Jump to content

Hijack.Regedit


Recommended Posts

My daughter's computer has been fighting search redirect and other malware issues.

 

Windows Defender, Symantec, and Malwarebytes have found and deleted several viruses and malware, but Hijack.Regedit keeps showing up.

 

 

Fakeavlock, Gen.X, Tracur!gen4, and Win32/Alureon.GQ were among those removed.

 

 

I downloaded Spyhunter, and it started to find several items. However, after reading several negative reviews, I stopped the scan and immediately deleted Spyhunter.

 

 

Please modify this post and delete anything that I shouldn't have included.

 

 

Thank you so much for your help.

 

 

 

 

Here is the most recent MBAM log:


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.06.14.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Rachel :: RACHEL-PC [administrator]

 

6/17/2013 7:14:43 PM

MBAM-log-2013-06-17 (23-02-13).txt

 

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 634206

Time elapsed: 3 hour(s), 6 minute(s), 58 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> No action taken.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 


Here is the DDS.txt:

 

 


DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2

Run by Rachel at 22:39:09 on 2013-06-17

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.942 [GMT -6:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\3RVX\3RVX.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Windows\System32\rundll32.exe

C:\Users\Rachel\AppData\Roaming\CyberLink\WIN152F.exe

C:\Windows\SysWOW64\rundll32.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymCorpUI.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mWinlogon: Userinit = C:\Windows\System32\userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [Microsoft Help] rundll32 "C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll",DllRegisterServer

uRun: [TimeServer] "C:\Users\Rachel\AppData\Roaming\CyberLink\WIN152F.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-System: DisableRegedit = dword:0

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{B7616DAE-66AB-45A2-B8BB-178FEA0105D1} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B7616DAE-66AB-45A2-B8BB-178FEA0105D1}\2456C6B696E6F574F575962756C6563737F5333334546393 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{B7616DAE-66AB-45A2-B8BB-178FEA0105D1}\66C6F627A6163637F6E6 : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{B7616DAE-66AB-45A2-B8BB-178FEA0105D1}\D496649643632303C45402A45647071636B6020313446402355636572756 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B7616DAE-66AB-45A2-B8BB-178FEA0105D1}\D696C6C656276616D696C69702830323E2131326 : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

LSA: Notification Packages =  DPPassFilter scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-8 52856]

R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-9 204288]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-5 338168]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-8 46136]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-4-18 18456]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-17 38456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-15 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-17 239136]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-17 295424]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-15 57856]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2013-06-18 01:15:40 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85BD3A36-3F13-491D-B6F5-FCBEAFCA56FA}\offreg.dll

2013-06-18 00:48:46 -------- d-----w- C:\Users\Rachel\AppData\Local\Google

2013-06-18 00:48:21 -------- d-----w- C:\Users\Rachel\AppData\Local\Apps

2013-06-18 00:48:20 -------- d-----w- C:\Users\Rachel\AppData\Local\Deployment

2013-06-17 03:34:10 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{85BD3A36-3F13-491D-B6F5-FCBEAFCA56FA}\mpengine.dll

2013-06-17 02:23:53 -------- d-----w- C:\Program Files\Enigma Software Group

2013-06-17 02:21:27 -------- d-----w- C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-06-17 02:21:11 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-06-17 01:32:32 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-06-17 01:06:42 -------- d-----w- C:\Users\Rachel\AppData\Local\Secunia PSI

2013-06-17 01:06:29 -------- d-----w- C:\Program Files (x86)\Secunia

2013-06-14 18:11:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-13 16:53:59 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-13 16:53:58 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-13 16:53:57 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll

2013-06-13 16:53:56 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-06-13 16:53:56 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-06-13 16:53:56 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-06-13 16:53:54 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-13 16:53:53 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-12 17:41:36 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-12 17:35:35 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 17:35:35 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-06-03 06:18:27 -------- d-----w- C:\Users\Rachel\AppData\Local\SteamPopCap

2013-05-31 20:52:46 -------- d-----w- C:\Program Files (x86)\Microsoft Games

.

==================== Find3M  ====================

.

2013-06-18 00:43:58 405360 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-17 01:32:20 1092512 ----a-w- C:\Windows\System32\npdeployJava1.dll

2013-06-17 01:32:19 971680 ----a-w- C:\Windows\System32\deployJava1.dll

2013-06-11 20:39:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-02 08:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-04-18 13:55:50 18456 ----a-w- C:\Windows\System32\drivers\psi_mf_amd64.sys

2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 20:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 22:40:11.93 ===============

 


 

Here is ATTACH.txt:

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 1/7/2012 9:58:20 PM

System Uptime: 6/17/2013 6:36:32 PM (4 hours ago)

.

Motherboard: Hewlett-Packard |  | 147B

Processor: AMD Phenom II N830 Triple-Core Processor | Socket S1G4 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 444 GiB total, 320.408 GiB free.

D: is FIXED (NTFS) - 22 GiB total, 3.183 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.

F: is CDROM ()

G: is FIXED (NTFS) - 85 GiB total, 12.736 GiB free.

