Telesha Posted July 2, 2013 ID:697708 Share Posted July 2, 2013 I tried to do the DDS and run it so I could get some help, but the scan runs half way and freezes. So I can't even get a log for you guys to see. I figured I would just tell you what is going on and see if anyone has a suggestion :\ Ok, so my 4 year olds are constantly on my desktop, playing games and youtubing it up. Well, I figured I have some mad kind of malware becasue I am getting the "Click on anything and get sent to a survey" bullcrap. So I DLed Malwarebytes and did a scan. 46,000+ infections!! Holy WOW! Well, when I try to delete them, it gives me this error. I have uninstalled and rescanned, I have ran the mbam clean thingy and resinstalled. I have tried everything. What next? I want my old computer backl!! This is what it looks like: Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 2, 2013 Staff ID:697738 Share Posted July 2, 2013 Hello Telesha I would like to welcome you to the Malware Removal section of the forum. Around here they call me Gringo and I will be glad to help you with your malware problems. Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions. I would like you to run this program for me. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Gringo Link to post Share on other sites More sharing options...
Telesha Posted July 2, 2013 Author ID:697847 Share Posted July 2, 2013 Thanks Gringo Here is the scans you requested. Please forgive all of the junk that is installed on this computer, my 5 year old twins get on and they go to game websites and more often than not I find that they have installed something in order to be able to play a particular game. Then I can't figure out how to get rid of it. I now see that the games are most likely responsible for all the malware on my comp. Ill be at work till later tonight so I won't be responding again until then. So anyways, here is the mess: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013Ran by Childers (administrator) on 02-07-2013 10:11:12Running from C:\Users\Childers\DownloadsMicrosoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal==================== Processes (Whitelisted) ===================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corporation) C:\Windows\system32\SLsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Windstream) C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe(Radialpoint SafeCare Inc.) C:\Program Files\Windstream\Service Agent\ServicepointService.exe(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe(Windstream) C:\Program Files\Windstream\Service Agent\Windstream Service Agent.exe(Windstream) C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe() C:\Program Files\AVG SafeGuard toolbar\vprot.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe(Radialpoint SafeCare Inc.) C:\Program Files\Windstream\Service Agent\Windstream Service AgentComHandler.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe(Farbar) C:\Users\Childers\Downloads\FRST(1).exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6724128 2009-02-04] (Realtek Semiconductor)HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-02-04] (Realtek Semiconductor Corp.)HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [Windstream Service Agent.exe] "C:\Program Files\Windstream\Service Agent\Windstream Service Agent.exe" /AUTORUN [10204472 2011-10-14] (Windstream)HKLM\...\Run: [DiagnosticTools.exe] "C:\Program Files\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN [2037048 2011-04-25] (Windstream)HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [295512 2013-06-18] (RealNetworks, Inc.)HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [2236080 2013-07-02] ()HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)HKCU\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)HKCR\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Childers\AppData\Local\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\n. ATTENTION! ====> ZeroAccess?MountPoints2: {057fec05-4f73-11e1-b7b8-00248ceaed57} - G:\setup.exe -aHKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndtHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndtHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndtURLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No FileHKLM SearchScopes: DefaultScope {9ED16721-0CF0-4F0B-ADF3-B59DBCC5BF56} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {4B9121C7-5A1E-417F-B2A3-4FFD6B564AA3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKLM - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm003YYus&ptb=3B0C7588-A2B7-4114-8DF8-5CF67B8E341B&psa=&ind=2011110719&ptnrS=YJxdm003YYus&si=CIX_n4nXpawCFY9V7AodbWt6Bw&st=sb&n=77df1d3f&searchfor={searchTerms}SearchScopes: HKLM - {9ED16721-0CF0-4F0B-ADF3-B59DBCC5BF56} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678HKCU SearchScopes: DefaultScope {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm003YYus&ptb=3B0C7588-A2B7-4114-8DF8-5CF67B8E341B&psa=&ind=2011110719&ptnrS=YJxdm003YYus&si=CIX_n4nXpawCFY9V7AodbWt6Bw&st=sb&n=77df1d3f&searchfor={searchTerms}SearchScopes: HKCU - {4B9121C7-5A1E-417F-B2A3-4FFD6B564AA3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdSearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={99B87885-5786-40A6-BDA7-76A2ABC9C42E}&mid=8ed4951bd52247d3a1f5d16dca0e04a4-3039bdf82bf4681e0ccb4c4894851da3f7cba335〈=en&ds=re011&pr=sa&d=2013-07-02 09:58:17&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm003YYus&ptb=3B0C7588-A2B7-4114-8DF8-5CF67B8E341B&psa=&ind=2011110719&ptnrS=YJxdm003YYus&si=CIX_n4nXpawCFY9V7AodbWt6Bw&st=sb&n=77df1d3f&searchfor={searchTerms}SearchScopes: HKCU - {9ED16721-0CF0-4F0B-ADF3-B59DBCC5BF56} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdtSearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678SearchScopes: HKCU - {C1F519E1-2E9A-4F36-8A02-DCF077624E55} URL = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Unit - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Childers\AppData\Local\UnitLayers\temp.dat ()BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)Tcpip\Parameters: [DhcpNameServer] 192.168.254.254FireFox:========FF ProfilePath: C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.defaultFF user.js: detected! => C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\user.jsFF NewTab: about:blankFF SearchEngine: AVG Secure SearchFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files\Windstream\Service Agent\nprpspa.dll (Windstream)FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Childers\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Childers\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Extension: No Name - C:\Users\Childers\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}FF Extension: Unit Layers - C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\Extensions\gnzeaty@tkbgrszrmflnue.comFF Extension: HP Detect - C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}FF Extension: No Name - C:\Users\Childers\AppData\Roaming\Mozilla\Firefox\Profiles\2c1bturb.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpiFF Extension: Unit Layers - C:\Program Files\Mozilla Firefox\extensions\gnzeaty@tkbgrszrmflnue.comFF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11Chrome:=======CHR Extension: (uTorrentBar) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.19.11_0CHR Extension: (YouTube) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Unit Layers) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0CHR Extension: (RealDownloader) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0CHR Extension: (Radialpoint SPD Extension) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0CHR Extension: (Gmail) - C:\Users\Childers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1========================== Services (Whitelisted) =================S2 BITS; c:\windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard)R2 HsdService; C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 npggsvc; C:\Windows\system32\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()R2 ServicepointService; C:\Program Files\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-14] (Radialpoint SafeCare Inc.)R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-07-02] (AVG Secure Search)==================== Drivers (Whitelisted) ====================R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-07-02] (AVG Technologies)S3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [618112 2008-02-13] (PixArt Imaging Inc.)R3 cpuz134; \??