Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome (browser.exe) processes - I have it as well


  • This topic is locked This topic is locked
8 replies to this topic

#1 christine315

christine315

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 29 August 2014 - 08:24 PM

Hi There,

New to the site. I seem to have the same problem many others have discussed here. I dowloaded and ran the FRST and here are my results.

Can you please help?? An additional note, as I was typing this yet another window is playing something in the background although I can't see it.

 

FRST Notepad-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-08-2014 01

Ran by Christine (administrator) on MURPHS on 29-08-2014 17:59:04

Running from C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAL3Z1SU

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

() C:\Windows\System32\UTSCSI.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

() C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Google Inc.) C:\Users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe

(Google Inc.) C:\Users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe

(Google Inc.) C:\Users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe

(Google Inc.) C:\Users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)

HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-02] (Hewlett-Packard)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-18] (Panda Security, S.L.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Run: [cdloader] => C:\Users\Christine\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2011-08-23] (magicJack L.P.)

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Christine\AppData\Local\Google\Desktop\Install\{6eafbdfb-1624-7891-b48c-d81310fa2096}\d'x"Ù"\", &h#\. ùû[

\{6eafbdfb-1624-7891-b48c-d81310fa2096}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Run: [ModulatorHiggs] => C:\Windows\system32\rundll32.exe "C:\Users\Christine\AppData\Local\ModulatorHiggs\ModulatorHiggs.dll",DllRegisterServer <===== ATTENTION

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\MountPoints2: {b3e0c8bb-0004-11e0-a5b7-00150559cbd2} - J:\DigitalPhotoViewer.exe

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-10] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3504357902-638132322-372981072-1000\$6eafbdfb16247891b48cd81310fa2096\n. ATTENTION! ====> ZeroAccess?

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\christine2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

GroupPolicyUsers\S-1-5-21-3504357902-638132322-372981072-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:43902

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=992b6ed0-71a1-11e2-883a-00219b1109e5

URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = ${SEARCH_URL}{searchTerms}

SearchScopes: HKLM - {B2E752DA-4B7D-48D4-B49C-811D7BC3B63E} URL = ${SEARCH_URL}{searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=c1LGbBcZOhVvwlOPjLExgY3ANIU?q={searchTerms}

SearchScopes: HKCU - {B2E752DA-4B7D-48D4-B49C-811D7BC3B63E} URL =

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File

Toolbar: HKCU - No Name - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - No File

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} https://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @mywebsearch.com/Plugin -> C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll No File

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\CHRIST~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11]

FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\1.bin

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:

=======

CHR CustomProfile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]

CHR Extension: (Google Drive) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]

CHR Extension: (YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]

CHR Extension: (Google Search) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]

CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]

CHR Extension: (Gmail) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]

CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\CHRIST~1\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-02] (Panda Security, S.L.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]

R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-18] (Panda Security, S.L.)

R2 UTSCSI; C:\Windows\system32\UTSCSI.EXE [45056 2011-10-14] () [File not signed]

S2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\Users\Christine\Documents\EmsisoftEmergencyKit[1]\Run\a2ddax86.sys [22056 2013-04-28] (Emsisoft GmbH)

R1 DasBootL; C:\Windows\system32\drivers\DasBootL.SYS [4992 2014-08-24] () [File not signed]

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-28] (Panda Security, S.L.)

R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-28] (Panda Security, S.L.)

R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-28] (Panda Security, S.L.)

R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-28] (Panda Security, S.L.)

R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-28] (Panda Security, S.L.)

S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-28] (Panda Security, S.L.)

R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-28] (Panda Security, S.L.)

R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-28] (Panda Security, S.L.)

R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-28] (Panda Security, S.L.)

R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-28] (Panda Security, S.L.)

R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-28] (Panda Security, S.L.)

R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-28] (Panda Security, S.L.)

R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)

R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-10-11] (Panda Security, S.L.)

R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-10-11] (Panda Security, S.L.)

R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-10-11] (Panda Security, S.L.)

R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-10-11] (Panda Security, S.L.)

S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-10-11] (Panda Security, S.L.)

R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2013-02-07] () [File not signed]

R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [85760 2007-12-27] (Rocket Division Software)

S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

R4 PsBoot; system32\Drivers\PsBoot.sys [X]

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 17:58 - 2014-08-29 17:59 - 00000000 ____D () C:\FRST

2014-08-29 17:01 - 2014-08-29 17:04 - 02103808 _____ (Farbar) C:\Users\Christine\Downloads\FRST64.exe

2014-08-29 04:20 - 2014-08-29 04:20 - 00000000 ____D () C:\Users\Christine\AppData\Local\ModulatorHiggs

2014-08-28 03:00 - 2014-08-22 18:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 03:00 - 2014-08-22 16:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 20:35 - 2014-08-24 20:35 - 00000000 ____D () C:\PandaCloudCleaner

2014-08-24 20:35 - 2014-08-24 20:34 - 00217769 ____H () C:\grldr

2014-08-24 20:35 - 2014-08-24 20:34 - 00009216 ____H () C:\grldr.mbr

2014-08-24 20:35 - 2014-08-24 20:34 - 00004992 _____ () C:\Windows\system32\Drivers\DasbootL.SYS

2014-08-24 20:35 - 2014-08-24 20:34 - 00000517 ____H () C:\menu.lst

2014-08-23 03:09 - 2014-06-26 15:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-23 03:09 - 2014-06-26 15:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-23 03:09 - 2014-06-26 15:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-23 03:09 - 2014-06-05 21:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-22 22:11 - 2014-08-22 22:11 - 00000000 ____D () C:\Windows\pss

2014-08-22 22:10 - 2014-08-22 22:10 - 00000000 ____D () C:\Users\Christine\AppData\Local\tjnet

2014-08-22 21:47 - 2014-06-13 17:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-22 21:47 - 2014-06-13 17:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-22 21:47 - 2014-06-02 03:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-22 21:47 - 2014-06-02 03:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-22 21:47 - 2014-06-02 03:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-22 21:47 - 2014-06-02 03:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-08-22 21:47 - 2014-06-02 01:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-22 21:45 - 2014-07-24 11:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-22 21:45 - 2014-07-24 10:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-22 21:45 - 2014-07-24 10:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-22 21:45 - 2014-07-24 10:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-22 21:45 - 2014-07-24 10:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-22 21:45 - 2014-07-24 10:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-22 21:45 - 2014-07-24 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-22 21:45 - 2014-07-24 10:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-22 21:45 - 2014-07-24 10:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-22 21:45 - 2014-07-24 10:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-22 21:45 - 2014-07-24 10:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-22 21:45 - 2014-07-24 10:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-22 21:45 - 2014-07-07 17:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-22 18:08 - 2014-08-22 18:08 - 00017244 _____ () C:\Users\Christine\Desktop\dds.txt

2014-08-22 17:51 - 2014-08-22 20:15 - 00000000 ____D () C:\AdwCleaner

2014-08-22 17:48 - 2014-08-22 17:48 - 00028672 _____ () C:\Users\Christine\Documents\Malware fix.wps

2014-08-21 23:26 - 2014-08-21 23:55 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-21 19:49 - 2014-08-21 19:54 - 00005020 _____ () C:\Users\Christine\Desktop\Rkill.txt

2014-08-12 18:17 - 2014-08-12 18:17 - 00044544 _____ () C:\Users\Christine\AppData\Roaming\nwrqb.dll

2014-08-12 18:17 - 2014-08-12 18:17 - 00000000 _____ () C:\Users\Christine\AppData\Roaming\oucdk.dll

2014-08-12 06:18 - 2014-08-12 06:17 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-12 06:17 - 2014-08-12 06:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-12 06:17 - 2014-08-12 06:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-12 06:17 - 2014-08-12 06:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-08-11 22:43 - 2014-08-26 21:51 - 00039936 _____ () C:\Users\Christine\Documents\ebay notes COACH.wps

