Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with ZeroAccess rootkit- need elevated help!


  • This topic is locked This topic is locked
166 replies to this topic

#1 Mama27

Mama27

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 31 May 2015 - 04:44 PM

Originally had posted for help to remove csrss.exe and was being instructed on removal.  I had originally posted here http://www.bleepingcomputer.com/forums/t/577117/infected-with-csrssexe-and-spyhunter-4/

 

 I get error messages that say I have corrupt files in my recycle bin.  The recycle bin is empty. While in safemode I realized that I was looking at a fake desktop.  When I saved the scans to my real desktop they worked.   I was able to run most of the scans that I was asked to run.  I couldn't run rkill.  I was then informed that I was infected with ZeroAccess rootkit and needed elevated help. 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by Jackie (ATTENTION: The logged in user is not administrator) on JACKIE-PC on 31-05-2015 16:28:48
Running from C:\Users\Jackie\Downloads
Loaded Profiles: Jackie & Admin (Available Profiles: Jackie & RosettaStone Spanish & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> DockLogin.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> WLTRYSVC.EXE
Failed to access process -> conhost.exe
Failed to access process -> BCMWLTRY.EXE
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> apnmcp.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> CarboniteService.exe
Failed to access process -> taskeng.exe
Failed to access process -> LMS.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> mbamservice.exe
Failed to access process -> svchost.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> YahooAUService.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> svchost.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> SearchIndexer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
Failed to access process -> SearchProtocolHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> svchost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> sppsvc.exe
Failed to access process -> UNS.exe
Failed to access process -> TrustedInstaller.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
Failed to access process -> dllhost.exe
Failed to access process -> SearchFilterHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-08-13] (AVAST Software)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-22] (APN)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-05-31] (RealNetworks, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [69f25f] => C:\69f25f4\69f25f4.exe
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [69f25f4] => C:\Users\Jackie\AppData\Roaming\69f25f4.exe
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Run: [ChromeUpdate] => C:\Users\Jackie\AppData\Roaming\ChromeUpdate.exe
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [DisableCMD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWB] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWC] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWD] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWE] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWF] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWG] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWH] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWI] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWJ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWK] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWL] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWM] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWN] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWO] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWP] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWQ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWR] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWS] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWT] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWU] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWV] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWW] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWX] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWY] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [LWZ] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1349327015-547616561-364532361-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1349327015-547616561-364532361-1005\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200767 2002-07-17] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-06-07]
ShortcutTarget: Dell Dock.lnk ->  (No File)
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dialer.lnk [2014-08-24]
ShortcutTarget: dialer.lnk -> C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\IEUpdate\dialer.exe (No File)
Startup: C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCPSVCS.lnk [2014-08-05]
ShortcutTarget: TCPSVCS.lnk -> C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\IEUpdate\TCPSVCS.EXE (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-08-13] (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
GroupPolicyUsers\S-1-5-21-1349327015-547616561-364532361-1000\User: Group Policy Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1349327015-547616561-364532361-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1349327015-547616561-364532361-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1349327015-547616561-364532361-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
URLSearchHook: [S-1-5-21-1349327015-547616561-364532361-1005] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Ask Toolbar -> {57434C32-2D56-3700-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport_x64.dll [2015-04-22] (APN LLC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-13] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-06] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll No File
BHO-x32: Ask Toolbar -> {57434C32-2D56-3700-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport.dll [2015-04-22] (APN LLC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-06-06] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ->  No File
Toolbar: HKLM - Ask Toolbar - {57434C32-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport_x64.dll [2015-04-22] (APN LLC.)
Toolbar: HKLM-x32 - Ask Toolbar - {57434C32-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport.dll [2015-04-22] (APN LLC.)
Toolbar: HKU\S-1-5-21-1349327015-547616561-364532361-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 206.255.240.130 206.255.240.134