\C:\Users\Childers\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-07-02 10:11 - 2013-07-02 10:11 - 00000000 ____D C:\FRST2013-07-02 10:09 - 2013-07-02 10:10 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST(1).exe2013-07-02 09:59 - 2013-07-02 09:59 - 00000000 ____D C:\Users\Childers\AppData\Local\AVG SafeGuard toolbar2013-07-02 09:58 - 2013-07-02 10:07 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar2013-07-02 09:58 - 2013-07-02 09:58 - 00003726 ____A C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar2013-07-02 09:58 - 2013-07-02 09:57 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys2013-07-02 09:56 - 2013-07-02 09:56 - 00726472 ____A (Reimage®) C:\Users\Childers\Downloads\ReimageRepair(1).exe2013-07-02 09:55 - 2013-07-02 09:55 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST.exe2013-07-01 20:17 - 2013-07-01 20:17 - 00688992 ____R (Swearware) C:\Users\Childers\Desktop\dds.com2013-07-01 18:25 - 2013-07-01 18:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Malwarebytes2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-07-01 18:25 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-07-01 18:24 - 2013-07-01 18:24 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(2).exe2013-07-01 18:12 - 2013-07-01 18:12 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Childers\Downloads\mbam-clean-1.60.2.0003.exe2013-06-30 10:17 - 2013-06-30 10:17 - 00000000 ____A C:\Users\Childers\Desktop\New Bitmap Image.bmp2013-06-29 19:45 - 2013-06-29 19:46 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(1).exe2013-06-29 19:38 - 2013-06-29 19:46 - 05731402 ____A C:\Users\Childers\Desktop\Rkill.txt2013-06-29 19:37 - 2013-06-29 19:38 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Childers\Downloads\rkill.com2013-06-26 13:58 - 2013-06-26 13:58 - 00897832 ____A (SetupManager) C:\Users\Childers\Downloads\Extreme_Flash_Player_Setup.exe2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\Local\Google2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Google2013-06-23 12:57 - 2013-06-23 12:57 - 01488280 ____A (Bandoo Media Inc) C:\Users\Childers\Downloads\iLividSetup-r352-n-bc.exe2013-06-23 12:57 - 2013-06-23 12:57 - 00263186 ____A C:\Users\Childers\Desktop\Minecraft.exe2013-06-18 00:23 - 2013-06-18 16:22 - 00000000 ____D C:\Program Files\Optimizer Pro2013-06-18 00:22 - 2013-06-18 00:22 - 00000000 ____D C:\Users\Childers\AppData\Local\UnitLayers2013-06-18 00:21 - 2013-06-18 16:21 - 00000000 ____A C:\END2013-06-18 00:19 - 2013-06-18 00:19 - 00000000 ____D C:\Users\Childers\AppData\Roaming\RealNetworks2013-06-18 00:18 - 2013-06-18 00:18 - 00001031 ____A C:\Users\Public\Desktop\RealPlayer.lnk2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\ProgramData\RealNetworks2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\RealNetworks2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\Common Files\xing shared2013-06-18 00:17 - 2013-06-18 00:19 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Real2013-06-18 00:17 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\Real2013-06-18 00:17 - 2013-06-18 00:17 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll2013-06-18 00:17 - 2013-06-18 00:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll2013-06-18 00:17 - 2013-06-18 00:17 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll2013-06-18 00:17 - 2013-06-18 00:17 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll2013-06-18 00:07 - 2013-06-18 00:19 - 00000000 ____D C:\ProgramData\Real2013-06-18 00:06 - 2013-06-18 00:06 - 00896296 ____A (SetupManager) C:\Users\Childers\Downloads\SnapChat.exe2013-06-05 21:30 - 2013-06-05 21:30 - 00230563 ____A C:\Users\Childers\Downloads\Insurance Doc2013-06-04 19:16 - 2013-06-04 19:16 - 00000000 ____D C:\Users\Childers\AppData\Local\Gameforge4d2013-06-04 19:15 - 2013-06-18 16:19 - 00000000 ____D C:\Program Files\GameforgeLive2013-06-04 19:13 - 2013-06-04 19:15 - 18955920 ____A (Gameforge ) C:\Users\Childers\Downloads\AION_GameforgeLiveSetup_EN.exe==================== One Month Modified Files and Folders ========2013-07-02 10:11 - 2013-07-02 10:11 - 00000000 ____D C:\FRST2013-07-02 10:10 - 2013-07-02 10:09 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST(1).exe2013-07-02 10:07 - 2013-07-02 09:58 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar2013-07-02 10:01 - 2013-05-24 18:31 - 00000162 ____A C:\Windows\Reimage.ini2013-07-02 09:59 - 2013-07-02 09:59 - 00000000 ____D C:\Users\Childers\AppData\Local\AVG SafeGuard toolbar2013-07-02 09:58 - 2013-07-02 09:58 - 00003726 ____A