2014-08-10 06:29 - 2014-08-10 06:29 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log

2014-08-10 06:26 - 2014-08-10 06:26 - 00918440 _____ (Oracle Corporation) C:\Users\Christine\Downloads\chromeinstall-7u67.exe

2014-08-02 06:19 - 2014-08-02 06:19 - 00195584 _____ () C:\Users\Christine\Documents\bank statement 8-2-14.wps

2014-07-31 06:44 - 2014-07-31 06:44 - 00213504 _____ () C:\Users\Christine\Documents\Bank Acct 7-31-2014.wps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 17:59 - 2014-08-29 17:58 - 00000000 ____D () C:\FRST

2014-08-29 17:36 - 2013-07-05 03:14 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce79686398a1b0.job

2014-08-29 17:26 - 2008-11-21 19:58 - 01170074 _____ () C:\Windows\WindowsUpdate.log

2014-08-29 17:21 - 2006-11-02 03:33 - 00760432 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-29 17:16 - 2013-07-05 03:14 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce796862ffe420.job

2014-08-29 17:15 - 2013-05-26 21:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-29 17:15 - 2006-11-02 05:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-29 17:15 - 2006-11-02 05:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-29 17:12 - 2006-11-02 06:01 - 00018780 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-29 17:11 - 2012-05-28 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\SoftGrid Client

2014-08-29 17:04 - 2014-08-29 17:01 - 02103808 _____ (Farbar) C:\Users\Christine\Downloads\FRST64.exe

2014-08-29 04:20 - 2014-08-29 04:20 - 00000000 ____D () C:\Users\Christine\AppData\Local\ModulatorHiggs

2014-08-29 02:36 - 2009-05-09 09:11 - 00001356 _____ () C:\Users\Christine\AppData\Local\d3d9caps.dat

2014-08-28 03:21 - 2006-11-02 05:47 - 00360936 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-26 21:51 - 2014-08-11 22:43 - 00039936 _____ () C:\Users\Christine\Documents\ebay notes COACH.wps

2014-08-26 21:51 - 2009-02-12 00:15 - 00015008 _____ () C:\Users\Christine\AppData\Roaming\wklnhst.dat

2014-08-24 21:27 - 2013-01-02 21:35 - 00005279 _____ () C:\Users\Christine\AppData\Local\47ee2339-8b33-4135-8e54-cb72d3001851.crx

2014-08-24 21:22 - 2010-12-08 08:09 - 00000000 ____D () C:\Program Files\uTorrentBar

2014-08-24 20:35 - 2014-08-24 20:35 - 00000000 ____D () C:\PandaCloudCleaner

2014-08-24 20:34 - 2014-08-24 20:35 - 00217769 ____H () C:\grldr

2014-08-24 20:34 - 2014-08-24 20:35 - 00009216 ____H () C:\grldr.mbr

2014-08-24 20:34 - 2014-08-24 20:35 - 00004992 _____ () C:\Windows\system32\Drivers\DasbootL.SYS

2014-08-24 20:34 - 2014-08-24 20:35 - 00000517 ____H () C:\menu.lst

2014-08-23 08:58 - 2009-04-14 23:22 - 00120320 _____ () C:\Users\Christine\Documents\EBAY NOTE.wps

2014-08-23 03:48 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache

2014-08-23 03:42 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-23 03:14 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-23 03:10 - 2006-11-02 03:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-08-23 02:42 - 2013-11-22 22:37 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-22 22:11 - 2014-08-22 22:11 - 00000000 ____D () C:\Windows\pss

2014-08-22 22:11 - 2010-12-08 08:07 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\uTorrent

2014-08-22 22:10 - 2014-08-22 22:10 - 00000000 ____D () C:\Users\Christine\AppData\Local\tjnet

2014-08-22 22:09 - 2009-02-11 17:30 - 00000000 ____D () C:\Users\Christine\AppData\Local\Google

2014-08-22 21:37 - 2013-06-02 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-08-22 21:28 - 2011-10-13 18:23 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\mjusbsp

2014-08-22 21:28 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-08-22 21:27 - 2006-11-02 03:22 - 49020928 _____ () C:\Windows\system32\config\software_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 42467328 _____ () C:\Windows\system32\config\components_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 33292288 _____ () C:\Windows\system32\config\system_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 00524288 _____ () C:\Windows\system32\config\default_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2014-08-22 21:21 - 2013-02-09 20:27 - 00000000 ____D () C:\Users\Mcx1

2014-08-22 21:21 - 2010-02-07 11:24 - 00000000 ____D () C:\Users\christine2

2014-08-22 21:21 - 2009-02-11 17:28 - 00000000 ____D () C:\Users\Christine

2014-08-22 21:19 - 2013-11-22 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-08-22 21:19 - 2013-02-07 23:21 - 00000000 ____D () C:\ProgramData\APN

2014-08-22 21:19 - 2013-02-07 20:49 - 00000000 ____D () C:\ProgramData\Premium

2014-08-22 21:19 - 2013-02-07 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagniPic

2014-08-22 21:19 - 2013-02-07 20:43 - 00000000 ____D () C:\ProgramData\MagniPic

2014-08-22 21:19 - 2012-03-03 00:50 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

2014-08-22 21:19 - 2011-10-20 06:15 - 00000000 ____D () C:\Users\Christine\AppData\Local\MagicRingForeverPlugin

2014-08-22 21:19 - 2011-10-20 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicRingForeverPlugin

2014-08-22 21:19 - 2010-12-08 08:08 - 00000000 ____D () C:\Program Files\uTorrent

2014-08-22 21:19 - 2010-12-07 01:08 - 00000000 ____D () C:\Program Files\BitTorrent

2014-08-22 21:19 - 2010-12-07 01:07 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\BitTorrent

2014-08-22 21:19 - 2010-08-29 10:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-08-22 21:19 - 2009-02-11 20:48 - 00000000 ____D () C:\ProgramData\HP Product Assistant

2014-08-22 21:19 - 2008-11-22 02:10 - 00000000 ____D () C:\Program Files\Google

2014-08-22 21:19 - 2008-11-22 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting

2014-08-22 21:19 - 2008-11-22 02:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-08-22 21:19 - 2008-11-22 02:08 - 00000000 ____D () C:\Program Files\NetWaiting

2014-08-22 21:19 - 2006-11-02 04:18 - 00000000 __RSD () C:\Windows\Media

2014-08-22 21:19 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool

2014-08-22 21:18 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration

2014-08-22 20:57 - 2011-10-13 18:23 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\mjusbsp(136)

2014-08-22 20:16 - 2008-01-20 19:47 - 00678612 _____ () C:\Windows\PFRO.log

2014-08-22 20:15 - 2014-08-22 17:51 - 00000000 ____D () C:\AdwCleaner

2014-08-22 18:08 - 2014-08-22 18:08 - 00017244 _____ () C:\Users\Christine\Desktop\dds.txt

2014-08-22 18:03 - 2014-08-28 03:00 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 17:48 - 2014-08-22 17:48 - 00028672 _____ () C:\Users\Christine\Documents\Malware fix.wps

2014-08-22 16:26 - 2014-08-28 03:00 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 23:55 - 2014-08-21 23:26 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-21 22:50 - 2012-08-31 19:44 - 00000000 ____D () C:\Windows\Minidump

2014-08-21 19:54 - 2014-08-21 19:49 - 00005020 _____ () C:\Users\Christine\Desktop\Rkill.txt

2014-08-12 18:17 - 2014-08-12 18:17 - 00044544 _____ () C:\Users\Christine\AppData\Roaming\nwrqb.dll

2014-08-12 18:17 - 2014-08-12 18:17 - 00000000 _____ () C:\Users\Christine\AppData\Roaming\oucdk.dll

2014-08-12 06:18 - 2014-02-01 22:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-12 06:18 - 2008-11-22 02:07 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-08-12 06:17 - 2014-08-12 06:18 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-12 06:17 - 2014-08-12 06:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-12 06:17 - 2014-08-12 06:17 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-12 06:17 - 2014-08-12 06:17 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-08-12 01:04 - 2011-05-08 08:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-10 06:29 - 2014-08-10 06:29 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log

