Jump to content

Overflow...


Recommended Posts

I tried to do the DDS and run it so I could get some help, but the scan runs half way and freezes. So I can't even get a log for you guys to see. I figured I would just tell you what is going on and see if anyone has a suggestion :\
 

Ok, so my 4 year olds are constantly on my desktop, playing games and youtubing it up. Well, I figured I have some mad kind of malware becasue I am getting the "Click on anything and get sent to a survey" bullcrap. So I DLed Malwarebytes and did a scan. 46,000+ infections!! Holy WOW! Well, when I try to delete them, it gives me this error. I have uninstalled and rescanned, I have ran the mbam clean thingy and resinstalled. I have tried everything. What next? I want my old computer backl!! This is what it looks like:

post-142260-0-40630400-1372726144_thumb.

Link to post
Share on other sites

  • Staff

Hello Telesha

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Thanks Gringo :) Here is the scans you requested. Please forgive all of the junk that is installed on this computer, my 5 year old twins get on and they go to game websites and more often than not I find that they have installed something in order to be able to play a particular game. Then I can't figure out how to get rid of it. I now see that the games are most likely responsible for all the malware on my comp. Ill be at work till later tonight so I won't be responding again until then. So anyways, here is the mess:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by Childers (administrator) on 02-07-2013 10:11:12
Running from C:\Users\Childers\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Windstream) C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Radialpoint SafeCare Inc.) C:\Program Files\Windstream\Service Agent\ServicepointService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Windstream) C:\Program Files\Windstream\Service Agent\Windstream Service Agent.exe
(Windstream) C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Radialpoint SafeCare Inc.) C:\Program Files\Windstream\Service Agent\Windstream Service AgentComHandler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Farbar) C:\Users\Childers\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 2009-02-04] (Realtek Semiconductor)
HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windstream Service Agent.exe] "C:\Program Files\Windstream\Service Agent\Windstream Service Agent.exe" /AUTORUN [10204472 2011-10-14] (Windstream)
HKLM\...\Run: [DiagnosticTools.exe] "C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN [2037048 2011-04-25] (Windstream)
HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [295512 2013-06-18] (RealNetworks, Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [2236080 2013-07-02] ()
HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Childers\AppData\Local\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {057fec05-4f73-11e1-b7b8-00248ceaed57} - G:\setup.exe -a
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
HKLM SearchScopes: DefaultScope {9ED16721-0CF0-4F0B-ADF3-B59DBCC5BF56} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {4B9121C7-5A1E-417F-B2A3-4FFD6B564AA3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm003YYus&ptb=3B0C7588-A2B7-4114-8DF8-5CF67B8E341B&psa=&ind=2011110719&ptnrS=YJxdm003YYus&si=CIX_n4nXpawCFY9V7AodbWt6Bw&st=sb&n=77df1d3f&searchfor={searchTerms}
SearchScopes: HKLM - {9ED16721-0CF0-4F0B-ADF3-B59DBCC5BF56} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
HKCU SearchScopes: DefaultScope {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm003YYus&ptb=3B0C7588-A2B7-4114-8DF8-5CF67B8E341B&psa=&ind=2011110719&ptnrS=YJxdm003YYus&si=CIX_n4nXpawCFY9V7AodbWt6Bw&st=sb&n=77df1d3f&searchfor={searchTerms}
SearchScopes: HKCU - {4B9121C7-5A1E-417F-B2A3-4FFD6B564AA3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={99B87885-5786-40A6-BDA7-76A2ABC9C42E}&mid=8ed4951bd52247d3a1f5d16dca0e04a4-3039bdf82bf4681e0ccb4c4894851da3f7cba335〈=en&ds=re011&pr=sa&d=2013-07-02 09:58:17&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm003YYus&ptb=3B0C7588-A2B7-4114-8DF8-5CF67B8E341B&psa=&ind=2011110719&ptnrS=YJxdm003YYus&si=CIX_n4nXpawCFY9V7AodbWt6Bw&st=sb&n=77df1d3f&searchfor={searchTerms}
SearchScopes: HKCU - {9ED16721-0CF0-4F0B-ADF3-B59DBCC5BF56} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {C1F519E1-2E9A-4F36-8A02-DCF077624E55} URL = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Unit - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Childers\AppData\Local\UnitLayers\temp.dat ()
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default
FF user.js: detected! => C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\user.js
FF NewTab: about:blank
FF SearchEngine: AVG Secure Search