C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search2013-07-02 09:58 - 2013-07-02 09:58 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar2013-07-02 09:57 - 2013-07-02 09:58 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys2013-07-02 09:56 - 2013-07-02 09:56 - 00726472 ____A (Reimage®) C:\Users\Childers\Downloads\ReimageRepair(1).exe2013-07-02 09:55 - 2013-07-02 09:55 - 01372429 ____A (Farbar) C:\Users\Childers\Downloads\FRST.exe2013-07-02 09:54 - 2012-07-28 11:34 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-02 09:52 - 2006-11-02 08:47 - 00004912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-07-02 09:52 - 2006-11-02 08:47 - 00004912 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-07-02 09:48 - 2013-01-10 15:39 - 00000000 ____D C:\ProgramData\Radialpoint2013-07-02 09:43 - 2012-06-22 11:08 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-07-02 09:11 - 2011-03-19 23:19 - 01297060 ____A C:\Windows\WindowsUpdate.log2013-07-02 06:04 - 2013-01-10 15:39 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Radialpoint2013-07-01 21:58 - 2006-11-02 06:33 - 00790826 ____A C:\Windows\System32\PerfStringBackup.INI2013-07-01 21:52 - 2012-07-28 11:34 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-01 21:52 - 2012-04-25 09:59 - 00000000 ____D C:\ProgramData\NVIDIA2013-07-01 21:52 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-07-01 20:17 - 2013-07-01 20:17 - 00688992 ____R (Swearware) C:\Users\Childers\Desktop\dds.com2013-07-01 19:56 - 2011-06-06 20:57 - 00000000 ____D C:\Users\Childers\AppData\Local\Paint.NET2013-07-01 19:46 - 2011-11-05 10:12 - 00000000 ____D C:\Users\Childers\AppData\Roaming\.minecraft2013-07-01 18:25 - 2013-07-01 18:25 - 00000868 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Malwarebytes2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes2013-07-01 18:25 - 2013-07-01 18:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-07-01 18:24 - 2013-07-01 18:24 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(2).exe2013-07-01 18:20 - 2008-01-20 22:47 - 00250634 ____A C:\Windows\PFRO.log2013-07-01 18:18 - 2006-11-02 09:01 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-07-01 18:12 - 2013-07-01 18:12 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Childers\Downloads\mbam-clean-1.60.2.0003.exe2013-06-30 12:09 - 2011-03-20 12:25 - 00000052 ____A C:\Windows\System32\DOErrors.log2013-06-30 10:29 - 2011-03-19 23:25 - 00001356 ____A C:\Users\Childers\AppData\Local\d3d9caps.dat2013-06-30 10:17 - 2013-06-30 10:17 - 00000000 ____A C:\Users\Childers\Desktop\New Bitmap Image.bmp2013-06-29 19:46 - 2013-06-29 19:45 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Childers\Downloads\mbam-setup-1.75.0.1300(1).exe2013-06-29 19:46 - 2013-06-29 19:38 - 05731402 ____A C:\Users\Childers\Desktop\Rkill.txt2013-06-29 19:38 - 2013-06-29 19:37 - 01814144 ____A (Bleeping Computer, LLC) C:\Users\Childers\Downloads\rkill.com2013-06-28 19:13 - 2011-09-25 13:38 - 00000000 ____D C:\Users\Childers\AppData\Local\Unity2013-06-26 13:58 - 2013-06-26 13:58 - 00897832 ____A (SetupManager) C:\Users\Childers\Downloads\Extreme_Flash_Player_Setup.exe2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default\AppData\Local\Google2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle2013-06-23 15:57 - 2013-06-23 15:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Google2013-06-23 12:57 - 2013-06-23 12:57 - 01488280 ____A (Bandoo Media Inc) C:\Users\Childers\Downloads\iLividSetup-r352-n-bc.exe2013-06-23 12:57 - 2013-06-23 12:57 - 00263186 ____A C:\Users\Childers\Desktop\Minecraft.exe2013-06-19 17:00 - 2012-07-28 11:35 - 00001933 ____A C:\Users\Public\Desktop\Google Chrome.lnk2013-06-18 19:39 - 2011-11-22 14:45 - 00000000 ____D C:\Program Files\Common Files\EPSON2013-06-18 19:39 - 2011-11-22 14:44 - 00000000 ____D C:\Program Files\epson2013-06-18 16:22 - 2013-06-18 00:23 - 00000000 ____D C:\Program Files\Optimizer Pro2013-06-18 16:22 - 2008-08-28 13:35 - 00000000 ____D C:\Program Files\CyberLink2013-06-18 16:22 - 2008-08-28 13:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-06-18 16:21 - 2013-06-18 00:21 - 00000000 ____A C:\END2013-06-18 16:19 - 2013-06-04 19:15 - 00000000 ____D C:\Program Files\GameforgeLive2013-06-18 16:04 - 2011-11-22 14:44 - 00000000 ____D C:\ProgramData\EPSON2013-06-18 15:28 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\twain_322013-06-18 