014-04-22 14:27 - 00000000 ____D () C:\Windows\erdnt
2014-04-23 12:06 - 2014-04-23 12:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-23 11:52 - 2014-03-19 15:57 - 00000000 ____D () C:\Users\Mommy\AppData\Local\CrashDumps
2014-04-23 11:52 - 2011-05-14 17:28 - 00000000 ____D () C:\Windows\Minidump
2014-04-23 11:52 - 2009-09-06 17:57 - 00000000 ____D () C:\Windows\Panther
2014-04-23 11:50 - 2014-04-23 11:50 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-23 11:50 - 2014-04-23 11:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 10:34 - 2014-04-23 08:22 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-23 10:34 - 2013-12-31 05:44 - 00000326 _____ () C:\Windows\SysWOW64\trialutility.log
2014-04-23 10:25 - 2014-04-17 21:27 - 00037888 _____ () C:\Windows\System32\ngyby.fpd
2014-04-23 10:25 - 2014-04-17 21:21 - 00000102 _____ () C:\Windows\System32\pwcmm.yxw
2014-04-23 09:48 - 2014-03-29 17:59 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMommy
2014-04-23 09:48 - 2014-03-29 17:59 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForMommy.job
2014-04-23 08:55 - 2009-07-13 18:34 - 00000273 _____ () C:\Windows\system.ini
2014-04-23 08:28 - 2014-04-17 21:32 - 00000089 _____ () C:\Windows\System32\ghzecrq.eid
2014-04-23 07:26 - 2014-04-23 07:26 - 00000000 ____D () C:\Windows\ERUNT
2014-04-23 07:17 - 2014-04-23 07:12 - 00000000 ____D () C:\AdwCleaner
2014-04-23 07:17 - 2014-03-10 17:39 - 00000000 ____D () C:\users\Mommy
2014-04-23 07:10 - 2014-04-23 07:09 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Deployment
2014-04-23 07:09 - 2014-04-23 07:09 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Apps\2.0
2014-04-22 17:11 - 2014-04-22 17:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-22 16:08 - 2014-04-22 15:00 - 00000000 ____D () C:\users\dub_cm_auto
2014-04-22 16:08 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2014-04-22 16:04 - 2014-04-04 12:24 - 00000000 ____D () C:\users\Susan Bryant
2014-04-22 14:23 - 2014-04-22 14:23 - 04142142 _____ () C:\Users\Mommy\Downloads\tdsskiller.zip
2014-04-22 13:47 - 2014-04-22 13:47 - 01027499 _____ () C:\Users\Mommy\AppData\Local\census.cache
2014-04-22 13:45 - 2014-04-22 13:45 - 00236674 _____ () C:\Users\Mommy\AppData\Local\ars.cache
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\olepro32.DLL
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\MSVBVM60.DLL
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiuxpag.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiumdva.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiumdag.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atiu9pag.dll
2014-04-22 13:23 - 2014-04-22 13:23 - 00000000 _____ () C:\Windows\System32\atidxx32.dll
2014-04-22 13:02 - 2014-04-22 13:02 - 02467424 _____ (Trend Micro Inc.) C:\HousecallLauncher64.exe
2014-04-22 13:02 - 2014-04-22 13:02 - 00000036 _____ () C:\Users\Mommy\AppData\Local\housecall.guid.cache
2014-04-22 11:33 - 2011-01-13 18:13 - 00000000 ____D () C:\Program Files\Google
2014-04-22 11:33 - 2011-01-13 18:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-22 07:35 - 2014-03-10 18:57 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Google
2014-04-22 07:35 - 2011-01-13 18:12 - 00000000 ____D () C:\ProgramData\Google
2014-04-22 07:34 - 2011-01-09 07:16 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-04-22 07:05 - 2014-04-22 07:05 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Malwarebytes
2014-04-21 16:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-04-21 07:22 - 2014-03-04 14:58 - 00003320 _____ () C:\Windows\System32\Tasks\PinItAutoUpdate