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Childers\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Childers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Childers\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Unit Layers - C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\Extensions\gnzeaty@tkbgrszrmflnue.com
FF Extension: HP Detect - C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: No Name - C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Unit Layers - C:\Program Files\Mozilla Firefox\extensions\gnzeaty@tkbgrszrmflnue.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11

Chrome:
=======


CHR Extension: (uTorrentBar) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.19.11_0
CHR Extension: (YouTube) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Unit Layers) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0
CHR Extension: (RealDownloader) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Radialpoint SPD Extension) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0
CHR Extension: (Gmail) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

S2 BITS; c:\windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard)
R2 HsdService; C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 ServicepointService; C:\Program Files\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-14] (Radialpoint SafeCare Inc.)
R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-07-02] (AVG Technologies)
S3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [618112 2008-02-13] (PixArt Imaging Inc.)
R3 cpuz134; \??\C:\Users\Childers\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 10:11 - 2013-07-02 10:11 - 00000000 ____D C:\FRST
2013-07-02 10:09 - 2013-07-02 10:10 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST(1).exe
2013-07-02 09:59 - 2013-07-02 09:59 - 00000000 ____D C:\Users\Childers\AppData\Local\AVG SafeGuard toolbar
2013-07-02 09:58 - 2013-07-02 10:07 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-07-02 09:58 - 2013-07-02 09:58 - 00003726 ____A C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-07-02 09:58 - 2013-07-02 09:57 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-07-02 09:56 - 2013-07-02 09:56 - 00726472 ____A (Reimage®) C:\Users\Childers\Downloads\ReimageRepair(1).exe
2013-07-02 09:55 - 2013-07-02 09:55 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST.exe
2013-07-01 20:17 - 2013-07-01 20:17 - 00688992 ____R (Swearware) C:\Users\Childers\Desktop\dds.com
2013-07-01 18:25 - 2013-07-01 18:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Malwarebytes
2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-01 18:25 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-01 18:24 - 2013-07-01 18:24 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-07-01 18:12 - 2013-07-01 18:12 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Childers\Downloads\mbam-clean-1.60.2.0003.exe
2013-06-30 10:17 - 2013-06-30 10:17 - 00000000 ____A C:\Users\Childers\Desktop\New Bitmap Image.bmp
2013-06-29 19:45 - 2013-06-29 19:46 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-29 19:38 - 2013-06-29 19:46 - 05731402 ____A C:\Users\Childers\Desktop\Rkill.txt
2013-06-29 19:37 - 2013-06-29 19:38 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Childers\Downloads\rkill.com
2013-06-26 13:58 - 2013-06-26 13:58 - 00897832 ____A (SetupManager) C:\Users\Childers\Downloads\Extreme_Flash_Player_Setup.exe
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-06-23 12:57 - 2013-06-23 12:57 - 01488280 ____A (Bandoo Media Inc) C:\Users\Childers\Downloads\iLividSetup-r352-n-bc.exe
2013-06-23 12:57 - 2013-06-23 12:57 - 00263186 ____A C:\Users\Childers\Desktop\Minecraft.exe
2013-06-18 00:23 - 2013-06-18 16:22 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-06-18 00:22 - 2013-06-18 00:22 - 00000000 ____D C:\Users\Childers\AppData\Local\UnitLayers
2013-06-18 00:21 - 2013-06-18 16:21 - 00000000 ____A C:\END
2013-06-18 00:19 - 2013-06-18 00:19 - 00000000 ____D C:\Users\Childers\AppData\Roaming\RealNetworks
2013-06-18 00:18 - 2013-06-18 00:18 - 00001031 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-18 00:17 - 2013-06-18 00:19 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Real
2013-06-18 00:17 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\Real
2013-06-18 00:17 - 2013-06-18 00:17 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-06-18 00:17 - 2013-06-18 00:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-06-18 00:17 - 2013-06-18 00:17 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-06-18 00:17 - 2013-06-18 00:17 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-06-18 00:07 - 2013-06-18 00:19 - 00000000 ____D C:\ProgramData\Real
2013-06-18 00:06 - 2013-06-18 00:06 - 00896296 ____A (SetupManager) C:\Users\Childers\Downloads\SnapChat.exe
2013-06-05 21:30 - 2013-06-05 21:30 - 00230563 ____A C:\Users\Childers\Downloads\Insurance Doc
2013-06-04 19:16 - 2013-06-04 19:16 - 00000000 ____D C:\Users\Childers\AppData\Local\Gameforge4d
2013-06-04 19:15 - 2013-06-18 16:19 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-04 19:13 - 2013-06-04 19:15 - 18955920 ____A (Gameforge                                                   ) C:\Users\Childers\Downloads\AION_GameforgeLiveSetup_EN.exe