15:23 - 2008-08-28 14:11 - 00000000 ___HD C:\hp2013-06-18 00:22 - 2013-06-18 00:22 - 00000000 ____D C:\Users\Childers\AppData\Local\UnitLayers2013-06-18 00:19 - 2013-06-18 00:19 - 00000000 ____D C:\Users\Childers\AppData\Roaming\RealNetworks2013-06-18 00:19 - 2013-06-18 00:17 - 00000000 ____D C:\Users\Childers\AppData\Roaming\Real2013-06-18 00:19 - 2013-06-18 00:07 - 00000000 ____D C:\ProgramData\Real2013-06-18 00:18 - 2013-06-18 00:18 - 00001031 ____A C:\Users\Public\Desktop\RealPlayer.lnk2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\ProgramData\RealNetworks2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\RealNetworks2013-06-18 00:18 - 2013-06-18 00:18 - 00000000 ____D C:\Program Files\Common Files\xing shared2013-06-18 00:18 - 2013-06-18 00:17 - 00000000 ____D C:\Program Files\Real2013-06-18 00:17 - 2013-06-18 00:17 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll2013-06-18 00:17 - 2013-06-18 00:17 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll2013-06-18 00:17 - 2013-06-18 00:17 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll2013-06-18 00:17 - 2013-06-18 00:17 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll2013-06-18 00:17 - 2008-08-28 13:20 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll2013-06-18 00:06 - 2013-06-18 00:06 - 00896296 ____A (SetupManager) C:\Users\Childers\Downloads\SnapChat.exe2013-06-11 14:43 - 2012-06-22 11:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-06-11 14:43 - 2011-05-24 11:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-06-09 12:04 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache2013-06-05 21:30 - 2013-06-05 21:30 - 00230563 ____A C:\Users\Childers\Downloads\Insurance Doc2013-06-04 19:16 - 2013-06-04 19:16 - 00000000 ____D C:\Users\Childers\AppData\Local\Gameforge4d2013-06-04 19:15 - 2013-06-04 19:13 - 18955920 ____A (Gameforge ) C:\Users\Childers\Downloads\AION_GameforgeLiveSetup_EN.exe==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.C:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-07-02 10:05==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2013Ran by Childers at 2013-07-02 10:11:36Running from C:\Users\Childers\DownloadsBoot Mode: Normal============================================================================== Installed Programs =======================Adobe AIR (Version: 3.4.0.2540)Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)Adobe Flash Player 11 Plugin (Version: 11.7.700.224)Adobe Reader X (10.1.7) (Version: 10.1.7)Adobe Shockwave Player 12.0 (Version: 12.0.2.122)Apple Application Support (Version: 2.3)Apple Software Update (Version: 2.1.3.127)AVG SafeGuard toolbar (Version: 15.3.0.11)Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)CyberLink DVD Suite Deluxe (Version: .1707)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDocument Express DjVu Plug-in (Version: 6.1.27549)DrumsUI UpdaterEQ2MAP Updater 1.2.10 (Version: 1.2.10)EverQuest IIGoogle Chrome (Version: 27.0.1453.116)Google Drive (Version: 1.10.4769.632)Google Update Helper (Version: 1.3.21.145)Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2)Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2)HP Active Support Library (Version: 3.1.6.1)HP Customer Feedback (Version: 1.0.0)HP Photosmart Essential 2.5 (Version: 1.03.0000)HP Photosmart Essential 3.0 (Version: 3.0)HP Product Detection (Version: 11.14.0001)HP Recovery Manager RSS (Version: 84.0.0.7)HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)HPTCSSetup (Version: 1.0.964.2626)Index.Dat Viewer 3 (Version: 3)InstallIQ Updater (Version: 1.4.3.0)Java 7 Update 21 (Version: 7.0.210)Java Auto Updater (Version: 2.1.9.5)Java SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)Legends of Norrath (Version: 1.00.000)LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)LightScribeTemplateLabeler (Version: 1.10.23.1)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Interactive TrainingMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)Microsoft Office Home and Student 60 day trialMicrosoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Silverlight (Version: 4.1.10329.0)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Works (Version: 9.7.0621)Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)Mozilla Maintenance Service (Version: 21.0)muvee autoProducer 6.1 (Version: 6.10.050)My HP