2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Malwarebytes
2014-04-19 09:48 - 2011-01-08 18:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-19 09:47 - 2011-11-06 05:58 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 __SHD () C:\Users\Susan Bryant\AppData\Local\EmieUserList
2014-04-18 17:53 - 2014-04-18 17:53 - 00000000 __SHD () C:\Users\Susan Bryant\AppData\Local\EmieSiteList
2014-04-17 21:21 - 2014-04-17 21:21 - 00000064 _____ () C:\Windows\System32\wgou.mon
2014-04-17 21:05 - 2014-04-17 21:05 - 00301959 ____S () C:\Windows\System32\vfhcs.ftu
2014-04-17 06:27 - 2014-04-17 06:27 - 00000000 __SHD () C:\Users\Mommy\AppData\Local\EmieUserList
2014-04-17 06:27 - 2014-04-17 06:27 - 00000000 __SHD () C:\Users\Mommy\AppData\Local\EmieSiteList
2014-04-17 06:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 20:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-16 19:54 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Mozilla
2014-04-16 19:47 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Adobe
2014-04-15 22:14 - 2014-04-15 22:14 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\CrashDumps
2014-04-15 20:22 - 2014-04-15 20:22 - 00654074 _____ () C:\Users\Mommy\Downloads\Download.csv
2014-04-09 12:05 - 2011-06-11 20:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 20:08 - 2011-03-06 09:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 20:07 - 2013-08-17 20:10 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-08 20:03 - 2011-08-04 02:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-08 14:47 - 2014-04-08 14:47 - 00000000 ____D () C:\Users\Mommy\AppData\Local\IsolatedStorage
2014-04-08 13:44 - 2014-04-08 13:44 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Intuit
2014-04-07 15:36 - 2014-04-07 15:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-07 15:35 - 2014-04-07 15:35 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Apple Computer
2014-04-07 15:35 - 2014-03-10 17:40 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Apple Computer
2014-04-07 11:01 - 2014-04-03 21:21 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\CrashDumps
2014-04-04 17:06 - 2014-03-31 08:26 - 00000807 _____ () C:\Users\Public\Desktop\dazzle.lnk
2014-04-04 12:49 - 2014-04-04 12:49 - 00000000 ____D () C:\Users\Susan Bryant\FirefoxPortable
2014-04-04 12:41 - 2014-04-04 12:41 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Google
2014-04-04 12:27 - 2014-04-04 12:27 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Hewlett-Packard
2014-04-04 12:25 - 2014-04-04 12:25 - 00144232 _____ () C:\Users\Susan Bryant\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ___RD () C:\Users\Susan Bryant\Virtual Machines
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ___RD () C:\Users\Susan Bryant\Podcasts
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Apple Computer
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Adobe
2014-04-04 12:25 - 2014-04-04 12:25 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Local\Wondershare
2014-04-04 12:25 - 2014-04-04 12:24 - 00000000 ____D () C:\Users\Susan Bryant\AppData\Roaming\Hewlett-Packard
2014-04-04 12:24 - 2014-04-04 12:24 - 00000020 ___SH () C:\Users\Susan Bryant\ntuser.ini
2014-04-02 11:56 - 2014-04-02 11:56 - 00000000 ____D () C:\Users\Sara Thomas\Documents\Endicia
2014-04-02 11:56 - 2014-04-02 11:56 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Endicia
2014-04-01 09:40 - 2012-04-26 06:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-03-31 15:51 - 2009-07-13 21:13 - 00790154 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-31 08:31 - 2014-03-31 08:30 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\InstaPostage