FireFox:
========
FF ProfilePath: C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\wknzwfyy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-06] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-06] (Sun Microsystems, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-05-31] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1349327015-547616561-364532361-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll [2012-07-24] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-22] (APN LLC.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-13] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) []
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.) []
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-08-13] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-08-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 22:06 - 2015-05-27 22:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-27 22:06 - 2015-05-27 22:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-27 21:34 - 2015-05-27 21:34 - 00415232 _____ (Farbar) C:\Users\Jackie\Downloads\FSS.exe
2015-05-27 21:32 - 2015-05-27 21:32 - 00415232 _____ (Farbar) C:\Users\Jackie\Downloads\FSS_exe
2015-05-27 00:37 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-27 00:37 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-27 00:37 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-27 00:37 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-27 00:37 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-27 00:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-27 00:37 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-27 00:37 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-26 23:20 - 2015-05-28 00:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-26 23:16 - 2015-05-26 23:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Jackie\Desktop\mbar-1.09.1.1004.exe
2015-05-26 23:01 - 2015-05-26 23:01 - 00403456 _____ (Farbar) C:\Users\Jackie\Desktop\MiniToolBox.exe
2015-05-26 22:53 - 2015-05-26 22:57 - 00000000 ____D () C:\Users\Jackie\Downloads\FRST-OlderVersion
2015-05-26 22:37 - 2015-05-26 22:37 - 00852639 _____ () C:\Users\Jackie\Desktop\SecurityCheck.exe
2015-05-22 23:26 - 2015-05-22 23:26 - 00000000 _____ () C:\autoexec.bat
2015-05-04 18:07 - 2015-05-04 18:07 - 01057139 _____ () C:\Users\Jackie\Downloads\The_Geography_of_You_and_Me_-_JENNIFER_E_SMITH_con (1).mobi
2015-05-04 18:07 - 2015-05-04 18:07 - 00508886 _____ () C:\Users\Jackie\Downloads\Jennifer_E_Smith_-_This_Is_What_Happy_Looks_Li (1).mobi
2015-05-04 18:02 - 2015-05-04 18:03 - 00342825 _____ () C:\Users\Jackie\Downloads\Cabot_Meg_-_Princess_7_-_Party_Princess_201.mobi
2015-05-04 18:02 - 2015-05-04 18:02 - 00570858 _____ () C:\Users\Jackie\Downloads\Cabot_Meg_-_Princess_Diaries_6_-_Princess_i.mobi
2015-05-04 18:02 - 2015-05-04 18:02 - 00343463 _____ () C:\Users\Jackie\Downloads\Cabot_Meg_-_Princess_Diaries_5_-_Princess_i.mobi
2015-05-04 17:59 - 2015-05-04 18:00 - 01002288 _____ () C:\Users\Jackie\Downloads\Cabot_Meg_-_Princess_Diaries_6_-_Princess_i.epub
2015-05-04 17:59 - 2015-05-04 17:59 - 00450658 _____ () C:\Users\Jackie\Downloads\Cabot_Meg_-_Princess_Diaries_5_-_Princess_i.epub
2015-05-04 17:59 - 2015-05-04 17:59 - 00194382 _____ () C:\Users\Jackie\Downloads\Cabot_Meg_-_Princess_7_-_Party_Princess_201.epub

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 16:29 - 2014-08-07 20:41 - 00021439 _____ () C:\Users\Jackie\Downloads\FRST.txt
2015-05-31 16:28 - 2014-08-07 20:40 - 00000000 ____D () C:\FRST
2015-05-31 16:25 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 16:25 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 23:33 - 2014-08-07 19:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 23:33 - 2014-08-07 19:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-26 22:53 - 2014-08-07 20:39 - 02108928 _____ (Farbar) C:\Users\Jackie\Downloads\FRST64.exe
2015-05-26 22:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-23 08:09 - 2013-05-03 15:14 - 00553984 ___SH () C:\Users\Jackie\Downloads\Thumbs.db
2015-05-23 00:03 - 2014-10-30 11:20 - 00001813 _____ () C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2015-05-22 23:01 - 2014-08-07 20:43 - 00030650 _____ () C:\Users\Jackie\Downloads\Addition.txt
2015-05-22 13:10 - 2014-06-16 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-22 13:10 - 2012-10-28 21:53 - 00000000 ____D () C:\Users\Admin
2015-05-22 13:10 - 2012-07-22 14:51 - 00000000 ____D () C:\Users\RosettaStone Spanish
2015-05-22 13:10 - 2012-03-07 08:57 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-22 13:10 - 2011-11-16 10:30 - 00000000 ____D () C:\Windows\system32\Macromed
2015-05-22 13:10 - 2011-06-06 15:08 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-05-22 13:09 - 2011-06-15 21:01 - 00000000 ____D () C:\ProgramData\Real
2015-05-22 10:12 - 2011-06-06 17:20 - 00000000 ____D () C:\Users\Jackie
2015-05-21 17:05 - 2014-04-06 18:04 - 00870128 _____ () C:\Users\Jackie\AppData\Roaming\mcs.rma
2015-05-21 17:05 - 2014-04-06 18:04 - 00000004 _____ () C:\Users\Jackie\AppData\Roaming\12518E
2015-05-21 10:59 - 2012-07-22 14:58 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2015-05-20 16:45 - 2013-04-20 03:44 - 02421760 ___SH () C:\Users\Jackie\Desktop\Thumbs.db
2015-05-16 18:20 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2014-04-06 18:04 - 2015-05-21 17:05 - 0000004 _____ () C:\Users\Jackie\AppData\Roaming\12518E
2014-04-06 18:04 - 2015-05-21 17:05 - 0870128 _____ () C:\Users\Jackie\AppData\Roaming\mcs.rma
2014-10-26 16:37 - 2014-10-26 16:37 - 0000448 ____H () C:\Users\Jackie\AppData\Roaming\麽鎒駓覜
2014-10-26 16:38 - 2014-10-26 19:21 - 0001368 _____ () C:\ProgramData\@system.att
2014-10-26 16:37 - 2014-10-26 19:22 - 0001104 ____H () C:\ProgramData\@system2.att
2013-08-15 22:58 - 2013-08-15 22:58 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-26 16:37 - 2014-10-26 18:59 - 0087200 _____ () C:\ProgramData\wrnhoah.tmp