Games (Version: 1.0.0.52)NVIDIA 3D Vision Controller Driver (Version: 270.61)NVIDIA 3D Vision Controller Driver 310.70 (Version: 310.70)NVIDIA 3D Vision Driver 310.70 (Version: 310.70)NVIDIA Control Panel 310.70 (Version: 310.70)NVIDIA Graphics Driver 310.70 (Version: 310.70)NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)NVIDIA Install Application (Version: 2.1002.95.599)NVIDIA PhysX (Version: 9.12.1031)NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1070)NVIDIA Update 1.11.3 (Version: 1.11.3)NVIDIA Update Components (Version: 1.11.3)Paint.NET v3.5.10 (Version: 3.60.0)PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50)PowerDirector (Version: 6.5.2926)PSSWCORE (Version: 2.03.0000)PVSonyDll (Version: 1.00.0001)Python 2.5.2 (Version: 2.5.2150)QuickTime (Version: 7.74.80.86)Radialpoint Security Advisor 2.5.15 (Version: 2.5.15)Radialpoint Servicepoint Dashboard Extensions version 13.5.24.31336 (Version: 13.5.24.31336)RealDownloader (Version: 1.3.2)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)RealPlayer (Version: 16.0.2)Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)Realtek High Definition Audio Driver (Version: 6.0.1.5783)RealUpgrade 1.1 (Version: 1.1.0)swMSM (Version: 12.0.0.1)System Requirements LabUnit Layers (HKCU Version: 9.0)Unity Web Player (HKCU Version: )Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553385) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597091) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionVentrilo Client (Version: 3.0.8)VideoToolkit01 (Version: 110.0.171.000)Volume Activation Management Tool 2.0 (Version: 2.0.67.0)Windstream Diagnostic Tools 3.0.21 (Version: 3.0.21)Windstream Service Agent 4.1.15 (Version: 4.1.15)Wizard101 (Version: 1.0.0)Xvid Video Codec (Version: 1.3.1)==================== Restore Points =========================20-06-2013 04:02:01 Scheduled Checkpoint21-06-2013 09:11:08 Scheduled Checkpoint22-06-2013 11:59:28 Scheduled Checkpoint23-06-2013 08:11:13 Scheduled Checkpoint24-06-2013 04:00:07 Scheduled Checkpoint25-06-2013 05:21:04 Scheduled Checkpoint26-06-2013 10:29:28 Scheduled Checkpoint27-06-2013 04:00:07 Scheduled Checkpoint28-06-2013 07:12:53 Scheduled Checkpoint29-06-2013 06:05:34 Scheduled Checkpoint30-06-2013 22:28:54 Scheduled Checkpoint01-07-2013 16:05:29 Scheduled Checkpoint==================== Scheduled Tasks (whitelisted) =============Task: {09007F27-BA98-4842-A3E7-F9D3C0B26191} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-686091513-615678447-1333749661-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {23E7C59C-5CB6-4699-B350-0D34D024B4C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {46FD6195-9ADF-4C3B-B279-E7454550B5D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {55637B36-05D7-4351-B485-349708EBCD2B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)Task: {69F794C5-92BB-4399-BED8-513DD05CD967} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-686091513-615678447-1333749661-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)Task: {75DCED51-1B8F-4A2C-A787-371A849EC120} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()Task: {8B9806B8-5C3D-4582-BB06-925B9C365D92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)Task: {9A8292CB-4C76-4284-8764-F367CADE3B1B} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)Task: {A95BA942-4803-43D7-8DA6-90804FDC5B59} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard)Task: {BF1C2293-CF3E-4494-A31A-7F8EC39A152E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-28] (Google Inc.)Task: {DB78C0CF-5D73-420D-90EF-B4E0CA6DFDF2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe==================== Faulty Device Manager Devices =============Name: SM Bus ControllerDescription: SM Bus ControllerClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (07/02/2013 06:19:03 AM) (Source: Application Error) (User: )Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16446, time stamp 0x4fb58407, exception code 0xc0000005, fault offset 0x0040028f,process id 0x9a0, application start time 0xsvchost.exe0.Error: (07/01/2013 09:54:11 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/01/2013 09:52:59 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/01/2013 09:52:59 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/01/2013 08:40:46 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/01/2013 08:40:46 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (07/01/2013 08:40:45 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/01/2013 08:39:44 PM) (Source: EventSystem) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043cError: (07/01/2013 08:36:52 PM) (Source: Application Hang) (User: )Description: The program dds.com version 2012.11.20.