2014-03-31 08:26 - 2014-03-31 08:26 - 00001276 _____ () C:\Users\Public\Desktop\DYMO Printable Postage.lnk
2014-03-31 08:26 - 2014-03-31 08:26 - 00000000 ____D () C:\Program Files (x86)\Endicia
2014-03-31 08:25 - 2014-03-31 08:25 - 00000000 ____D () C:\Users\Mommy\Documents\Endicia
2014-03-31 08:25 - 2014-03-31 08:25 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Endicia
2014-03-31 08:25 - 2014-03-31 08:25 - 00000000 ____D () C:\Program Files\Envelope Manager
2014-03-31 08:23 - 2014-03-31 08:23 - 00117752 _____ () C:\Users\Mommy\Desktop\EndiciaStandardFullSetup.exe
2014-03-31 05:35 - 2011-03-08 17:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-03-30 18:22 - 2014-03-30 18:22 - 00001047 _____ () C:\Users\Public\Desktop\DYMO Stamps.lnk
2014-03-30 18:22 - 2014-03-30 18:22 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\DYMO Stamps
2014-03-30 18:22 - 2014-03-30 18:22 - 00000000 ____D () C:\Program Files (x86)\DYMO Stamps
2014-03-30 18:22 - 2014-03-30 18:21 - 04063024 _____ () C:\Users\Mommy\Desktop\DYMOstampsWebSetup.exe
2014-03-30 00:07 - 2014-03-30 00:06 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Corel
2014-03-30 00:06 - 2014-03-10 17:47 - 00000000 ____D () C:\Users\Mommy\Documents\My PSP Files
2014-03-30 00:05 - 2014-03-30 00:05 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\Corel
2014-03-29 17:59 - 2014-03-10 17:40 - 00000000 ____D () C:\Users\Mommy\AppData\Local\Hewlett-Packard
2014-03-29 17:56 - 2011-01-13 18:13 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 17:56 - 2011-01-13 18:13 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 11:53 - 2011-01-06 16:19 - 00000000 ____D () C:\users\Sarah
2014-03-28 09:52 - 2014-03-28 09:52 - 00000000 ____D () C:\Users\Sara Thomas\FirefoxPortable
2014-03-28 09:52 - 2014-03-28 09:46 - 00000000 ____D () C:\users\Sara Thomas
2014-03-28 09:51 - 2014-03-28 09:51 - 27615216 _____ (PortableApps.com) C:\Users\Sara Thomas\Downloads\FirefoxPortable_28.0_English.paf.exe
2014-03-28 09:50 - 2014-03-28 09:50 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Google
2014-03-28 09:47 - 2014-03-28 09:47 - 00144232 _____ () C:\Users\Sara Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-28 09:47 - 2014-03-28 09:47 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Hewlett-Packard
2014-03-28 09:46 - 2014-03-28 09:46 - 00000020 ___SH () C:\Users\Sara Thomas\ntuser.ini
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ___RD () C:\Users\Sara Thomas\Virtual Machines
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ___RD () C:\Users\Sara Thomas\Podcasts
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Hewlett-Packard
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Apple Computer
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Roaming\Adobe
2014-03-28 09:46 - 2014-03-28 09:46 - 00000000 ____D () C:\Users\Sara Thomas\AppData\Local\Wondershare
2014-03-27 06:46 - 2014-03-27 06:46 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-03-27 06:45 - 2013-10-04 14:12 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-27 06:45 - 2010-09-16 01:15 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-03-27 06:45 - 2010-09-16 01:14 - 00000000 ____D () C:\Windows\System32\Drivers\NISx64
2014-03-25 08:56 - 2009-07-13 18:34 - 00000857 _____ () C:\Windows\win.ini
2014-03-25 08:47 - 2014-03-25 08:30 - 00000000 ____D () C:\ProgramData\WWINTEST3
2014-03-25 08:42 - 2014-03-25 08:42 - 00000000 ____D () C:\Users\Mommy\AppData\Roaming\hpqlog