Some zero byte size files/folders:
==========================
C:\Windows\System32\kmusfpc.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End of log ============================



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:30 PM

Posted 02 June 2015 - 03:16 PM

:welcome:  to BleepingComputer! 
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
 



Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

 

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

 

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.
 

Combofix
Please download Combofix from one of these links, and save it to your desktop.
Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:

  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:

  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:30 PM

Posted 06 June 2015 - 12:43 PM

Mama27,

It has been several days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 01:56 PM

Yes, I still need help- just trying to juggle everything on my plate!   Sorry for the delay and THANK YOU for the help!!  I am following your advise now and will post the results.



#5 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 06:20 PM

ComboFix 15-05-31.01 - Admin 06/07/2015  14:08:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2323 [GMT -5:00]
Running from: c:\users\Jackie\Links\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\@system.att
c:\programdata\@system2.att
c:\programdata\Local Settings\Temp
c:\programdata\wrnhoah.tmp
c:\users\Admin\AppData\Roaming\12518E
c:\users\Jackie\AppData\Roaming\12518E
c:\users\Jackie\GoToAssistDownloadHelper.exe
c:\users\RosettaStone Spanish\AppData\Roaming\12518E
c:\windows\SysWow64\u
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-07 to 2015-06-07  )))))))))))))))))))))))))))))))
.
.
2015-06-07 19:29 . 2015-06-07 19:29 -------- d-----w- c:\users\RosettaStone Spanish\AppData\Local\temp
2015-06-07 19:29 . 2015-06-07 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-07 19:29 . 2015-06-07 19:29 -------- d-----w- c:\users\Admin\AppData\Local\temp
2015-06-03 16:49 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2015-06-03 16:49 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2015-06-03 16:49 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2015-06-03 16:49 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2015-06-03 16:49 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2015-06-03 16:49 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2015-06-03 16:49 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2015-06-03 16:11 . 2015-06-03 16:11 -------- d-----w- c:\windows\system32\appraiser
2015-06-03 16:10 . 2015-06-03 16:21 -------- d-s---w- c:\windows\system32\GWX
2015-06-03 16:10 . 2015-06-03 16:10 -------- d-s---w- c:\windows\SysWow64\GWX
2015-06-01 08:17 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-01 08:17 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-01 08:07 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-06-01 08:07 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-06-01 08:02 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-06-01 08:02 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-06-01 08:02 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-06-01 08:02 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-06-01 08:02 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-06-01 08:02 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-06-01 08:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-06-01 08:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-05-31 22:16 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-05-31 22:16 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-05-31 22:16 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-05-31 22:16 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-05-31 22:14 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-31 22:13 . 2015-02-03 03:31 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-05-31 22:12 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-05-31 22:12 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2015-05-31 22:12 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2015-05-31 22:12 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2015-05-31 22:12 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-05-31 22:12 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2015-05-31 22:12 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2015-05-31 22:10 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-05-31 22:09 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-05-31 22:08 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-05-31 22:07 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2015-05-31 22:07 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-05-31 22:07 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-31 22:07 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-31 22:07 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-31 22:07 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-31 22:07 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-31 22:07 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-31 22:07 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-31 21:53 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-05-31 21:53 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-05-31 21:53 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-05-31 21:51 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-05-31 21:51 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-05-31 21:38 . 2015-06-04 12:36 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-05-27 04:20 . 2015-05-28 05:31 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-28 04:33 . 2014-08-08 00:41 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-28 04:33 . 2014-08-08 00:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-30 15:07 . 2011-06-17 12:28 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-03-17 04:56 . 2015-05-31 22:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-10-26 21:29 250368 --sha-w- c:\windows\Installer\{8DFB0D62-F60C-443A-966F-BA9D41B87745}\msiexec.exe