==================== One Month Modified Files and Folders ========

2013-07-02 10:11 - 2013-07-02 10:11 - 00000000 ____D C:\FRST
2013-07-02 10:10 - 2013-07-02 10:09 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST(1).exe
2013-07-02 10:07 - 2013-07-02 09:58 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-07-02 10:01 - 2013-05-24 18:31 - 00000162 ____A C:\Windows\Reimage.ini
2013-07-02 09:59 - 2013-07-02 09:59 - 00000000 ____D C:\Users\Childers\AppData\Local\AVG SafeGuard toolbar
2013-07-02 09:58 - 2013-07-02 09:58 - 00003726 ____A C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-07-02 09:57 - 2013-07-02 09:58 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-07-02 09:56 - 2013-07-02 09:56 - 00726472 ____A (Reimage®) C:\Users\Childers\Downloads\ReimageRepair(1).exe
2013-07-02 09:55 - 2013-07-02 09:55 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST.exe
2013-07-02 09:54 - 2012-07-28 11:34 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 09:52 - 2006-11-02 08:47 - 00004912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:52 - 2006-11-02 08:47 - 00004912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:48 - 2013-01-10 15:39 - 00000000 ____D C:\ProgramData\Radialpoint
2013-07-02 09:43 - 2012-06-22 11:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 09:11 - 2011-03-19 23:19 - 01297060 ____A C:\Windows\WindowsUpdate.log
2013-07-02 06:04 - 2013-01-10 15:39 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Radialpoint
2013-07-01 21:58 - 2006-11-02 06:33 - 00790826 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-01 21:52 - 2012-07-28 11:34 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 21:52 - 2012-04-25 09:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-01 21:52 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 20:17 - 2013-07-01 20:17 - 00688992 ____R (Swearware) C:\Users\Childers\Desktop\dds.com
2013-07-01 19:56 - 2011-06-06 20:57 - 00000000 ____D C:\Users\Childers\AppData\Local\Paint.NET
2013-07-01 19:46 - 2011-11-05 10:12 - 00000000 ____D C:\Users\Childers\AppData\Roaming\.minecraft
2013-07-01 18:25 - 2013-07-01 18:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Malwarebytes
2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-01 18:24 - 2013-07-01 18:24 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-07-01 18:20 - 2008-01-20 22:47 - 00250634 ____A C:\Windows\PFRO.log
2013-07-01 18:18 - 2006-11-02 09:01 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-01 18:12 - 2013-07-01 18:12 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Childers\Downloads\mbam-clean-1.60.2.0003.exe
2013-06-30 12:09 - 2011-03-20 12:25 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-06-30 10:29 - 2011-03-19 23:25 - 00001356 ____A C:\Users\Childers\AppData\Local\d3d9caps.dat
2013-06-30 10:17 - 2013-06-30 10:17 - 00000000 ____A C:\Users\Childers\Desktop\New Bitmap Image.bmp
2013-06-29 19:46 - 2013-06-29 19:45 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-06-29 19:46 - 2013-06-29 19:38 - 05731402 ____A C:\Users\Childers\Desktop\Rkill.txt
2013-06-29 19:38 - 2013-06-29 19:37 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Childers\Downloads\rkill.com
2013-06-28 19:13 - 2011-09-25 13:38 - 00000000 ____D C:\Users\Childers\AppData\Local\Unity
2013-06-26 13:58 - 2013-06-26 13:58 - 00897832 ____A (SetupManager) C:\Users\Childers\Downloads\Extreme_Flash_Player_Setup.exe
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2013-06-23 12:57 - 2013-06-23 12:57 - 01488280 ____A (Bandoo Media Inc) C:\Users\Childers\Downloads\iLividSetup-r352-n-bc.exe
2013-06-23 12:57 - 2013-06-23 12:57 - 00263186 ____A C:\Users\Childers\Desktop\Minecraft.exe
2013-06-19 17:00 - 2012-07-28 11:35 - 00001933 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-18 19:39 - 2011-11-22 14:45 - 00000000 ____D C:\Program Files\Common Files\EPSON
2013-06-18 19:39 - 2011-11-22 14:44 - 00000000 ____D C:\Program Files\epson
2013-06-18 16:22 - 2013-06-18 00:23 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-06-18 16:22 - 2008-08-28 13:35 - 00000000 ____D C:\Program Files\CyberLink
2013-06-18 16:22 - 2008-08-28 13:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-18 16:21 - 2013-06-18 00:21 - 00000000 ____A C:\END
2013-06-18 16:19 - 2013-06-04 19:15 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-18 16:04 - 2011-11-22 14:44 - 00000000 ____D C:\ProgramData\EPSON
2013-06-18 15:28 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\twain_32
2013-06-18 15:23 - 2008-08-28 14:11 - 00000000 ___HD C:\hp
2013-06-18 00:22 - 2013-06-18 00:22 - 00000000 ____D C:\Users\Childers\AppData\Local\UnitLayers
2013-06-18 00:19 - 2013-06-18 00:19 - 00000000 ____D C:\Users\Childers\AppData\Roaming\RealNetworks
2013-06-18 00:19 - 2013-06-18 00:17 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Real
2013-06-18 00:19 - 2013-06-18 00:07 - 00000000 ____D C:\ProgramData\Real
2013-06-18 00:18 - 2013-06-18 00:18 - 00001031 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\RealNetworks
2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-06-18 00:18 - 2013-06-18 00:17 - 00000000 ____D C:\Program Files\Real
2013-06-18 00:17 - 2013-06-18 00:17 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2013-06-18 00:17 - 2013-06-18 00:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2013-06-18 00:17 - 2013-06-18 00:17 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2013-06-18 00:17 - 2013-06-18 00:17 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2013-06-18 00:17 - 2008-08-28 13:20 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2013-06-18 00:06 - 2013-06-18 00:06 - 00896296 ____A (SetupManager) C:\Users\Childers\Downloads\SnapChat.exe
2013-06-11 14:43 - 2012-06-22 11:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 14:43 - 2011-05-24 11:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-09 12:04 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache
2013-06-05 21:30 - 2013-06-05 21:30 - 00230563 ____A C:\Users\Childers\Downloads\Insurance Doc
2013-06-04 19:16 - 2013-06-04 19:16 - 00000000 ____D C:\Users\Childers\AppData\Local\Gameforge4d
2013-06-04 19:15 - 2013-06-04 19:13 - 18955920 ____A (Gameforge                                                   ) C:\Users\Childers\Downloads\AION_GameforgeLiveSetup_EN.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-02 10:05