Some content of TEMP:
====================
C:\Users\Mommy\AppData\Local\Temp\ntdll_dump.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-04-23 15:09:47

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 7989.86 MB
Available physical RAM: 7049.16 MB
Total Pagefile: 7988.01 MB
Available Pagefile: 7043.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:909.1 GB) (Free:803.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:22.12 GB) (Free:3.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: (My Passport) (Fixed) (Total:931.48 GB) (Free:913.52 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2FBFE761)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=909 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: E9D07FDD)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

LastRegBack: 2014-04-19 10:19

==================== End Of Log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 24 April 2014 - 10:09 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    C:\Users\Mommy\AppData\Local\Temp\ntdll_dump.dll
    2014-04-17 21:21 - 2014-04-17 21:21 - 00000064 _____ () C:\Windows\System32\wgou.mon
    2014-04-17 21:05 - 2014-04-17 21:05 - 00301959 ____S () C:\Windows\System32\vfhcs.ftu
    2014-04-23 08:28 - 2014-04-17 21:32 - 00000089 _____ () C:\Windows\System32\ghzecrq.eid
    2014-04-23 10:25 - 2014-04-17 21:27 - 00037888 _____ () C:\Windows\System32\ngyby.fpd
    2014-04-23 10:25 - 2014-04-17 21:21 - 00000102 _____ () C:\Windows\System32\pwcmm.yxw

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

When finished, boot into windows.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 sarah88

sarah88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 24 April 2014 - 10:16 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by SYSTEM at 2014-04-24 22:18:53 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
C:\Users\Mommy\AppData\Local\Temp\ntdll_dump.dll
2014-04-17 21:21 - 2014-04-17 21:21 - 00000064 _____ () C:\Windows\System32\wgou.mon
2014-04-17 21:05 - 2014-04-17 21:05 - 00301959 ____S () C:\Windows\System32\vfhcs.ftu
2014-04-23 08:28 - 2014-04-17 21:32 - 00000089 _____ () C:\Windows\System32\ghzecrq.eid
2014-04-23 10:25 - 2014-04-17 21:27 - 00037888 _____ () C:\Windows\System32\ngyby.fpd
2014-04-23 10:25 - 2014-04-17 21:21 - 00000102 _____ () C:\Windows\System32\pwcmm.yxw
*****************

C:\Users\Mommy\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Windows\System32\wgou.mon => Moved successfully.
C:\Windows\System32\vfhcs.ftu => Moved successfully.
C:\Windows\System32\ghzecrq.eid => Moved successfully.
C:\Windows\System32\ngyby.fpd => Moved successfully.
C:\Windows\System32\pwcmm.yxw => Moved successfully.

==== End of Fixlog ====

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/24/2014
Scan Time: 11:12:50 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.25.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mommy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426577
Time Elapsed: 42 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 28
PUP.Optional.AdPeak.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [4e3765c94b305bdba0cf97819b67de22],
PUP.Optional.AdPeak.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [4e3765c94b305bdba0cf97819b67de22],
PUP.Optional.AdPeak.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [4e3765c94b305bdba0cf97819b67de22],
PUP.Optional.AdPeak.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [4e3765c94b305bdba0cf97819b67de22],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3462C343-BE19-4143-AF70-CEFB56F46FC6}, Quarantined, [493c5dd1afcc5ed88662361b14ee7b85],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3462C343-BE19-4143-AF70-CEFB56F46FC6}, Quarantined, [493c5dd1afcc5ed88662361b14ee7b85],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3462C343-BE19-4143-AF70-CEFB56F46FC6}, Quarantined, [493c5dd1afcc5ed88662361b14ee7b85],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3462C343-BE19-4143-AF70-CEFB56F46FC6}, Quarantined, [493c5dd1afcc5ed88662361b14ee7b85],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}, Quarantined, [86ff1717344761d55d8cdc75887a7888],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}, Quarantined, [86ff1717344761d55d8cdc75887a7888],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}, Quarantined, [86ff1717344761d55d8cdc75887a7888],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}, Quarantined, [86ff1717344761d55d8cdc75887a7888],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{60E91567-EF8A-4520-BCE2-83ABA5256799}, Quarantined, [aed773bb92e9c0763daedb760ff38f71],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{60E91567-EF8A-4520-BCE2-83ABA5256799}, Quarantined, [aed773bb92e9c0763daedb760ff38f71],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{60E91567-EF8A-4520-BCE2-83ABA5256799}, Quarantined, [aed773bb92e9c0763daedb760ff38f71],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{60E91567-EF8A-4520-BCE2-83ABA5256799}, Quarantined, [aed773bb92e9c0763daedb760ff38f71],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, Quarantined, [5e27cb630477999d650c1702a2603fc1],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, Quarantined, [5e27cb630477999d650c1702a2603fc1],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, Quarantined, [5e27cb630477999d650c1702a2603fc1],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}, Quarantined, [5e27cb630477999d650c1702a2603fc1],
PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, Quarantined, [7411cb631a6150e627d69286867c857b],
PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, Quarantined, [7411cb631a6150e627d69286867c857b],
PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, Quarantined, [7411cb631a6150e627d69286867c857b],
PUP.Optional.ConnectDLC.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}, Quarantined, [7411cb631a6150e627d69286867c857b],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}, Quarantined, [b6cf0a24a3d8181e82f077a2dd255ba5],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}, Quarantined, [b6cf0a24a3d8181e82f077a2dd255ba5],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}, Quarantined, [b6cf0a24a3d8181e82f077a2dd255ba5],
PUP.Optional.ShopAtHome.A, HKU\S-1-5-21-3600505754-3538946782-1716727534-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}, Quarantined, [b6cf0a24a3d8181e82f077a2dd255ba5],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 25 April 2014 - 05:03 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 sarah88