2014-08-10 06:29 - 2008-11-22 02:07 - 00000000 ____D () C:\Program Files\Java

2014-08-10 06:26 - 2014-08-10 06:26 - 00918440 _____ (Oracle Corporation) C:\Users\Christine\Downloads\chromeinstall-7u67.exe

2014-08-05 09:20 - 2009-10-02 22:43 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-08-04 09:30 - 2014-05-19 20:33 - 00023552 _____ () C:\Users\Christine\Documents\ebay note2.wps

2014-08-03 07:36 - 2011-04-28 18:23 - 00019968 _____ () C:\Users\Christine\Documents\ebay hoodies.wps

2014-08-02 07:00 - 2011-08-11 10:51 - 00282112 _____ () C:\Users\Christine\Documents\3.wps

2014-08-02 06:19 - 2014-08-02 06:19 - 00195584 _____ () C:\Users\Christine\Documents\bank statement 8-2-14.wps

2014-07-31 06:44 - 2014-07-31 06:44 - 00213504 _____ () C:\Users\Christine\Documents\Bank Acct 7-31-2014.wps

ZeroAccess:

C:\Users\Christine\AppData\Local\Google\Desktop\Install

Files to move or delete:

====================

C:\Users\Christine\jagex_cl_runescape_LIVE.dat

C:\Users\Christine\jagex_runescape_preferences.dat

C:\Users\Christine\jagex_runescape_preferences2.dat

C:\Users\Christine\random.dat

C:\Users\Christine\AppData\Roaming\skype.ini

C:\Users\Public\iLividSetup.exe

 

Some content of TEMP:

====================

C:\Users\Christine\AppData\Local\Temp\01382682341637.exe

C:\Users\Christine\AppData\Local\Temp\3507021956093491988351.exe

C:\Users\Christine\AppData\Local\Temp\BundleSweetIMSetup.exe

C:\Users\Christine\AppData\Local\Temp\dp.exe

C:\Users\Christine\AppData\Local\Temp\GetCC.dll

C:\Users\Christine\AppData\Local\Temp\InstallFlashPlayer.exe

C:\Users\Christine\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih[1].exe

C:\Users\Christine\AppData\Local\Temp\mpam-b37da170.exe

C:\Users\Christine\AppData\Local\Temp\MybabylonTB.exe

C:\Users\Christine\AppData\Local\Temp\propsys.dll

C:\Users\Christine\AppData\Local\Temp\qaanqlz.dll

C:\Users\Christine\AppData\Local\Temp\readSTILog.dll

C:\Users\Christine\AppData\Local\Temp\restor.exe

C:\Users\Christine\AppData\Local\Temp\SavingsVault-us-ppi.exe

C:\Users\Christine\AppData\Local\Temp\SendMsg.dll

C:\Users\Christine\AppData\Local\Temp\SHSetup.exe

C:\Users\Christine\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\Christine\AppData\Local\Temp\Tierra.exe

C:\Users\Christine\AppData\Local\Temp\uninst1.exe

C:\Users\Christine\AppData\Local\Temp\Update.exe

C:\Users\Christine\AppData\Local\Temp\utt290C.tmp.exe

C:\Users\Christine\AppData\Local\Temp\uttF36A.tmp.exe

C:\Users\Christine\AppData\Local\Temp\vbmz.exe

C:\Users\Christine\AppData\Local\Temp\VisualBeeTB.exe

C:\Users\christine2\AppData\Local\Temp\RHSetup.exe

C:\Users\christine2\AppData\Local\Temp\SHSetup.exe

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2014-08-29 17:31

==================== End Of Log ============================

Addition - Notepad

Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-08-2014 01

Ran by Christine at 2014-08-29 18:00:58

Running from C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FAL3Z1SU

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Cloud Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

AS: Panda Cloud Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)

Adobe AIR (Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)

Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)

Adobe Photoshop Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden

Adobe Reader 9.5.4 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)

Age of Mythology Gold (HKLM\...\Age of Mythology Expansion Pack 1.0) (Version: 1.0 - Microsoft)

Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASIO4ALL (HKLM\...\ASIO4ALL) (Version: - )

ATI Catalyst Install Manager (HKLM\...\{20D6DBB7-58A7-A014-3D35-509DE20CD408}) (Version: 3.0.704.0 - ATI Technologies, Inc.)

Audacity 1.3.12 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)

BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.0 - )

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION

Catalyst Control Center Core Implementation (Version: 2008.1210.1623.29379 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2008.1210.1623.29379 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2008.1210.1623.29379 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2008.1210.1623.29379 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2008.1210.1623.29379 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2008.1210.1623.29379 - ATI) Hidden

Catalyst Control Center HydraVision Full (Version: 2008.1210.1623.29379 - ATI) Hidden

Catalyst Control Center InstallProxy (Version: 2008.1210.1623.29379 - ATI Technologies, Inc.) Hidden

CCC Help English (Version: 2008.1210.1622.29379 - ATI) Hidden

ccc-core-static (Version: 2008.1210.1623.29379 - ATI) Hidden

ccc-utility (Version: 2008.1210.1623.29379 - ATI) Hidden

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conduit Engine (HKLM\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION

Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)

Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)

CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)

Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)

Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)

DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden

DJ_AIO_03_F4200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden

DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000 - Hewlett-Packard) Hidden

EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )

Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden

eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

F4200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden

F4200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden

Far Cry 2 (HKLM\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.02.00 - Ubisoft)

FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)

Google Advertising Cookie Opt-out (HKLM\...\{291820D0-A626-40F9-BDFF-8D5CEAB04243}) (Version: 1.0.1.0 - Google Inc)

Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )

GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden

Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)

HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)

HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}) (Version: 10.0 - HP)

HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)

HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)

HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden

HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)

HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)

HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden

HydraVision (Version: 4.2.88.0 - ATI Technologies Inc.) Hidden

iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)

IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)

Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)

Intel® PRO Network Connections 12.1.11.0 (Version: - Intel) Hidden

iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden

Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.300 - Oracle)

Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden

magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)

MagicRingForeverPlugin Release 2.02 (HKLM\...\{MagicRingForeverPlugin-54F9C78F-EA53-45CA-B980-~9A795C6E_is1) (Version: - PCPhoneSoft.com)

MagniPic (HKLM\...\{01750095-6CB8-40EA-A201-249ADA962263}) (Version: 1.0 - ) <==== ATTENTION

Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)

MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Business 2010 - English (HKLM\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95140000-0080-0409-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Search Enhancement Pack (Version: 1.3.59.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)

Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

Panda Cloud Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 2.1.0 - Panda Security)

Panda Cloud Antivirus (Version: 6.06.00.0000 - Panda Security) Hidden

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PrintCoupon (HKLM\...\PrintCoupon) (Version: 1.0 - UNKNOWN) <==== ATTENTION

PrintCoupon (Version: 1.0 - UNKNOWN) Hidden <==== ATTENTION

PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden

PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )

Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden

Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden

Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden

Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)

Sawer (HKLM\...\Sawer) (Version: - Image-Line)

Scan (Version: 10.0.0.0 - Hewlett-Packard) Hidden

Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)

Skins (Version: 2008.1210.1623.29379 - ATI) Hidden

SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden

SpyHunter (HKLM\...\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}) (Version: 4.12.13.4202 - Enigma Software Group USA, LLC)

SpyHunter (HKLM\...\{471D8B37-C5B3-4457-9FA1-B3C693334F4F}) (Version: 4.14.5.4268 - Enigma Software Group USA, LLC)

Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden

Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)

TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Turbo Tax Audit Support Center 3.0 (HKLM\...\{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1) (Version: - Turbo Tax)

UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

uTorrentBar Toolbar (HKLM\...\uTorrentBar Toolbar) (Version: 6.2.6.0 - uTorrentBar) <==== ATTENTION

VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden

VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)

WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3504357902-638132322-372981072-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll No File

CustomCLSID: HKU\S-1-5-21-3504357902-638132322-372981072-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\Christine\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)

CustomCLSID: HKU\S-1-5-21-3504357902-638132322-372981072-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points =========================

05-08-2014 16:51:09 Windows Update

08-08-2014 22:04:41 Windows Update

10-08-2014 13:27:56 Installed Java 7 Update 67

12-08-2014 07:42:18 Windows Update

12-08-2014 13:15:56 Installed Java 7 Update 65

13-08-2014 07:00:05 Scheduled Checkpoint

14-08-2014 07:00:02 Scheduled Checkpoint

15-08-2014 07:00:04 Scheduled Checkpoint

15-08-2014 10:00:16 Windows Update

16-08-2014 07:00:05 Scheduled Checkpoint

17-08-2014 07:00:01 Scheduled Checkpoint

19-08-2014 09:07:26 Scheduled Checkpoint

19-08-2014 17:39:21 Windows Update

20-08-2014 00:39:58 Removed NetWaiting

20-08-2014 00:42:46 Removed NetWaiting

22-08-2014 01:31:28 Removed Google Drive

22-08-2014 01:33:14 Removed Google Drive

22-08-2014 14:20:59 Windows Update

23-08-2014 01:24:33 Removed Google Drive

23-08-2014 03:59:46 Removed Google Advertising Cookie Opt-out

23-08-2014 04:06:13 Restore Operation

23-08-2014 04:45:20 Windows Update

23-08-2014 10:00:16 Windows Update

24-08-2014 08:40:02 Scheduled Checkpoint

25-08-2014 14:10:16 Scheduled Checkpoint

26-08-2014 07:24:03 Scheduled Checkpoint

26-08-2014 17:00:00 Windows Update

27-08-2014 07:00:10 Scheduled Checkpoint

28-08-2014 07:00:03 Scheduled Checkpoint

28-08-2014 10:00:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {157D1597-456D-4C27-A76C-16A17B4DBE22} - System32\Tasks\AdobeAAMUpdater-1.0-Murphs-Christine => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)

Task: {1AF47FC1-7C68-4184-B332-ADA0E9124318} - System32\Tasks\GoogleUpdateTaskMachineUA1ce79686398a1b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1F34690E-5F6B-450F-B2D9-05ADE92A09B0} - \RegHunterStartup No Task File <==== ATTENTION

Task: {246A1983-E960-4732-9F47-138DA0E10402} - \RunAsStdUser Task No Task File <==== ATTENTION

Task: {29737B5F-1FDB-46CF-B858-50A7D3848BAE} - \SpyHunter4Startup No Task File <==== ATTENTION

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3452E7BD-1FCE-408B-809E-024C1DF1B9AE} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {35EE687F-440F-47B0-8196-277973723528} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {4ACC5CB5-C809-4EE7-AFA7-DA525E37951A} - \SpyHunter4 No Task File <==== ATTENTION

Task: {553A0DE0-32C7-47C6-9827-DF185C799F82} - \{3849599D-1740-4E80-B0B6-626CC89D62B7} No Task File <==== ATTENTION

Task: {5E1EA27C-C2CE-47AF-9C27-E969E2804D67} - \GoogleUpdateTaskMachineCore1ce037ab1ecf140 No Task File <==== ATTENTION

Task: {83B49568-B9FD-4D99-9164-5FCD7410100F} - \GoogleUpdateTaskMachineUA1ce037ab3ac73c0 No Task File <==== ATTENTION

Task: {8F3778BD-2E23-47EB-A52E-6B99966CD335} - System32\Tasks\GoogleUpdateTaskMachineCore1ce796862ffe420 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)

Task: {9C9DFB00-BB71-40D9-BFAE-FD7139CEFD64} - \MagniPicUpdaterTask{86F6D49B-2EF3-4F76-8215-D19804CD5E54} No Task File <==== ATTENTION

Task: {9F46C693-D6F3-4F96-849F-A3FA1371AC3B} - \User_Feed_Synchronization-{47FA7E1F-D7E7-456B-9285-319B87312EAC} No Task File <==== ATTENTION

Task: {BCFBC11C-C761-4F26-A360-F8C5E8C40E4D} - System32\Tasks\{5E6DE612-0D88-4D09-84ED-2E8CBFF174DD} => C:\Users\Christine\AppData\Roaming\nwrqb.dll [2014-08-12] ()

Task: {C23D16FB-2334-4589-9B41-9BDA40226FBD} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION

Task: {D6F6C496-3B34-4DC5-8F80-249DE0CB730F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {FCD3ACA1-37B6-449D-8800-CD2DC7AD2012} - \{1D4822A8-EF54-4F43-8009-3322B218244F} No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce796862ffe420.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce79686398a1b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-10-14 18:20 - 2011-10-14 18:20 - 00045056 _____ () C:\Windows\system32\UTSCSI.EXE

2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Cloud Antivirus\SQLite3.dll

2006-11-02 03:25 - 2008-12-10 15:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

2014-08-23 03:39 - 2014-08-23 03:39 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ca0470270043cc25c613c3be8d112170\VistaBridgeLibrary.ni.dll

2014-08-29 04:20 - 2014-08-29 04:20 - 00301568 _____ () C:\Users\Christine\AppData\Local\ModulatorHiggs\ModulatorHiggs.dll

2009-03-26 19:04 - 2009-03-26 19:04 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

2014-08-29 04:21 - 2014-08-29 04:21 - 08537928 _____ () C:\Users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\36.0.1985.143\pdf.dll

2014-08-29 04:21 - 2014-08-29 04:21 - 00353096 _____ () C:\Users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-29 04:21 - 2014-08-29 04:21 - 01732936 _____ () C:\Users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4220A65C

AlternateDataStreams: C:\ProgramData\TEMP:680086AB

AlternateDataStreams: C:\ProgramData\TEMP:F49E02D5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Christine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicRingForeverPlugin.lnk => C:\Windows\pss\MagicRingForeverPlugin.lnk.Startup

MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLPCFGOKAKMGNKCOJHHKBFBLDKACNBEO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLPCFGOKAKMGNKCOJHHKBFBLDKACNBEO> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF\0.0.0.19_0> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF\0.0.0.19_0> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA\7_0> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA\7_0> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/29/2014 06:00:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

 

Details:
A device attached to the system is not functioning. (0x8007001f)

 

System errors:

=============

Error: (08/29/2014 05:51:28 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

Error: (08/29/2014 05:49:22 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

Error: (08/29/2014 05:25:34 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

Error: (08/29/2014 05:17:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: HP CUE DeviceDiscovery Service

Error: (08/29/2014 05:15:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: My Web Search Service%%3

Error: (08/29/2014 04:59:22 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

Error: (08/29/2014 04:52:33 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

Error: (08/29/2014 04:38:45 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

Error: (08/29/2014 04:10:17 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

Error: (08/29/2014 04:06:47 PM) (Source: DCOM) (EventID: 10016) (User: Murphs)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}MurphsChristineS-1-5-21-3504357902-638132322-372981072-1000LocalHost (Using LRPC)

 

Microsoft Office Sessions:

=========================

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLPCFGOKAKMGNKCOJHHKBFBLDKACNBEO

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BLPCFGOKAKMGNKCOJHHKBFBLDKACNBEO

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF\0.0.0.19_0

Error: (08/29/2014 06:00:59 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF\0.0.0.19_0

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA\7_0

Error: (08/29/2014 06:00:56 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA\7_0

Error: (08/29/2014 06:00:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA

Error: (08/29/2014 06:00:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context: Application, SystemIndex Catalog
 

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\CHRISTINE\APPDATA\LOCALLOW\RECEIVERVISUAL\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PJKLJHEGNCPNKPKNBCOHDIJEOEJAEDIA

 

CodeIntegrity Errors:

===================================

Date: 2014-08-29 18:00:00.847

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 18:00:00.209

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:59.596

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:59.316

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:58.958

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:58.643

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:58.297

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:57.986

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:57.645

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINProc.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-29 17:59:57.359

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\PSINProc.sys because the set of per-page image hashes could not be found on the system.