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2013
Ran by Childers at 2013-07-02 10:11:36
Running from C:\Users\Childers\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
AVG SafeGuard toolbar (Version: 15.3.0.11)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (Version: .1707)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Document Express DjVu Plug-in (Version: 6.1.27549)
DrumsUI Updater
EQ2MAP Updater 1.2.10 (Version: 1.2.10)
EverQuest II
Google Chrome (Version: 27.0.1453.116)
Google Drive (Version: 1.10.4769.632)
Google Update Helper (Version: 1.3.21.145)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)
HP Active Support Library (Version: 3.1.6.1)
HP Customer Feedback (Version: 1.0.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Product Detection (Version: 11.14.0001)
HP Recovery Manager RSS (Version: 84.0.0.7)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPTCSSetup (Version: 1.0.964.2626)
Index.Dat Viewer 3 (Version: 3)
InstallIQ Updater (Version: 1.4.3.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Legends of Norrath (Version: 1.00.000)
LightScribe System Software  1.14.17.1 (Version: 1.14.17.1)
LightScribeTemplateLabeler (Version: 1.10.23.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Interactive Training
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: 1.0.0.52)
NVIDIA 3D Vision Controller Driver (Version: 270.61)
NVIDIA 3D Vision Controller Driver 310.70 (Version: 310.70)
NVIDIA 3D Vision Driver 310.70 (Version: 310.70)
NVIDIA Control Panel 310.70 (Version: 310.70)
NVIDIA Graphics Driver 310.70 (Version: 310.70)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.95.599)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1070)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Paint.NET v3.5.10 (Version: 3.60.0)
PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50)
PowerDirector (Version: 6.5.2926)
PSSWCORE (Version: 2.03.0000)
PVSonyDll (Version: 1.00.0001)
Python 2.5.2 (Version: 2.5.2150)
QuickTime (Version: 7.74.80.86)
Radialpoint Security Advisor 2.5.15 (Version: 2.5.15)
Radialpoint Servicepoint Dashboard Extensions version 13.5.24.31336 (Version: 13.5.24.31336)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Realtek High Definition Audio Driver (Version: 6.0.1.5783)
RealUpgrade 1.1 (Version: 1.1.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab
Unit Layers (HKCU Version: 9.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Ventrilo Client (Version: 3.0.8)
VideoToolkit01 (Version: 110.0.171.000)
Volume Activation Management Tool 2.0 (Version: 2.0.67.0)
Windstream Diagnostic Tools 3.0.21 (Version: 3.0.21)
Windstream Service Agent 4.1.15 (Version: 4.1.15)
Wizard101 (Version: 1.0.0)
Xvid Video Codec (Version: 1.3.1)