H: is FIXED (NTFS) - 7 GiB total, 0.584 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP145: 6/13/2013 10:51:12 AM - Windows Update

RP146: 6/14/2013 12:08:36 PM - Installed Java 7 Update 21

RP147: 6/14/2013 12:20:52 PM - Removed Java 6 Update 17 (64-bit)

RP148: 6/16/2013 6:17:39 PM - Windows Update

RP149: 6/16/2013 7:03:13 PM - Windows Update

RP150: 6/16/2013 8:21:38 PM - Installed SpyHunter

RP151: 6/16/2013 8:45:57 PM - Removed SpyHunter

RP152: 6/16/2013 8:52:37 PM - Removed SpyHunter

RP154: 6/16/2013 9:38:59 PM - Removed service pack backup files

RP155: 6/17/2013 6:53:29 PM - Installed MSXML 4.0 SP3 Parser

.

==== Installed Programs ======================

.

3RVX

7-Zip 9.20 (x64 edition)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 6.0

Adobe Reader 9.5.5 MUI

Adobe Shockwave Player

Adobe Shockwave Player 12.0

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD Media Foundation Decoders

AMD USB Filter Driver

AMD VISION Engine Control Center

Atheros Driver Installation Program

Bejeweled 2 Deluxe

Blackhawk Striker 2

Blasterball 3

Build-a-lot 2

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help English

Chuzzle Deluxe

CinemaNow Media Manager

Clue

Compatibility Pack for the 2007 Office system

Contents

Corel PaintShop Photo Pro X3

Corel VideoStudio Pro X3

CyberLink DVD Suite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DeviceIO

Diner Dash 2 Restaurant Rescue

DirectX Media Runtime 5.1

Dora's Carnival Adventure

DVD Menu Pack for HP MediaSmart Video

Escape Rosecliff Island

ESU for Microsoft Windows 7

Faerie Solitaire

FATE

Google Chrome

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Advisor

HP Customer Experience Enhancements

HP DVB-T TV Tuner 8.0.64.43

HP Game Console

HP Games

HP MediaSmart CinemaNow 2.0

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Movies and TV

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP Photo Creations

HP Power Plan Utility

HP Quick Launch

HP QuickWeb Installer

HP Setup

HP SimplePass Identity Protection

HP Software Framework

HP Support Assistant

HP Update

HP User Guides 0188

HP Wireless Assistant

Hulu Desktop

ICA

IDT Audio

IPM_PSP_Pro

IPM_VS_Pro

ISCOM

Java 7 Update 21

Java 7 Update 21 (64-bit)

Java Auto Updater

JavaFX 2.1.1

Jewel Quest 3

Jewel Quest Solitaire 2

Junk Mail filter update

LabelPrint

LightScribe System Software

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft IntelliPoint 8.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Works

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

Mystery P.I. - The New York Fortune

Penguins!

PhotoNow!

Plants vs. Zombies

Plants vs. Zombies: Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

Portal

Portal 2

Power2Go

PowerDirector

PSPPContent

PSPPRO_DCRAW

PureHD

Realtek Ethernet Controller Driver For Windows 7

Realtek USB 2.0 Card Reader

Recovery Manager

Roxio CinemaNow 2.0

Secunia PSI (3.0.0.7009)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Setup

Share

Share64

SPORE™

Steam

swMSM

Symantec Endpoint Protection

Synaptics Pointing Device Driver

Team Fortress 2

Terraria

TextTwist 2

The Sims 3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Validity Sensors DDK

VIO

Virtual Families

Virtual Villagers - The Secret City

VSClassic

VSPro

Wheel of Fortune 2

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Encoder 9 Series

Zoo Tycoon: Complete Collection

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

6/17/2013 6:43:52 PM, Error: Service Control Manager [7022]  - The Security Center service hung on starting.

6/17/2013 6:43:28 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

6/17/2013 6:41:47 PM, Error: Service Control Manager [7022]  - The Windows Defender service hung on starting.

6/16/2013 9:54:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

6/16/2013 10:00:55 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.

6/16/2013 10:00:55 PM, Error: Service Control Manager [7000]  - The HP Wireless Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

6/14/2013 12:06:03 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Endpoint Protection service, but this action failed with the following error:  An instance of the service is already running.

6/14/2013 12:05:53 PM, Error: Service Control Manager [7031]  - The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

6/13/2013 11:41:08 AM, Error: NetBT [4311]  - Initialization failed because the driver device could not be created. Use the string "C80AA9B2BA8F" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the  Globally Unique Interface Identifier (GUID) if NetBT was unable to  map from GUID to MAC address. If neither the MAC address nor the GUID were  available, the string represents a cluster device name. 

.

==== End Of File ===========================

 

;

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.


Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

Link to post
Share on other sites

Anti-rootkit found nothing.