 

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7200 @ 2.53GHz

Percentage of memory in use: 59%

Total physical RAM: 3069.45 MB

Available physical RAM: 1257.63 MB

Total Pagefile: 6373.91 MB

Available Pagefile: 4328.77 MB

Total Virtual: 2047.88 MB

Available Virtual: 1874.74 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:332.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: 7AC063A6)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 30 August 2014 - 04:55 AM

Hi there,

you have more than one malware running on your system.
Please execute Combofix to start with:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 christine315

christine315
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 30 August 2014 - 10:56 AM

I ran combofix.exe as you suggested and this is what I got. The situation seems even worse with constant google chrome windows randomly popping up. Task manager shows many many browser.exe programs running. What do I do next?

 

ComboFix 14-08-29.03 - Christine 08/30/2014   7:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1787 [GMT -7:00]
Running from: c:\users\Christine\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
C:\menu.lst
C:\prefs.js
c:\users\Christine\AppData\Local\BcsKtYcHW.dll
c:\users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0F94E109-448C-485E-B82A-D3165AA66603}.xps
c:\users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F473BE5F-2A95-49D2-A874-75B45739D64E}.xps
c:\users\Christine\AppData\Roaming\342024875.log
c:\users\Christine\AppData\Roaming\602024875.log
c:\users\Christine\AppData\Roaming\883091875.log
c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
c:\users\Christine\AppData\Roaming\nnpvtkk.dll
c:\users\Christine\AppData\Roaming\nwrqb.dll
c:\users\Christine\AppData\Roaming\oucdk.dll
c:\users\Christine\AppData\Roaming\skype.ini
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-30  )))))))))))))))))))))))))))))))
.
.
2014-08-30 14:56 . 2014-08-30 14:56 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2014-08-30 14:56 . 2014-08-30 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-30 14:56 . 2014-08-30 14:56 -------- d-----w- c:\users\christine2\AppData\Local\temp
2014-08-30 00:58 . 2014-08-30 01:06 -------- d-----w- C:\FRST
2014-08-29 11:20 . 2014-08-29 11:20 -------- d-----w- c:\users\Christine\AppData\Local\ModulatorHiggs
2014-08-28 10:00 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 10:00 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-25 03:35 . 2014-08-25 03:34 4992 ----a-w- c:\windows\system32\drivers\DasbootL.SYS
2014-08-25 03:35 . 2014-08-25 03:35 -------- d-----w- C:\PandaCloudCleaner
2014-08-23 10:09 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-23 10:09 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-23 10:09 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-08-23 10:09 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-23 05:10 . 2014-08-23 05:10 -------- d-----w- c:\users\Christine\AppData\Local\tjnet
2014-08-23 04:47 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\system32\msi.dll
2014-08-23 04:47 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\system32\authui.dll
2014-08-23 04:47 . 2014-06-02 10:31 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-08-23 04:47 . 2014-06-02 10:30 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-08-23 04:47 . 2014-06-02 08:56 82432 ----a-w- c:\windows\system32\consent.exe
2014-08-23 04:47 . 2014-06-14 00:44 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-23 04:47 . 2014-06-14 00:33 37376 ----a-w- c:\windows\system32\cdd.dll
2014-08-23 00:51 . 2014-08-23 03:15 -------- d-----w- C:\AdwCleaner
2014-08-22 06:26 . 2014-08-22 06:55 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-08-12 13:17 . 2014-08-12 13:17 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-29 00:43 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-21 18:24 . 2014-08-29 21:47 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F908EEE-0EE4-4B66-8A92-678C8100AD0D}\mpengine.dll
2014-08-05 16:20 . 2009-10-03 05:43 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-06-06 08:59 . 2014-07-09 22:39 506880 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 17:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 17:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 17:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 17:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 17:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 17:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ModulatorHiggs"="c:\users\Christine\AppData\Local\ModulatorHiggs\ModulatorHiggs.dll" [2014-08-29 301568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-10-19 32736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\users\christine2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-22 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-22 09:15 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Christine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicRingForeverPlugin.lnk]
path=c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicRingForeverPlugin.lnk
backup=c:\windows\pss\MagicRingForeverPlugin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-08 15:11 395128 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Christine\Documents\EmsisoftEmergencyKit[1]\Run\a2ddax86.sys [2013-04-29 00:13 22056]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-23 171600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-23 09:37 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce796862ffe420.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:14]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce79686398a1b0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:14]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://searchab.com/?aff=7&uid=992b6ed0-71a1-11e2-883a-00219b1109e5
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: 360-value.com
Trusted Zone: billerweb.com
Trusted Zone: bristolwest.com
Trusted Zone: bwproducers.com
Trusted Zone: cisgroup.com
Trusted Zone: co-optimum.com
Trusted Zone: farmers.com
Trusted Zone: farmersces.com
Trusted Zone: farmersflood.com
Trusted Zone: farmersinsurance.com
Trusted Zone: farmersleadcenter.com
Trusted Zone: farmerslife.com
Trusted Zone: farmersmarketpoint.com
Trusted Zone: foremostfarmers.com
Trusted Zone: foremoststar.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: msbexpress.net
Trusted Zone: postoffice.net
Trusted Zone: seccas.com
Trusted Zone: zurich.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-10 - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
HKCU-Run-cdloader - c:\users\Christine\AppData\Roaming\mjusbsp\cdloader2.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-SP_d8283021 - c:\program files\MagniPic\uninstall.exe
AddRemove-magicJack - c:\users\Christine\AppData\Roaming\mjusbsp\magicJackLoader.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
"ImagePath"="\??\c:\users\Christine\Documents\EmsisoftEmergencyKit
[1]\Run\a2ddax86.sys"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\A2DDA]
"ImagePath"="\??\c:\users\Christine\Documents\EmsisoftEmergencyKit
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3504357902-638132322-372981072-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,bd,c7,46,79,51,0a,24,49,9b,87,d1,0d,78,4d,e6,8d,f7,17,9c,dc,
   4c,96,ab,da,43,fd,df,15,b4,3d,41,12,ca,31,22,53,d5,8f,41,b7,47,f9,b8,4f,73,\
"rkeysecu"=hex:8f,44,c7,0b,c5,3c,58,2c,23,15,30,be,63,b6,67,07
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe
c:\users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe
c:\users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe
c:\users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe
c:\users\Christine\AppData\LocalLow\SupporterModel\SysutilWireless\browser.exe
.
**************************************************************************
.
Completion time: 2014-08-30  08:49:23 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-30 15:48
.
Pre-Run: 354,973,167,616 bytes free
Post-Run: 371,008,634,880 bytes free
.
- - End Of File - - D1B7FCC112FC9294637E0C1CFF4BC038
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 30 August 2014 - 12:22 PM

Ok, let's continue with this:


Step 1

Please download this attached Attached File  fixlist.txt   3.84KB   11 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 christine315

christine315
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 30 August 2014 - 01:48 PM

FRST.txt as shown below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2014 01

Ran by Christine (administrator) on MURPHS on 30-08-2014 11:37:26

Running from C:\Users\Christine\Downloads

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

() C:\Windows\System32\UTSCSI.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

() C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Farbar) C:\Users\Christine\Downloads\FRST (1).exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)

HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-02] (Hewlett-Packard)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-18] (Panda Security, S.L.)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-3504357902-638132322-372981072-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\christine2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=OSDSRC

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} https://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\CHRIST~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11]

FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\1.bin

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:

=======

CHR CustomProfile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]

CHR Extension: (Google Drive) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]

CHR Extension: (YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]

CHR Extension: (Google Search) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]

CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]

CHR Extension: (Gmail) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]

R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-02] (Panda Security, S.L.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]

R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-18] (Panda Security, S.L.)