==================== Restore Points  =========================

20-06-2013 04:02:01 Scheduled Checkpoint
21-06-2013 09:11:08 Scheduled Checkpoint
22-06-2013 11:59:28 Scheduled Checkpoint
23-06-2013 08:11:13 Scheduled Checkpoint
24-06-2013 04:00:07 Scheduled Checkpoint
25-06-2013 05:21:04 Scheduled Checkpoint
26-06-2013 10:29:28 Scheduled Checkpoint
27-06-2013 04:00:07 Scheduled Checkpoint
28-06-2013 07:12:53 Scheduled Checkpoint
29-06-2013 06:05:34 Scheduled Checkpoint
30-06-2013 22:28:54 Scheduled Checkpoint
01-07-2013 16:05:29 Scheduled Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: {09007F27-BA98-4842-A3E7-F9D3C0B26191} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-686091513-615678447-1333749661-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {23E7C59C-5CB6-4699-B350-0D34D024B4C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {46FD6195-9ADF-4C3B-B279-E7454550B5D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {55637B36-05D7-4351-B485-349708EBCD2B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {69F794C5-92BB-4399-BED8-513DD05CD967} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-686091513-615678447-1333749661-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {75DCED51-1B8F-4A2C-A787-371A849EC120} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {8B9806B8-5C3D-4582-BB06-925B9C365D92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {9A8292CB-4C76-4284-8764-F367CADE3B1B} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {A95BA942-4803-43D7-8DA6-90804FDC5B59} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)
Task: {BF1C2293-CF3E-4494-A31A-7F8EC39A152E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)
Task: {DB78C0CF-5D73-420D-90EF-B4E0CA6DFDF2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2013 06:19:03 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16446, time stamp 0x4fb58407, exception code 0xc0000005, fault offset 0x0040028f,
process id 0x9a0, application start time 0xsvchost.exe0.

Error: (07/01/2013 09:54:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 09:52:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2013 09:52:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2013 08:40:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2013 08:40:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/01/2013 08:40:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:39:44 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/01/2013 08:36:52 PM) (Source: Application Hang) (User: )
Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1390
Start Time: 01ce76b9af9451e5
Termination Time: 2

Error: (07/01/2013 06:21:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/02/2013 09:59:36 AM) (Source: Service Control Manager) (User: )
Description: Reimage Real Time Protection

Error: (07/02/2013 06:14:58 AM) (Source: Schannel) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (07/02/2013 05:42:09 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2

Error: (07/02/2013 05:41:38 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2

Error: (07/02/2013 05:41:08 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2

Error: (07/02/2013 05:40:38 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2

Error: (07/02/2013 05:40:08 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2