 

Here is the log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16618
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4021186560, free: 1692442624
 
Downloaded database version: v2013.06.18.01
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
     06/18/2013 00:46:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\SRTSP64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\SRTSPX64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\DRIVERS\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\psi_mf_amd64.sys
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130617.008\EX64.SYS
\??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130617.008\ENG64.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80046c3730
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa8004652060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046c2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800462f060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046c2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046c2ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046c2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046c1440, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa800462f060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F1977E89
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 930236416
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 930646016  Numsec = 45914112
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128  Numsec = 210992
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80046c3730, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046c4040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046c3730, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046c3040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004652060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4D9669D5
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 177759162
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with CSH (0x5)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 177759225  Numsec = 41929650
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 219688875  Numsec = 14747670
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 120034123776 bytes
Sector size: 512 bytes
 
Done!
Scan finished
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01

Ran by Rachel (administrator) on 18-06-2013 01:30:44

Running from C:\Users\Rachel\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe

() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

(DeviceVM, Inc.) C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(matt.malensek.net) C:\Program Files (x86)\3RVX\3RVX.exe

(Acresso Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

() C:\Users\Rachel\AppData\Roaming\CyberLink\WIN152F.exe

(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPAgent.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymCorpUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Users\Rachel\Downloads\mbar-1.06.0.1003\mbar\mbar.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)

HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)

HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" [x]

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [739664 2010-09-15] (DigitalPersona, Inc.)

HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-01-22] (Hewlett-Packard Company)

HKCU\...\Run: [3RVX] C:\Program Files (x86)\3RVX\3RVX.exe [159232 2008-10-14] (matt.malensek.net)

HKCU\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)

HKCU\...\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [210208 2008-10-20] (Acresso Corporation)

HKCU\...\Run: [TimeServer] "C:\Users\Rachel\AppData\Roaming\CyberLink\WIN152F.exe" [132096 2013-06-14] ()

HKCU\...\Winlogon: [shell] Explorer.exe <==== ATTENTION 

HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Rachel\AppData\Local\Temp\specyxx\sxlbglp\wow64.dll ATTENTION! ====> ZeroAccess

HKCU\...\Policies\system: [DisableTaskMgr] 0

HKCU\...\Policies\system: [DisableRegistryTools] 0

HKCU\...\Policies\Explorer: [NoDesktop] 0

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [67488 2007-09-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-07-08] (Symantec Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)

HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

AppInit_DLLs:      [0 ] ()

Lsa: [Notification Packages] DPPassFilter scecli

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {071558D2-E86B-4074-98A2-C18CB1CBC36C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

CHR Extension: (Docs) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Gmail) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

 

==================== Services (Whitelisted) =================

 

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.)

R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)

R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)

R2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-03-05] (DeviceVM, Inc.)

S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-07-13] (Symantec Corporation)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)

R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)

S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)

R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)

R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)

R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-18] ()

R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-06-18] ()

R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-18] (Malwarebytes Corporation)

R3 mbamswissarmy; C:\Windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-18] (Malwarebytes Corporation)

R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130617.008\ENG64.SYS [126040 2013-05-21] (Symantec Corporation)

R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130617.008\ENG64.SYS [126040 2013-05-21] (Symantec Corporation)

R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130617.008\EX64.SYS [2098776 2013-05-21] (Symantec Corporation)

R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130617.008\EX64.SYS [2098776 2013-05-21] (Symantec Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)

R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)

R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)

S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)

S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2012-07-17] (Symantec Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-06-18 01:30 - 2013-06-18 01:30 - 00000000 ____D C:\FRST

2013-06-18 01:29 - 2013-06-18 01:30 - 01926844 ____A (Farbar) C:\Users\Rachel\Downloads\FRST64.exe

2013-06-18 01:18 - 2013-06-18 01:18 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-06-18 01:17 - 2013-06-18 01:17 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-06-18 00:46 - 2013-06-18 01:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-18 00:44 - 2013-06-18 00:44 - 00000000 ____D C:\Users\Rachel\Downloads\mbar-1.06.0.1003

2013-06-18 00:39 - 2013-06-18 00:40 - 13169742 ____A C:\Users\Rachel\Downloads\mbar-1.06.0.1003.zip

2013-06-17 22:40 - 2013-06-17 22:40 - 00019327 ____A C:\Users\Rachel\Desktop\dds.txt

2013-06-17 22:40 - 2013-06-17 22:40 - 00012953 ____A C:\Users\Rachel\Desktop\attach.txt

2013-06-17 22:37 - 2013-06-17 22:38 - 00688992 ____R (Swearware) C:\Users\Rachel\Downloads\dds.com

2013-06-17 18:51 - 2013-06-17 18:51 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-17 18:48 - 2013-06-18 01:11 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-17 18:48 - 2013-06-18 00:53 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-17 18:48 - 2013-06-17 18:51 - 00000000 ____D C:\Users\Rachel\AppData\Local\Google

2013-06-17 18:48 - 2013-06-17 18:51 - 00000000 ____D C:\Program Files (x86)\Google

2013-06-17 18:48 - 2013-06-17 18:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\Deployment

2013-06-17 18:48 - 2013-06-17 18:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\Apps\2.0

2013-06-16 20:24 - 2013-06-16 20:24 - 00000000 ____A C:\autoexec.bat

2013-06-16 20:23 - 2013-06-16 20:23 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-06-16 20:21 - 2013-06-16 20:54 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-06-16 20:17 - 2013-06-16 20:17 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Rachel\Downloads\SpyHunter-Installer.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll

2013-06-16 19:06 - 2013-06-16 19:06 - 00000000 ____D C:\Users\Rachel\AppData\Local\Secunia PSI