2014-10-26 21:29 250368 --sha-w- c:\windows\Installer\{D950A04B-C3B5-4B2B-AA9F-F0A7888AF7EF}\msiexec.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{57434C32-2D56-3700-76A7-7A786E7484D7}]
2015-04-22 22:13 11144 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{57434C32-2D56-3700-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport.dll" [2015-04-22 11144]
.
[HKEY_CLASSES_ROOT\clsid\{57434c32-2d56-3700-76a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-06-27 19:27 1020624 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-13 3854640]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-06-27 1056976]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2015-04-27 1684360]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-31 296056]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-31 22:16 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 14:37]
.
2015-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-16 14:34]
.
2015-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-16 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57434C32-2D56-3700-76A7-7A786E7484D7}]
2015-04-22 22:13 12680 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57434C32-2D56-3700-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\WCL2-V7\Passport_x64.dll" [2015-04-22 12680]
.
[HKEY_CLASSES_ROOT\CLSID\{57434C32-2D56-3700-76A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-13 12:55 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-06-27 19:15 1293520 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 206.255.240.130 206.255.240.134
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - (no file)
c:\users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dialer.lnk - c:\users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\dialer.exe
c:\users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCPSVCS.lnk - c:\users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\TCPSVCS.EXE
Toolbar-Locked - (no file)
AddRemove-Encarta Encyclopedia 2000 A - c:\program files (x86)\Microsoft Encarta\Encarta Encyclopedia 2000\unee2000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1349327015-547616561-364532361-1000\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:23,e6,c8,db,c0,dc,32,46,9e,24,bc,4a,12,e2,3f,6e
.
[HKEY_USERS\S-1-5-21-1349327015-547616561-364532361-1005\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:78,59,d1,dd,79,1d,fa,46,a4,d2,79,92,e6,fa,ab,82
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-07  14:32:23
ComboFix-quarantined-files.txt  2015-06-07 19:32
.
Pre-Run: 67,286,495,232 bytes free
Post-Run: 68,456,001,536 bytes free
.
- - End Of File - - B50D92E6DAD976531BFF488FC921ED9B
A36C5E4F47E84449FF07ED3517B43A31
 



#6 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 06:22 PM

Something odd has occurred.  I ran this scan on a sub account and when it was finished it was logged into the Admin account.  The sub account shows still logged in but if I try to log into it I end up back at the Admin account!?!? 



#7 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 06:26 PM

Weird-  I just figured out that my start menu has been changed to show that I am in my

Admin account but in reality it is the standard user account.  Although my desktop is showing my Admin desktop.  (when I clicked on the icon on the start menu that states "Admin"  it brings up a menu that shows that I actually am in the standard account.



#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:30 PM

Posted 07 June 2015 - 06:32 PM

That is strange. I see there are three accounts on this computer called Jackie, RosettaStone Spanish, and Admin. FRST and Combofix say they were both run when you were logged into the Jackie account.
 
AdwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
 
In your next reply, please include:

  • AdwCleaner log
  • MiniToolBox log
  • How is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 06:51 PM

The AdwCleaner scan has paused and is waiting for "user action".  It wants me to uncheck any programs that I want to keep.  It shows 2 programs.... 1) Ask Update Service and 2) Yahoo! Updater



#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:30 PM

Posted 07 June 2015 - 06:54 PM

Do you use those programs? If you do, then you can uncheck them. If you don't recognize or use those programs, leave them checked.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 06:56 PM

Here is where I am....

Attached Files

  • Attached File  scan.jpg   77.45KB   0 downloads


#12 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 06:57 PM

I want to leave them checked but I don't know what to click next.