Error: (07/02/2013 05:39:38 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2

Error: (07/02/2013 05:39:07 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2

Error: (07/02/2013 05:38:37 AM) (Source: Service Control Manager) (User: )
Description: BITS%%2


Microsoft Office Sessions:
=========================
Error: (07/02/2013 06:19:03 AM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6001.1800047918b89mshtml.dll9.0.8112.164464fb58407c00000050040028f9a001ce770b20ec7a7b

Error: (07/01/2013 09:54:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 09:52:59 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/01/2013 09:52:59 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/01/2013 08:40:46 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/01/2013 08:40:46 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (07/01/2013 08:40:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 08:39:44 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/01/2013 08:36:52 PM) (Source: Application Hang)(User: )
Description: dds.com2012.11.20.1139001ce76b9af9451e52

Error: (07/01/2013 06:21:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2011-10-24 09:57:20.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:57:20.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:57:20.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:57:20.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:57:20.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:57:20.015
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:57:19.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:57:19.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:56:23.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-10-24 09:56:22.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3582.19 MB
Available physical RAM: 1979.68 MB
Total Pagefile: 7408.07 MB
Available Pagefile: 5695.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.49 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.55 GB) (Free:85.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.54 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello Telesha

Ok lets see if we can find a replacement for the infected file

Boot back into the recovery Environment and run FRST like you did before

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo

Link to post
Share on other sites

  • Staff

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
Link to post
Share on other sites

Yes, I have tried to do exactly as you said, but the FRST program freezes when after I hit search. I tried a few different times and gave it time to run through, but to no avail. I work alot, so I am only on the computer a little while at a time every day. What should I do next? Thanks!

Link to post
Share on other sites

  • Staff

Hello

I would like to run this next to search for some files on the computer.

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefindservices.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Gringo

Link to post
Share on other sites

  • Staff

Did it finish the scan?

If not try in safe mode.

Boot into Safe Mode

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Link to post
Share on other sites

  • Staff

Hello Telesha

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Ok, I downloaded and ran the program and the first time it ran all the way through and finished, but no log was produced. The thing just finished and closed. So I tried to rerun the program and I had a couple of error messages so I restarted the computer. Ran again, but it froze half way through. I restarted and reran again, but it froze again. And again on a fourth try. I will try a few more times while awaiting your reply as it ran the first time, so it should run again. But if you don't see another reply after this, it was to no avail and I am awaiting my next instruction.

Link to post
Share on other sites

  • Staff

Hello Telesha

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================

    Scan finished

    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

Link to post
Share on other sites

I am on roguekiller right now, waiting for it to "delete". It has been "deleting" for about a half an hour, there were only five infections found from the scan. I will let it go for a little while longer. I do have the TDSSKILLER report so I will attach it in this reply and I will do another reply for the roguekiller report once it finishes if it does at all.

 

TDSSKiller.2.8.16.0_12.07.2013_12.30.44_log.txt

Link to post
Share on other sites

Ok, so it just kept deleting and nothing was happening, and it wouldn't let me exit, so I think it froze. I restarted the computer, ran another scan and just hit report. It looked like it had actually deleted everything the first time,just never finished the process. I am trying to run malwarebytes again to see if it will clean everything up. I will update and let you know what happens next. I am heading to work, so it will be tomorrow probably. Thanks! Oh, here is the report from Roguekiller after the second scan.

 

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Childers [Admin rights]
Mode : Scan -- Date : 07/12/2013 13:37:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\WINDOWS\Installer\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\U [-] --> FOUND
[ZeroAccess][Folder] U : C:\Users\Childers\AppData\Local\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\WINDOWS\Installer\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\L [-] --> FOUND
[ZeroAccess][Folder] L : C:\Users\Childers\AppData\Local\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\L [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-65B4A0 ATA Device +++++
--- User ---
[MBR] fa6b5ad83bc8c62c2ce3f009019015fb
[bSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 293429 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600944400 | Size: 11812 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07122013_133739.txt >>
RKreport[0]_S_07122013_124427.txt;RKreport[0]_S_07122013_131651.txt

Link to post
Share on other sites

  • Staff

Hello Telesha

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
after combofix has finished its scan please post the report back here.

Gringo

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.