2013-06-16 19:06 - 2013-06-16 19:06 - 00000000 ____D C:\Program Files (x86)\Secunia

2013-06-16 19:00 - 2013-06-16 19:06 - 03270960 ____A (Secunia) C:\Users\Rachel\Downloads\PSISetup.exe

2013-06-16 18:18 - 2013-06-08 08:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-16 18:18 - 2013-06-08 08:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-16 18:18 - 2013-06-08 08:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-16 18:18 - 2013-06-08 08:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-16 18:18 - 2013-06-08 08:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-16 18:18 - 2013-06-08 06:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-16 18:18 - 2013-06-08 05:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-16 18:18 - 2013-06-08 05:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-16 18:18 - 2013-06-08 05:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-16 18:18 - 2013-06-08 05:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-16 18:18 - 2013-06-08 05:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-16 18:18 - 2013-06-08 05:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-14 12:11 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-06-14 12:11 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-06-14 12:11 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-06-14 12:10 - 2013-06-14 12:11 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-06-13 10:54 - 2013-05-16 19:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-13 10:54 - 2013-05-16 19:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-13 10:54 - 2013-05-16 19:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-06-13 10:54 - 2013-05-16 19:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-06-13 10:54 - 2013-05-16 19:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-06-13 10:54 - 2013-05-16 18:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-13 10:54 - 2013-05-16 18:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-13 10:54 - 2013-05-16 18:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-13 10:54 - 2013-05-16 18:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-13 10:54 - 2013-05-16 18:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-13 10:54 - 2013-05-16 18:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-13 10:54 - 2013-05-14 06:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-13 10:54 - 2013-05-14 02:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-06-13 10:53 - 2013-05-16 19:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-13 10:53 - 2013-05-16 19:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-13 10:53 - 2013-05-16 19:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-13 10:53 - 2013-05-16 18:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-13 10:53 - 2013-05-16 18:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-13 10:53 - 2013-05-16 18:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 11:41 - 2013-05-08 00:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-12 11:36 - 2013-05-12 23:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 11:36 - 2013-05-12 23:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 11:36 - 2013-05-12 23:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 11:36 - 2013-05-12 23:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 11:36 - 2013-05-12 22:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-06-12 11:36 - 2013-05-12 22:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-06-12 11:36 - 2013-05-12 22:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-06-12 11:36 - 2013-05-12 21:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 11:36 - 2013-05-12 21:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2013-06-12 11:36 - 2013-05-12 21:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2013-06-12 11:36 - 2013-05-09 23:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 11:36 - 2013-05-09 21:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2013-06-12 11:36 - 2013-04-25 23:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 11:36 - 2013-04-25 22:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-06-12 11:36 - 2013-04-17 01:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-12 11:36 - 2013-04-17 00:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-12 11:35 - 2013-04-25 17:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-06-12 11:35 - 2013-03-31 16:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-03 15:58 - 2013-06-03 15:58 - 00000113 ____A C:\Users\Rachel\Desktop\White Trader.url

2013-06-03 00:18 - 2013-06-14 11:07 - 00000000 ____D C:\Users\Rachel\AppData\Local\SteamPopCap

2013-05-31 15:08 - 2013-05-31 15:08 - 00002078 ____A C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk

2013-05-31 14:52 - 2013-05-31 14:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Games

 

==================== One Month Modified Files and Folders =======

 

2013-06-18 01:30 - 2013-06-18 01:30 - 00000000 ____D C:\FRST

2013-06-18 01:30 - 2013-06-18 01:29 - 01926844 ____A (Farbar) C:\Users\Rachel\Downloads\FRST64.exe

2013-06-18 01:22 - 2009-07-13 22:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-18 01:22 - 2009-07-13 22:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-18 01:19 - 2013-06-18 00:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-18 01:18 - 2013-06-18 01:18 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

2013-06-18 01:17 - 2013-06-18 01:17 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-06-18 01:15 - 2012-01-08 17:33 - 00000000 ____D C:\Program Files (x86)\Steam

2013-06-18 01:13 - 2011-08-17 04:57 - 01279218 ____A C:\Windows\WindowsUpdate.log

2013-06-18 01:11 - 2013-06-17 18:48 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-18 01:10 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-18 01:10 - 2009-07-13 22:51 - 00085611 ____A C:\Windows\setupact.log

2013-06-18 01:09 - 2011-08-17 05:08 - 00273886 ____A C:\Windows\PFRO.log

2013-06-18 00:53 - 2013-06-17 18:48 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-18 00:44 - 2013-06-18 00:44 - 00000000 ____D C:\Users\Rachel\Downloads\mbar-1.06.0.1003

2013-06-18 00:40 - 2013-06-18 00:39 - 13169742 ____A C:\Users\Rachel\Downloads\mbar-1.06.0.1003.zip

2013-06-18 00:38 - 2012-07-17 18:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-17 22:40 - 2013-06-17 22:40 - 00019327 ____A C:\Users\Rachel\Desktop\dds.txt

2013-06-17 22:40 - 2013-06-17 22:40 - 00012953 ____A C:\Users\Rachel\Desktop\attach.txt

2013-06-17 22:38 - 2013-06-17 22:37 - 00688992 ____R (Swearware) C:\Users\Rachel\Downloads\dds.com