R2 UTSCSI; C:\Windows\system32\UTSCSI.EXE [45056 2011-10-14] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\Users\Christine\Documents\EmsisoftEmergencyKit[1]\Run\a2ddax86.sys [22056 2013-04-28] (Emsisoft GmbH)

R1 DasBootL; C:\Windows\system32\drivers\DasBootL.SYS [4992 2014-08-24] () [File not signed]

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [84200 2013-05-28] (Panda Security, S.L.)

R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [126184 2013-05-28] (Panda Security, S.L.)

R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [107752 2013-05-28] (Panda Security, S.L.)

R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [124648 2013-05-28] (Panda Security, S.L.)

R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-28] (Panda Security, S.L.)

S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61672 2013-05-28] (Panda Security, S.L.)

R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [106344 2013-05-28] (Panda Security, S.L.)

R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [287336 2013-05-28] (Panda Security, S.L.)

R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [161384 2013-05-28] (Panda Security, S.L.)

R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108904 2013-05-28] (Panda Security, S.L.)

R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [230376 2013-05-28] (Panda Security, S.L.)

R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [93928 2013-05-28] (Panda Security, S.L.)

S0 PsBoot; C:\Windows\System32\Drivers\PsBoot.sys [37440 2013-07-04] (Panda Security, S.L.)

R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [145640 2013-10-17] (Panda Security, S.L.)

R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105704 2013-10-11] (Panda Security, S.L.)

R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [175848 2013-10-11] (Panda Security, S.L.)

R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114920 2013-10-11] (Panda Security, S.L.)

R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [127720 2013-10-11] (Panda Security, S.L.)

S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [97512 2013-10-11] (Panda Security, S.L.)

R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2013-02-07] () [File not signed]

R1 StarPortLite; C:\Windows\System32\DRIVERS\StarPortLite.sys [85760 2007-12-27] (Rocket Division Software)

S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 11:37 - 2014-08-30 11:37 - 01095680 _____ (Farbar) C:\Users\Christine\Downloads\FRST (1).exe

2014-08-30 11:37 - 2014-08-30 11:37 - 00019108 _____ () C:\Users\Christine\Downloads\FRST.txt

2014-08-30 11:28 - 2014-08-30 11:28 - 00000000 _____ () C:\Users\Christine\Downloads\FRST.exe.l9qks99.partial

2014-08-30 11:27 - 2013-07-04 01:40 - 00037440 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys

2014-08-30 10:26 - 2014-08-30 10:26 - 00003931 _____ () C:\Users\Christine\Downloads\fixlist (1).txt

2014-08-30 10:26 - 2014-08-30 10:26 - 00000585 _____ () C:\Users\Christine\Desktop\fixlist - Shortcut.lnk

2014-08-30 10:10 - 2011-11-10 06:54 - 00149280 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe

2014-08-30 10:10 - 2011-11-10 06:54 - 00149280 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe

2014-08-30 08:49 - 2014-08-30 08:49 - 00018999 _____ () C:\ComboFix.txt

2014-08-30 07:25 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-08-30 07:25 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-08-30 07:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-08-30 07:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-08-30 07:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-08-30 07:25 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe

2014-08-30 07:25 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe

2014-08-30 07:25 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe

2014-08-30 07:24 - 2014-08-30 08:49 - 00000000 ____D () C:\Qoobox

2014-08-30 07:22 - 2014-08-30 08:46 - 00000000 ____D () C:\Windows\erdnt

2014-08-30 07:21 - 2014-08-30 07:21 - 00000592 _____ () C:\Users\Christine\Desktop\ComboFix - Shortcut.lnk

2014-08-30 07:20 - 2014-08-30 07:21 - 05576760 ____R (Swearware) C:\Users\Christine\Downloads\ComboFix.exe

2014-08-30 07:20 - 2014-08-30 07:20 - 05576760 _____ (Swearware) C:\Users\Christine\Downloads\ComboFix (1).exe

2014-08-30 07:17 - 2014-08-30 07:17 - 00007158 _____ () C:\Users\Christine\Desktop\Rkill 1.txt

2014-08-30 06:55 - 2014-08-30 06:55 - 00016896 _____ () C:\Users\Christine\Documents\Screen317 Security check.wps

2014-08-29 22:41 - 2014-08-29 22:41 - 00000617 _____ () C:\Users\Christine\Desktop\HitmanPro_x64 - Shortcut.lnk

2014-08-29 22:40 - 2014-08-29 22:40 - 11193392 _____ (SurfRight B.V.) C:\Users\Christine\Downloads\HitmanPro_x64.exe

2014-08-29 22:37 - 2014-08-29 22:37 - 00000573 _____ () C:\Users\Christine\Desktop\rkill - Shortcut (2).lnk

2014-08-29 22:36 - 2014-08-29 22:36 - 01364531 _____ () C:\Users\Christine\Downloads\AdwCleaner.exe

2014-08-29 22:35 - 2014-08-29 22:35 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Christine\Downloads\rkill.exe

2014-08-29 22:35 - 2014-08-29 22:35 - 00000573 _____ () C:\Users\Christine\Desktop\rkill - Shortcut.lnk

2014-08-29 22:33 - 2014-08-29 22:33 - 00000617 _____ () C:\Users\Christine\Desktop\SecurityCheck - Shortcut.lnk

2014-08-29 22:32 - 2014-08-29 22:32 - 00854417 _____ () C:\Users\Christine\Downloads\SecurityCheck.exe

2014-08-29 18:14 - 2014-08-29 18:14 - 00096256 _____ () C:\Users\Christine\Documents\Addition - Notepad.wps

2014-08-29 18:13 - 2014-08-29 18:13 - 00109568 _____ () C:\Users\Christine\Documents\FRST Notepad.wps

2014-08-29 17:58 - 2014-08-30 11:37 - 00000000 ____D () C:\FRST

2014-08-28 03:00 - 2014-08-22 18:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 03:00 - 2014-08-22 16:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 20:35 - 2014-08-24 20:35 - 00000000 ____D () C:\PandaCloudCleaner

2014-08-24 20:35 - 2014-08-24 20:34 - 00217769 ____H () C:\grldr

2014-08-24 20:35 - 2014-08-24 20:34 - 00009216 ____H () C:\grldr.mbr

2014-08-24 20:35 - 2014-08-24 20:34 - 00004992 _____ () C:\Windows\system32\Drivers\DasbootL.SYS

2014-08-23 03:09 - 2014-06-26 15:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-23 03:09 - 2014-06-26 15:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-23 03:09 - 2014-06-26 15:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-23 03:09 - 2014-06-05 21:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-22 22:11 - 2014-08-22 22:11 - 00000000 ____D () C:\Windows\pss

2014-08-22 22:10 - 2014-08-22 22:10 - 00000000 ____D () C:\Users\Christine\AppData\Local\tjnet

2014-08-22 21:47 - 2014-06-13 17:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-22 21:47 - 2014-06-13 17:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-22 21:47 - 2014-06-02 03:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-22 21:47 - 2014-06-02 03:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-22 21:47 - 2014-06-02 03:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-22 21:47 - 2014-06-02 03:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-08-22 21:47 - 2014-06-02 01:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-22 21:45 - 2014-07-24 11:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-22 21:45 - 2014-07-24 10:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-22 21:45 - 2014-07-24 10:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-22 21:45 - 2014-07-24 10:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-22 21:45 - 2014-07-24 10:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-22 21:45 - 2014-07-24 10:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-22 21:45 - 2014-07-24 10:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-22 21:45 - 2014-07-24 10:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-22 21:45 - 2014-07-24 10:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-22 21:45 - 2014-07-24 10:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-22 21:45 - 2014-07-24 10:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-22 21:45 - 2014-07-24 10:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-22 21:45 - 2014-07-24 10:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-22 21:45 - 2014-07-24 10:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-22 21:45 - 2014-07-07 17:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-22 18:08 - 2014-08-22 18:08 - 00017244 _____ () C:\Users\Christine\Desktop\dds.txt