sarah88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 25 April 2014 - 09:51 AM

C:\AdwCleaner\Quarantine\C\AI_RecycleBin\{E394770B-0439-4E84-BEF0-0C122CD491F4}\4\Super Backup\SuperBackupApp.exe.vir a variant of MSIL/Adware.StrongVault.A application
C:\Program Files\cbsidlm-cbsi145-PriceBlink_for_Internet_Explorer-SEO-75851124.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\TDSSKiller_Quarantine\22.04.2014_21.08.56\susp0000\svc0000\tsk0000.dta Win64/Patched.H trojan
C:\TDSSKiller_Quarantine\22.04.2014_21.08.56\susp0001\svc0000\tsk0000.dta Win64/Patched.H trojan
C:\TDSSKiller_Quarantine\22.04.2014_21.08.56\susp0002\svc0000\tsk0000.dta Win64/Patched.H trojan
C:\TDSSKiller_Quarantine\22.04.2014_21.08.56\susp0003\svc0000\tsk0000.dta Win64/Patched.H trojan
C:\Users\Mommy\AppData\Local\Apps\2.0\8600NKLR.JL9\QX542OXD.PEV\clic..tion_527ca8f903e24370_0001.0000_f1f26bef16827400\SetUp.exe a variant of Win32/AdWare.iBryte.Y application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJORHL1\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IT02CVL1\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJORHL1\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IT02CVL1\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application
F:\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 28 April 2014 - 06:38 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 sarah88

sarah88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 April 2014 - 10:12 AM

# AdwCleaner v3.205 - Report created 29/04/2014 at 10:41:08
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mommy - MOMMYBS-HP
# Running from : C:\Users\Mommy\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg
Folder Deleted : C:\Users\Sara Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg
Folder Deleted : C:\Users\Susan Bryant\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg
Folder Deleted : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppjemjejnnojomfekgbpbbnecicblllf
Folder Deleted : C:\Users\Sara Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppjemjejnnojomfekgbpbbnecicblllf
Folder Deleted : C:\Users\Susan Bryant\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppjemjejnnojomfekgbpbbnecicblllf

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

#NAME?

#NAME?

[ File : C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Sara Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Susan Bryant\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

*************************

AdwCleaner[R0].txt - [15888 octets] - [23/04/2014 11:12:39]
AdwCleaner[R1].txt - [2428 octets] - [29/04/2014 10:39:53]
AdwCleaner[S0].txt - [15983 octets] - [23/04/2014 11:17:08]
AdwCleaner[S1].txt - [2375 octets] - [29/04/2014 10:41:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2435 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mommy on Tue 04/29/2014 at 10:48:31.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/29/2014 at 10:54:50.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Got the following error running Security Check:

 

UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

That was from downloading from Link 1, Link 2 came up page not found.

 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 29 April 2014 - 10:59 AM

Please reboot your system and try again as instructed...


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 sarah88

sarah88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 29 April 2014 - 06:09 PM

 Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.0.2   
 Java™ 6 Update 20 
 Java™ 7 Update 2 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 34.0.1847.116 
 Google Chrome 34.0.1847.131 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 08 May 2014 - 03:57 PM

Your system is clean! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 20 May 2014 - 02:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users