2013-06-17 18:53 - 2012-01-08 21:25 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0

2013-06-17 18:51 - 2013-06-17 18:51 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-17 18:51 - 2013-06-17 18:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\Google

2013-06-17 18:51 - 2013-06-17 18:48 - 00000000 ____D C:\Program Files (x86)\Google

2013-06-17 18:50 - 2012-10-01 20:22 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2013-06-17 18:48 - 2013-06-17 18:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\Deployment

2013-06-17 18:48 - 2013-06-17 18:48 - 00000000 ____D C:\Users\Rachel\AppData\Local\Apps\2.0

2013-06-17 18:43 - 2012-03-01 22:30 - 00405360 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-06-17 14:27 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2013-06-16 20:54 - 2013-06-16 20:21 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP

2013-06-16 20:24 - 2013-06-16 20:24 - 00000000 ____A C:\autoexec.bat

2013-06-16 20:23 - 2013-06-16 20:23 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-06-16 20:17 - 2013-06-16 20:17 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Rachel\Downloads\SpyHunter-Installer.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2013-06-16 19:32 - 2013-06-16 19:32 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll

2013-06-16 19:32 - 2012-01-08 21:33 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll

2013-06-16 19:32 - 2012-01-08 21:33 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2013-06-16 19:32 - 2010-04-25 13:47 - 00000000 ____D C:\Program Files\Java

2013-06-16 19:21 - 2010-04-25 12:12 - 00000000 ____D C:\Windows\SysWOW64\Adobe

2013-06-16 19:13 - 2012-01-26 18:35 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-06-16 19:13 - 2009-07-13 23:13 - 00773050 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-16 19:06 - 2013-06-16 19:06 - 00000000 ____D C:\Users\Rachel\AppData\Local\Secunia PSI

2013-06-16 19:06 - 2013-06-16 19:06 - 00000000 ____D C:\Program Files (x86)\Secunia

2013-06-16 19:06 - 2013-06-16 19:00 - 03270960 ____A (Secunia) C:\Users\Rachel\Downloads\PSISetup.exe

2013-06-16 18:56 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-06-14 12:16 - 2013-01-29 16:57 - 00000000 ____D C:\Firefox

2013-06-14 12:11 - 2013-06-14 12:10 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-06-14 12:11 - 2012-09-27 20:34 - 00000000 ____D C:\Program Files (x86)\Java

2013-06-14 11:48 - 2012-10-01 20:24 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-14 11:48 - 2012-10-01 20:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-14 11:41 - 2012-10-01 20:08 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\TeamViewer

2013-06-14 11:39 - 2012-05-04 18:34 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\CyberLink

2013-06-14 11:07 - 2013-06-03 00:18 - 00000000 ____D C:\Users\Rachel\AppData\Local\SteamPopCap

2013-06-11 14:39 - 2012-04-01 21:45 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-06-09 15:22 - 2012-02-12 17:38 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-06-09 15:22 - 2012-01-20 18:49 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-06-08 08:08 - 2013-06-16 18:18 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-08 08:07 - 2013-06-16 18:18 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-08 08:06 - 2013-06-16 18:18 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-08 08:06 - 2013-06-16 18:18 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-08 08:06 - 2013-06-16 18:18 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-08 06:28 - 2013-06-16 18:18 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-08 05:42 - 2013-06-16 18:18 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-08 05:40 - 2013-06-16 18:18 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-08 05:40 - 2013-06-16 18:18 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-08 05:40 - 2013-06-16 18:18 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-08 05:40 - 2013-06-16 18:18 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-08 05:13 - 2013-06-16 18:18 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-03 18:16 - 2012-01-08 16:50 - 75898224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-06-03 15:58 - 2013-06-03 15:58 - 00000113 ____A C:\Users\Rachel\Desktop\White Trader.url

2013-05-31 15:08 - 2013-05-31 15:08 - 00002078 ____A C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk

2013-05-31 14:52 - 2013-05-31 14:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Games

2013-05-30 18:13 - 2012-01-08 21:13 - 00000000 ____D C:\Users\Rachel\AppData\Roaming\.minecraft

2013-05-27 12:30 - 2012-01-20 19:06 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForRachel.job

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-06-17 14:18

 

==================== End Of Log ============================

 

 

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2013 01

Ran by Rachel at 2013-06-18 01:31:45 Run:

Running from C:\Users\Rachel\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

3RVX (Version: 2.5)

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)

Acrobat.com (Version: 1.6.65)

Adobe AIR (Version: 1.5.0.7220)

Adobe Flash Player 10 Plugin (Version: 10.3.183.90)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

Adobe Photoshop Elements 6.0 (Version: 6.0)

Adobe Reader 9.5.5 MUI (Version: 9.5.5)

Adobe Shockwave Player (Version: 11.5.1.601)

Adobe Shockwave Player 12.0 (Version: 12.0.2.122)

AMD APP SDK Runtime (Version: 10.0.831.4)

AMD Catalyst Install Manager (Version: 8.0.881.0)

AMD Fuel (Version: 2011.1109.2212.39826)

AMD Media Foundation Decoders (Version: 1.0.61109.2218)