2014-08-22 17:51 - 2014-08-22 20:15 - 00000000 ____D () C:\AdwCleaner

2014-08-22 17:48 - 2014-08-22 17:48 - 00028672 _____ () C:\Users\Christine\Documents\Malware fix.wps

2014-08-21 23:26 - 2014-08-21 23:55 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-21 19:49 - 2014-08-30 07:12 - 00007158 _____ () C:\Users\Christine\Desktop\Rkill.txt

2014-08-12 06:18 - 2011-11-10 06:54 - 00157472 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe

2014-08-11 22:43 - 2014-08-26 21:51 - 00039936 _____ () C:\Users\Christine\Documents\ebay notes COACH.wps

2014-08-10 06:29 - 2014-08-10 06:29 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log

2014-08-10 06:26 - 2014-08-10 06:26 - 00918440 _____ (Oracle Corporation) C:\Users\Christine\Downloads\chromeinstall-7u67.exe

2014-08-02 06:19 - 2014-08-02 06:19 - 00195584 _____ () C:\Users\Christine\Documents\bank statement 8-2-14.wps

2014-07-31 06:44 - 2014-07-31 06:44 - 00213504 _____ () C:\Users\Christine\Documents\Bank Acct 7-31-2014.wps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 11:38 - 2014-08-30 11:37 - 00019108 _____ () C:\Users\Christine\Downloads\FRST.txt

2014-08-30 11:37 - 2014-08-30 11:37 - 01095680 _____ (Farbar) C:\Users\Christine\Downloads\FRST (1).exe

2014-08-30 11:37 - 2014-08-29 17:58 - 00000000 ____D () C:\FRST

2014-08-30 11:36 - 2013-07-05 03:14 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce79686398a1b0.job

2014-08-30 11:28 - 2014-08-30 11:28 - 00000000 _____ () C:\Users\Christine\Downloads\FRST.exe.l9qks99.partial

2014-08-30 11:23 - 2013-07-05 03:14 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce796862ffe420.job

2014-08-30 11:23 - 2009-04-09 21:43 - 00000008 __RSH () C:\Users\Christine\ntuser.pol

2014-08-30 11:23 - 2009-02-11 17:28 - 00000000 ____D () C:\Users\Christine

2014-08-30 11:17 - 2008-11-21 19:58 - 01194735 _____ () C:\Windows\WindowsUpdate.log

2014-08-30 11:17 - 2006-11-02 03:33 - 00760432 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-30 11:11 - 2013-05-26 21:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-30 11:11 - 2006-11-02 05:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-30 11:11 - 2006-11-02 05:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-30 11:10 - 2008-01-20 19:47 - 00944892 _____ () C:\Windows\PFRO.log

2014-08-30 11:09 - 2006-11-02 06:01 - 00019536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-30 10:43 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-08-30 10:26 - 2014-08-30 10:26 - 00003931 _____ () C:\Users\Christine\Downloads\fixlist (1).txt

2014-08-30 10:26 - 2014-08-30 10:26 - 00000585 _____ () C:\Users\Christine\Desktop\fixlist - Shortcut.lnk

2014-08-30 10:14 - 2013-02-07 20:43 - 00000000 ____D () C:\ProgramData\InstallMate

2014-08-30 10:11 - 2008-11-22 02:10 - 00000000 ____D () C:\Program Files\Google

2014-08-30 10:10 - 2008-11-22 02:07 - 00000000 ____D () C:\Program Files\Java

2014-08-30 10:08 - 2009-02-11 17:30 - 00000000 ____D () C:\Users\Christine\AppData\Local\Google

2014-08-30 08:49 - 2014-08-30 08:49 - 00018999 _____ () C:\ComboFix.txt

2014-08-30 08:49 - 2014-08-30 07:24 - 00000000 ____D () C:\Qoobox

2014-08-30 08:49 - 2006-11-02 04:18 - 00000000 __RHD () C:\Users\Default

2014-08-30 08:49 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public

2014-08-30 08:46 - 2014-08-30 07:22 - 00000000 ____D () C:\Windows\erdnt

2014-08-30 08:38 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini

2014-08-30 08:33 - 2006-11-02 03:22 - 49020928 _____ () C:\Windows\system32\config\software.bak

2014-08-30 08:33 - 2006-11-02 03:22 - 42467328 _____ () C:\Windows\system32\config\COMPON~3.bak

2014-08-30 08:33 - 2006-11-02 03:22 - 33292288 _____ () C:\Windows\system32\config\system.bak

2014-08-30 08:33 - 2006-11-02 03:22 - 00524288 _____ () C:\Windows\system32\config\default.bak

2014-08-30 08:33 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security.bak

2014-08-30 08:33 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam.bak

2014-08-30 08:32 - 2012-05-28 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\SoftGrid Client

2014-08-30 07:21 - 2014-08-30 07:21 - 00000592 _____ () C:\Users\Christine\Desktop\ComboFix - Shortcut.lnk

2014-08-30 07:21 - 2014-08-30 07:20 - 05576760 ____R (Swearware) C:\Users\Christine\Downloads\ComboFix.exe

2014-08-30 07:20 - 2014-08-30 07:20 - 05576760 _____ (Swearware) C:\Users\Christine\Downloads\ComboFix (1).exe

2014-08-30 07:17 - 2014-08-30 07:17 - 00007158 _____ () C:\Users\Christine\Desktop\Rkill 1.txt

2014-08-30 07:12 - 2014-08-21 19:49 - 00007158 _____ () C:\Users\Christine\Desktop\Rkill.txt

2014-08-30 06:55 - 2014-08-30 06:55 - 00016896 _____ () C:\Users\Christine\Documents\Screen317 Security check.wps

2014-08-30 06:55 - 2009-02-12 00:15 - 00015350 _____ () C:\Users\Christine\AppData\Roaming\wklnhst.dat

2014-08-30 02:46 - 2009-05-09 09:11 - 00001356 _____ () C:\Users\Christine\AppData\Local\d3d9caps.dat

2014-08-29 22:41 - 2014-08-29 22:41 - 00000617 _____ () C:\Users\Christine\Desktop\HitmanPro_x64 - Shortcut.lnk

2014-08-29 22:40 - 2014-08-29 22:40 - 11193392 _____ (SurfRight B.V.) C:\Users\Christine\Downloads\HitmanPro_x64.exe

2014-08-29 22:37 - 2014-08-29 22:37 - 00000573 _____ () C:\Users\Christine\Desktop\rkill - Shortcut (2).lnk

2014-08-29 22:36 - 2014-08-29 22:36 - 01364531 _____ () C:\Users\Christine\Downloads\AdwCleaner.exe

2014-08-29 22:35 - 2014-08-29 22:35 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Christine\Downloads\rkill.exe

2014-08-29 22:35 - 2014-08-29 22:35 - 00000573 _____ () C:\Users\Christine\Desktop\rkill - Shortcut.lnk

2014-08-29 22:33 - 2014-08-29 22:33 - 00000617 _____ () C:\Users\Christine\Desktop\SecurityCheck - Shortcut.lnk

2014-08-29 22:32 - 2014-08-29 22:32 - 00854417 _____ () C:\Users\Christine\Downloads\SecurityCheck.exe

2014-08-29 18:14 - 2014-08-29 18:14 - 00096256 _____ () C:\Users\Christine\Documents\Addition - Notepad.wps

2014-08-29 18:13 - 2014-08-29 18:13 - 00109568 _____ () C:\Users\Christine\Documents\FRST Notepad.wps

2014-08-28 03:21 - 2006-11-02 05:47 - 00360936 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-26 21:51 - 2014-08-11 22:43 - 00039936 _____ () C:\Users\Christine\Documents\ebay notes COACH.wps

2014-08-24 21:27 - 2013-01-02 21:35 - 00005279 _____ () C:\Users\Christine\AppData\Local\47ee2339-8b33-4135-8e54-cb72d3001851.crx