#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:05:30 PM

Posted 07 June 2015 - 06:58 PM

  • Click the Logfile button. The log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 07:03 PM

# AdwCleaner v4.206 - Logfile created 07/06/2015 at 18:42:39
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin - JACKIE-PC
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP
Service Found : YahooAUService

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\Users\Admin\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Jackie\AppData\Local\AskPartnerNetwork

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Bitberry
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Bitberry
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801

-\\ Google Chrome v43.0.2357.81

[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3424 bytes] - [08/08/2014 14:38:35]
AdwCleaner[R1].txt - [3137 bytes] - [07/06/2015 18:42:39]
AdwCleaner[S0].txt - [3280 bytes] - [08/08/2014 14:44:20]

########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [3255 bytes] ##########



#15 Mama27

Mama27
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 June 2015 - 07:06 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Admin (administrator) on 07-06-2015 at 19:05:35
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron N5010 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/07/2015 06:54:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:52:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:46:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:41:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:39:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:28:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:26:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:23:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 06:16:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (06/07/2015 02:50:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

System errors:
=============
Error: (06/07/2015 06:27:53 PM) (Source: DCOM) (User: )
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}

Error: (06/07/2015 06:27:48 PM) (Source: DCOM) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (06/07/2015 02:58:29 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{3b9ba3d3-9086-11e0-9804-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D5928AFB-706A-4BF5-976F-5C15C28E4416}

Error: (06/07/2015 02:32:46 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/07/2015 02:32:46 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/07/2015 02:32:46 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (06/07/2015 02:31:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/07/2015 02:31:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (06/07/2015 02:31:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (06/07/2015 02:31:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Microsoft Office Sessions:
=========================
Error: (06/07/2015 06:54:30 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:52:07 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:46:41 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:41:33 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:39:28 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:28:00 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:26:58 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:23:01 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 06:16:43 PM) (Source: SideBySide)(User: )
Description: C:\PROGRA~1\AVASTS~1\Avast\1033\Base.dllC:\Windows\WinSxS\manifests\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_b2556b4035446b41.manifest0

Error: (06/07/2015 02:50:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

CodeIntegrity Errors:
===================================
  Date: 2015-06-07 14:28:14.742
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-07 14:28:14.664
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-17 09:04:14.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-17 09:04:14.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-17 09:04:14.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-17 09:04:14.539
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-17 09:04:14.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-17 09:04:14.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 10:21:35.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-15 10:21:35.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon MP3 Uploader (HKLM-x32\...\{2680A0EA-84CA-DB0B-1C81-86F83C12BBF2}) (Version: 1.0.5 - Amazon Services LLC) Hidden
Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.5 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{57434C32-2D56-3700-76A7-A758B70C1D00}) (Version: 12.29.0.1547 - APN, LLC)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{8E8E1C64-85FA-4327-8D4B-11FC2BB5BDF6}) (Version: 0.8.29 - Kovid Goyal)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{C73A3942-84C8-4597-9F9B-EE227DCBA758}) (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fitness File (HKLM-x32\...\{DA89CF0A-98D9-0500-2760-0869C71059C1}) (Version: 1.01 - UNKNOWN) Hidden
Fitness File (HKLM-x32\...\org.presidentschallenge.FitnessFile) (Version: 1.01 - UNKNOWN)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Integrated Webcam (HKLM-x32\...\{DAEDC3F8-B156-4577-8339-80E098537741}) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Encarta Encyclopedia 2000 (HKLM-x32\...\Encarta Encyclopedia 2000 A) (Version:  - )
Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Publisher 2000 (HKLM-x32\...\{00140409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM-x32\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0808 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody (HKLM-x32\...\Rhapsody) (Version:  - )
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WebSlingPlayer ActiveX (HKLM-x32\...\{2DC0661C-FF81-4358-9F33-76EA6CAB6BF6}) (Version: 1.5.15770 - Sling Media)
WebSlingPlayer ActiveX (HKLM-x32\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Widevine Media Transformer Plugin 5.0.0 (HKLM-x32\...\transformer_ie) (Version: 5.0.0.4679 - Widevine Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3894.56 MB
Available physical RAM: 2188.25 MB
Total Pagefile: 7787.31 MB
Available Pagefile: 6114.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.37 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:286.52 GB) (Free:63.61 GB) NTFS

========================= Users: ========================================

User accounts for \\JACKIE-PC

Admin                    Administrator            Guest                   
Jackie                   RosettaStone Spanish    

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users