AMD USB Filter Driver (Version: 1.0.15.94)

AMD VISION Engine Control Center (Version: 2011.1109.2212.39826)

Atheros Driver Installation Program (Version: 9.2)

Bejeweled 2 Deluxe (Version: 2.2.0.82)

Blackhawk Striker 2 (Version: 2.2.0.82)

Blasterball 3 (Version: 2.2.0.82)

Build-a-lot 2 (Version: 2.2.0.82)

Cake Mania (Version: 2.2.0.82)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826)

Catalyst Control Center InstallProxy (Version: 2010.0416.541.8279)

Catalyst Control Center InstallProxy (Version: 2012.0611.1251.21046)

Catalyst Control Center Localization All (Version: 2011.1109.2212.39826)

CCC Help English (Version: 2011.1109.2211.39826)

ccc-utility64 (Version: 2011.1109.2212.39826)

Chuzzle Deluxe (Version: 2.2.0.82)

CinemaNow Media Manager (Version: 1.9.1.105)

Clue

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

Contents (Version: 1.6.0.286)

Corel PaintShop Photo Pro X3 (Version: 1.00.0000)

Corel PaintShop Photo Pro X3 (Version: 1.6.1.116)

Corel VideoStudio Pro X3 (Version: 1.6.0.286)

CyberLink DVD Suite (Version: 7.0.2527)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DeviceIO (Version: 1.6.0.286)

Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)

DirectX Media Runtime 5.1

Dora's Carnival Adventure (Version: 2.2.0.82)

DVD Menu Pack for HP MediaSmart Video (Version: 4.0.3715)

Escape Rosecliff Island (Version: 2.2.0.82)

ESU for Microsoft Windows 7 (Version: 1.0.0)

Faerie Solitaire (Version: 2.2.0.82)

FATE (Version: 2.2.0.82)

Google Chrome (Version: 27.0.1453.110)

Google Update Helper (Version: 1.3.21.145)

Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)

HP 3D DriveGuard (Version: 4.0.3.1)

HP Advisor (Version: 3.4.10262.3295)

HP Customer Experience Enhancements (Version: 6.0.1.7)

HP DVB-T TV Tuner 8.0.64.43 (Version: 8.0.64.43)

HP Game Console

HP Games (Version: 1.0.0.80)

HP MediaSmart CinemaNow 2.0 (Version: 2.0)

HP MediaSmart DVD (Version: 4.0.3822)

HP MediaSmart Internet TV (Version: 3.2.2513)

HP MediaSmart Movies and TV (Version: 1.0.0.10)

HP MediaSmart Music (Version: 4.0.3903)

HP MediaSmart Photo (Version: 4.0.3911)

HP MediaSmart SmartMenu (Version: 3.1.1.12)

HP MediaSmart Video (Version: 4.0.3911)

HP MediaSmart Webcam (Version: 4.0.2511)

HP MediaSmart/TouchSmart Netflix (Version: 1.0.9.0)

HP Photo Creations (Version: 1.0.0.2261)

HP Power Plan Utility (Version: 1.0.6)

HP Quick Launch (Version: 2.4.4)

HP QuickWeb Installer (Version: 1.2.12.0)

HP Setup (Version: 1.2.3988.3281)

HP SimplePass Identity Protection (Version: 5.20.233)

HP Software Framework (Version: 4.1.6.1)

HP Support Assistant (Version: 7.0.39.15)

HP Update (Version: 5.003.001.001)

HP User Guides 0188 (Version: 1.00.0000)

HP Wireless Assistant (Version: 4.0.4.2)

Hulu Desktop (Version: 0.9.11)

ICA (Version: 1.6.0.286)

ICA (Version: 1.6.1.116)

IDT Audio (Version: 1.0.6269.0)

IPM_PSP_Pro (Version: 1.00.0000)

IPM_VS_Pro (Version: 13.0)

ISCOM (Version: 1.6.0.286)

ISCOM (Version: 1.6.1.116)

Java 7 Update 21 (64-bit) (Version: 7.0.210)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

JavaFX 2.1.1 (Version: 2.1.1)

Jewel Quest 3 (Version: 2.2.0.82)

Jewel Quest Solitaire 2 (Version: 2.2.0.82)

Junk Mail filter update (Version: 14.0.8089.726)

LabelPrint (Version: 2.5.2515)

LightScribe System Software (Version: 1.18.11.1)

LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)

Microsoft Office Suite Activation Assistant (Version: 2.9)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Works (Version: 9.7.0621)

Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)

Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)

Movie Theme Pack for HP MediaSmart Video (Version: 4.0.3715)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Mystery P.I. - The New York Fortune (Version: 2.2.0.82)

Penguins! (Version: 2.2.0.82)

PhotoNow! (Version: 1.1.6904)

Plants vs. Zombies (Version: 2.2.0.82)

Plants vs. Zombies: Game of the Year

Poker Superstars III (Version: 2.2.0.82)

Polar Bowler (Version: 2.2.0.82)

Polar Golfer (Version: 2.2.0.82)

Portal

Portal 2

Power2Go (Version: 6.1.3715)

PowerDirector (Version: 8.0.2514)