2014-08-24 21:22 - 2010-12-08 08:09 - 00000000 ____D () C:\Program Files\uTorrentBar

2014-08-24 20:35 - 2014-08-24 20:35 - 00000000 ____D () C:\PandaCloudCleaner

2014-08-24 20:34 - 2014-08-24 20:35 - 00217769 ____H () C:\grldr

2014-08-24 20:34 - 2014-08-24 20:35 - 00009216 ____H () C:\grldr.mbr

2014-08-24 20:34 - 2014-08-24 20:35 - 00004992 _____ () C:\Windows\system32\Drivers\DasbootL.SYS

2014-08-23 08:58 - 2009-04-14 23:22 - 00120320 _____ () C:\Users\Christine\Documents\EBAY NOTE.wps

2014-08-23 03:48 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\rescache

2014-08-23 03:42 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-23 03:14 - 2013-08-15 03:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-23 03:10 - 2006-11-02 03:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-08-22 22:11 - 2014-08-22 22:11 - 00000000 ____D () C:\Windows\pss

2014-08-22 22:10 - 2014-08-22 22:10 - 00000000 ____D () C:\Users\Christine\AppData\Local\tjnet

2014-08-22 21:28 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-08-22 21:27 - 2006-11-02 03:22 - 49020928 _____ () C:\Windows\system32\config\software_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 42467328 _____ () C:\Windows\system32\config\components_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 33292288 _____ () C:\Windows\system32\config\system_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 00524288 _____ () C:\Windows\system32\config\default_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

2014-08-22 21:27 - 2006-11-02 03:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2014-08-22 21:21 - 2013-02-09 20:27 - 00000000 ____D () C:\Users\Mcx1

2014-08-22 21:21 - 2010-02-07 11:24 - 00000000 ____D () C:\Users\christine2

2014-08-22 21:19 - 2013-02-07 23:21 - 00000000 ____D () C:\ProgramData\APN

2014-08-22 21:19 - 2013-02-07 20:49 - 00000000 ____D () C:\ProgramData\Premium

2014-08-22 21:19 - 2012-03-03 00:50 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

2014-08-22 21:19 - 2011-10-20 06:15 - 00000000 ____D () C:\Users\Christine\AppData\Local\MagicRingForeverPlugin

2014-08-22 21:19 - 2011-10-20 06:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicRingForeverPlugin

2014-08-22 21:19 - 2010-12-07 01:08 - 00000000 ____D () C:\Program Files\BitTorrent

2014-08-22 21:19 - 2010-12-07 01:07 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\BitTorrent

2014-08-22 21:19 - 2010-08-29 10:38 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic

2014-08-22 21:19 - 2009-02-11 20:48 - 00000000 ____D () C:\ProgramData\HP Product Assistant

2014-08-22 21:19 - 2008-11-22 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting

2014-08-22 21:19 - 2008-11-22 02:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-08-22 21:19 - 2008-11-22 02:08 - 00000000 ____D () C:\Program Files\NetWaiting

2014-08-22 21:19 - 2006-11-02 04:18 - 00000000 __RSD () C:\Windows\Media

2014-08-22 21:19 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\system32\spool

2014-08-22 21:18 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\registration

2014-08-22 20:15 - 2014-08-22 17:51 - 00000000 ____D () C:\AdwCleaner

2014-08-22 18:08 - 2014-08-22 18:08 - 00017244 _____ () C:\Users\Christine\Desktop\dds.txt

2014-08-22 18:03 - 2014-08-28 03:00 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 17:48 - 2014-08-22 17:48 - 00028672 _____ () C:\Users\Christine\Documents\Malware fix.wps

2014-08-22 16:26 - 2014-08-28 03:00 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 23:55 - 2014-08-21 23:26 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-21 22:50 - 2012-08-31 19:44 - 00000000 ____D () C:\Windows\Minidump

2014-08-12 06:18 - 2014-02-01 22:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-12 06:18 - 2008-11-22 02:07 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-08-12 01:04 - 2011-05-08 08:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-10 06:29 - 2014-08-10 06:29 - 00000000 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log

2014-08-10 06:26 - 2014-08-10 06:26 - 00918440 _____ (Oracle Corporation) C:\Users\Christine\Downloads\chromeinstall-7u67.exe

2014-08-05 09:20 - 2009-10-02 22:43 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-08-04 09:30 - 2014-05-19 20:33 - 00023552 _____ () C:\Users\Christine\Documents\ebay note2.wps

2014-08-03 07:36 - 2011-04-28 18:23 - 00019968 _____ () C:\Users\Christine\Documents\ebay hoodies.wps

2014-08-02 07:00 - 2011-08-11 10:51 - 00282112 _____ () C:\Users\Christine\Documents\3.wps

2014-08-02 06:19 - 2014-08-02 06:19 - 00195584 _____ () C:\Users\Christine\Documents\bank statement 8-2-14.wps

2014-07-31 06:44 - 2014-07-31 06:44 - 00213504 _____ () C:\Users\Christine\Documents\Bank Acct 7-31-2014.wps

Files to move or delete:

====================

C:\Users\Christine\jagex_cl_runescape_LIVE.dat

C:\Users\Christine\jagex_runescape_preferences.dat

C:\Users\Christine\jagex_runescape_preferences2.dat

C:\Users\Christine\random.dat

C:\Users\Public\iLividSetup.exe

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2014-08-30 11:26

==================== End Of Log ============================

 

Task: {9F46C693-D6F3-4F96-849F-A3FA1371AC3B} - \User_Feed_Synchronization-{47FA7E1F-D7E7-456B-9285-319B87312EAC} No Task File <==== ATTENTION

Task: {BCFBC11C-C761-4F26-A360-F8C5E8C40E4D} - System32\Tasks\{5E6DE612-0D88-4D09-84ED-2E8CBFF174DD} => C:\Users\Christine\AppData\Roaming\nwrqb.dll [2014-08-12] ()

Task: {FCD3ACA1-37B6-449D-8800-CD2DC7AD2012} - \{1D4822A8-EF54-4F43-8009-3322B218244F} No Task File <==== ATTENTION

Task: {C23D16FB-2334-4589-9B41-9BDA40226FBD} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION

C:\Users\Christine\AppData\LocalLow\SupporterModel

Task: {83B49568-B9FD-4D99-9164-5FCD7410100F} - \GoogleUpdateTaskMachineUA1ce037ab3ac73c0 No Task File <==== ATTENTION

EmptyTemp:



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 30 August 2014 - 02:09 PM

How is your computer running now? What problems or symptoms are still present?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 christine315

christine315
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 30 August 2014 - 04:55 PM

This is what I got from ESET....

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run1765.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run271E.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run27DA.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run29EB.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run2B0B.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run2B4.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run2E2E.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run428A.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run48A8.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\run55CA.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runAB9.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runB144.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runC02E.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runCCCF.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runDFC0.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runE761.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runF48B.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runFA43.tmp.vir Win32/GenUpdater potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Christine\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application

C:\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application

C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application

C:\Qoobox\Quarantine\C\Users\Christine\AppData\Roaming\nwrqb.dll.vir a variant of MSIL/Injector.ERR trojan

C:\Qoobox\Quarantine\C\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe.vir a variant of MSIL/TrojanClicker.Agent.NHB trojan

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

C:\Users\All Users\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application

C:\Users\Christine\Downloads\LimeWireWin.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application

C:\Users\Public\iLividSetup.exe Win32/Toolbar.SearchSuite potentially unwanted application

C:\Windows\System32\GroupPolicy\Machine\Scripts\Shutdown\PanA16F.tmp\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 30 August 2014 - 05:03 PM

Very good. ESET hasn't found any active malware - just a few remnants and a lot of files that are already quarantined by our tools.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.4
Java 7 Update 65
Java™ 6 Update 30




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 AM

Posted 19 September 2014 - 02:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users