PSPPContent (Version: 1.00.0000)

PSPPRO_DCRAW (Version: 13.0.0)

PureHD (Version: 1.6.0.286)

Realtek Ethernet Controller Driver For Windows 7 (Version: 7.11.1127.2009)

Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)

Recovery Manager (Version: 5.5.2512)

Roxio CinemaNow 2.0 (Version: 1.0.262)

Secunia PSI (3.0.0.7009) (Version: 3.0.0.7009)

Setup (Version: 1.6.0.286)

Setup (Version: 1.6.1.116)

Share (Version: 1.6.0.286)

Share64 (Version: 1.6.0.286)

SPORE™ (Version: 1.00.0000)

Steam (Version: 1.0.0.0)

swMSM (Version: 12.0.0.1)

Symantec Endpoint Protection (Version: 11.0.5002.333)

Synaptics Pointing Device Driver (Version: 15.3.29.0)

Team Fortress 2

Terraria

TextTwist 2 (Version: 2.2.0.82)

The Sims 3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Validity Sensors DDK (Version: 4.1.129.0)

VIO (Version: 1.6.0.286)

Virtual Families (Version: 2.2.0.82)

Virtual Villagers - The Secret City (Version: 2.2.0.82)

VSClassic (Version: 1.6.0.286)

VSPro (Version: 1.6.0.286)

Wheel of Fortune 2 (Version: 2.2.0.82)

Windows Live Call (Version: 14.0.8064.0206)

Windows Live Communications Platform (Version: 14.0.8064.206)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live Messenger (Version: 14.0.8089.0726)

Windows Live Photo Gallery (Version: 14.0.8081.709)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8089.0726)

Windows Media Encoder 9 Series

Windows Media Encoder 9 Series (Version: 9.00.2980)

Zoo Tycoon: Complete Collection

Zuma's Revenge (Version: 2.2.0.82)

 

==================== Restore Points  =========================

 

13-06-2013 16:51:12 Windows Update

14-06-2013 18:08:36 Installed Java 7 Update 21

14-06-2013 18:20:52 Removed Java 6 Update 17 (64-bit)

17-06-2013 00:17:39 Windows Update

17-06-2013 01:03:13 Windows Update

17-06-2013 02:21:38 Installed SpyHunter

17-06-2013 02:45:57 Removed SpyHunter

17-06-2013 02:52:37 Removed SpyHunter

17-06-2013 03:38:59 Removed service pack backup files

18-06-2013 00:53:29 Installed MSXML 4.0 SP3 Parser

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {014A8238-988D-4587-863D-FA8E35CC5001} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-08] (Microsoft Corporation)

Task: {0A079CF3-C609-459A-BE9E-77B09DD0D41D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {1157B179-21D6-40B0-B999-481E9FE3AED4} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation)

Task: {2680902E-DFBA-4F76-AF33-9FA80FE7558C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {2D039F80-C934-4CA5-9B71-B215FABF1FB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)

Task: {347CE87D-EDE3-4E38-B07D-C7E814094B14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)

Task: {44624CDD-592C-4E80-815B-A14525F88500} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()

Task: {490CB463-4E44-4AA5-B5DF-73DD2B3A0E9B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()

Task: {4F1C29B6-DDFF-4D4B-A83B-D40FAAF216F4} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2010-01-26] ()

Task: {559E378E-B958-4FB7-BA20-18C291086B04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-06-04] (Microsoft)

Task: {57E04E78-26D5-43B1-ABDA-598846B8F0D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)

Task: {7B2CCB3F-1A9B-48E6-B3BB-D3551600D408} - System32\Tasks\WPD\SqmUpload_S-1-5-21-598140645-2203263179-401984403-1000 => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)

Task: {80EFD8CA-7DAA-45E1-A583-9715A58412D1} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()

Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] ()

Task: {8D6E9DB9-B441-4153-ACAB-84A6004B2283} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {8D943EC1-CE10-4216-A6CC-D8B1373A869D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => C:\Windows\system32\sc.exe [2009-07-13] (Microsoft Corporation)

Task: {910168EF-30A9-4E41-BEEB-2E28CD6782A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-03-21] (Hewlett-Packard)

Task: {BD64F120-2DDD-4CCA-9D80-2165134A02B8} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe [2009-07-13] ()

Task: {D808980C-F349-4037-925D-89A83CD54D75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.)

Task: {D80E4293-3A3B-44B2-869A-BEE61D4C2ED2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe [2009-07-13] (Microsoft Corporation)

Task: {DABC160B-084E-44DC-9403-B692948D8517} - System32\Tasks\HPCeeScheduleForRachel => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {F64B670E-6832-45AB-94DC-6758D072EEF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\MICROSOFT\MICROSOFT HELP\WIQJOWQRG.DLL by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\MICROSOFT\MICROSOFT HELP\WIQJOWQRG.DLL by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus) (User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

 

System errors:

=============

Error: (06/18/2013 01:15:18 AM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service hung on starting.

 

Error: (06/17/2013 06:43:52 PM) (Source: Service Control Manager) (User: )

Description: The Security Center service hung on starting.

 

Error: (06/17/2013 06:43:28 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (06/17/2013 06:42:28 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (06/17/2013 06:41:47 PM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service hung on starting.

 

Error: (06/16/2013 10:42:00 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (06/16/2013 10:41:05 PM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service hung on starting.

 

Error: (06/16/2013 10:37:04 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (06/16/2013 10:02:15 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (06/16/2013 10:00:55 PM) (Source: Service Control Manager) (User: )

Description: The HP Wireless Assistant Service service failed to start due to the following error: 

%%1053

 

 

Microsoft Office Sessions:

=========================

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\MICROSOFT\MICROSOFT HELP\WIQJOWQRG.DLL by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\MICROSOFT\MICROSOFT HELP\WIQJOWQRG.DLL by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

Error: (06/18/2013 01:10:56 AM) (Source: Symantec AntiVirus)(User: )

Description: Security Risk Found!Trojan.Tracur in File: C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll by: Auto-Protect scan.  Action: Delete failed : Leave Alone failed.  Action Description:

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-06-17 22:14:24.971

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 22:14:24.752

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 22:14:24.518

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 22:14:24.191

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 22:14:23.941

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 22:14:23.723

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 21:55:39.335

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 21:55:38.992

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 21:55:38.742

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_f0780c78ec8773db\bcrypt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-06-17 21:55:38.462

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 48%

Total physical RAM: 3834.9 MB

Available physical RAM: 1980.95 MB

Total Pagefile: 7667.99 MB

Available Pagefile: 5396.36 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:443.57 GB) (Free:319.92 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:21.89 GB) (Free:3.18 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)

Drive g: (Vista) (Fixed) (Total:84.76 GB) (Free:12.74 GB) NTFS (Disk=1 Partition=1) ==>[system with boot components (obtained from reading drive)]

Drive h: (HP_RECOVERY) (Fixed) (Total:7.03 GB) (Free:0.58 GB) NTFS (Disk=1 Partition=2) ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: F1977E89)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=444 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

========================================================

Disk: 1 (Size: 112 GB) (Disk ID: 4D9669D5)

Partition 1: (Active) - (Size=85 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=20 GB) - (Type=05)

Partition 3: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTIONHKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Rachel\AppData\Local\Temp\specyxx\sxlbglp\wow64.dll ATTENTION! ====> ZeroAccessHKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...mid=406&sr=0&q={searchTerms}SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...mid=406&sr=0&q={searchTerms}HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...mid=406&sr=0&q={searchTerms}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 - {071558D2-E86B-4074-98A2-C18CB1CBC36C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushplSearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...mid=406&sr=0&q={searchTerms}HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =C:\Users\Rachel\AppData\Local\Temp\specyxxC:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMPC:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2013 01

Ran by Rachel at 2013-06-18 01:57:59 Run:1

Running from C:\Users\Rachel\Downloads

Boot Mode: Normal

==============================================

 

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{071558D2-E86B-4074-98A2-C18CB1CBC36C} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{071558D2-E86B-4074-98A2-C18CB1CBC36C} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.

 

"C:\Users\Rachel\AppData\Local\Temp\specyxx" directory move:

 

Could not move "C:\Users\Rachel\AppData\Local\Temp\specyxx" directory. => Scheduled to move on reboot.

 

C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP => Moved successfully.

C:\Users\Rachel\AppData\Local\Microsoft\Microsoft Help\wiqjowqrg.dll => File/Directory not found.

 

=========== Result of Scheduled Files to move ===========

C:\Users\Rachel\AppData\Local\Temp\specyxx => Directory moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.06.18.02

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Rachel :: RACHEL-PC [administrator]

 

6/18/2013 2:08:23 AM

mbam-log-2013-06-18 (02-08-23).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208158

Time elapsed: 6 minute(s), 14 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Your computer was infected with the ZeroAccess rootkit.

Let´s hope it is gone...

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Farbar Service Scanner Version: 16-06-2013

Ran by Rachel (administrator) on 18-06-2013 at 07:18:02

Running from "C:\Users\Rachel\Downloads"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo.com returned error: Yahoo.com is offline

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-06-12 11:41] - [2013-05-08 00:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

 

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2013-06-12 11:36] - [2013-05-12 23:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

Link to post
Share on other sites

I have a full hard drive backup from a few months ago. The computer is only used for homework, gaming, and watching videos. No email or sensitive information was ever accessed on the computer. Nothing material would be lost by reformatting the hard drive and using the full backup.

Link to post
Share on other sites

That isn´t neccessary! :)

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites

# AdwCleaner v2.303 - Logfile created 06/19/2013 at 06:25:38

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Rachel - RACHEL-PC

# Boot Mode : Normal

# Running from : C:\Users\Rachel\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : DvmMDES

 

***** [Files / Folders] *****

 

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Users\Rachel\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Rachel\AppData\Local\Temp\boost_interprocess

Folder Deleted : C:\Users\Rachel\AppData\LocalLow\searchquband

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\Software\DeviceVM

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\DataMngr

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16611

 

[OK] Registry is clean.

 

-\\ Google Chrome v27.0.1453.110

 

File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [2310 octets] - [19/06/2013 06:25:38]

 

########## EOF - C:\AdwCleaner[s1].txt - [2370 octets] ##########
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.