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.Process ID: 1390Start Time: 01ce76b9af9451e5Termination Time: 2Error: (07/01/2013 06:21:45 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (07/02/2013 09:59:36 AM) (Source: Service Control Manager) (User: )Description: Reimage Real Time ProtectionError: (07/02/2013 06:14:58 AM) (Source: Schannel) (User: )Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.Error: (07/02/2013 05:42:09 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Error: (07/02/2013 05:41:38 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Error: (07/02/2013 05:41:08 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Error: (07/02/2013 05:40:38 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Error: (07/02/2013 05:40:08 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Error: (07/02/2013 05:39:38 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Error: (07/02/2013 05:39:07 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Error: (07/02/2013 05:38:37 AM) (Source: Service Control Manager) (User: )Description: BITS%%2Microsoft Office Sessions:=========================Error: (07/02/2013 06:19:03 AM) (Source: Application Error)(User: )Description: svchost.exe6.0.6001.1800047918b89mshtml.dll9.0.8112.164464fb58407c00000050040028f9a001ce770b20ec7a7bError: (07/01/2013 09:54:11 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/01/2013 09:52:59 PM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exeError: (07/01/2013 09:52:59 PM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exeError: (07/01/2013 08:40:46 PM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exeError: (07/01/2013 08:40:46 PM) (Source: SideBySide)(User: )Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exeError: (07/01/2013 08:40:45 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (07/01/2013 08:39:44 PM) (Source: EventSystem)(User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043cError: (07/01/2013 08:36:52 PM) (Source: Application Hang)(User: )Description: dds.com2012.11.20.1139001ce76b9af9451e52Error: (07/01/2013 06:21:45 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003CodeIntegrity Errors:=================================== Date: 2011-10-24 09:57:20.499 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:57:20.405 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:57:20.327 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:57:20.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klmouflt.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:57:20.093 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:57:20.015 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:57:19.922 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:57:19.828 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:56:23.074 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system. Date: 2011-10-24 09:56:22.981 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\KLIFX86\klif.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 44%Total physical RAM: 3582.19 MBAvailable physical RAM: 1979.68 MBTotal Pagefile: 7408.07 MBAvailable Pagefile: 5695.2 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1909.49 MB==================== Drives ================================Drive c: (HP) (Fixed) (Total:286.55 GB) (Free:85.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.54 GB) (Free:1.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 2, 2013 Staff ID:697906 Share Posted July 2, 2013 Hello Telesha Ok lets see if we can find a replacement for the infected file Boot back into the recovery Environment and run FRST like you did before Type the following in the edit box after "Search:". services.exe It then should look like: Search: services.exe Click Search button and post the log (Search.txt) it makes to your reply. Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 5, 2013 Staff ID:698979 Share Posted July 5, 2013 Hello 48 Hour bump It has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Telesha Posted July 5, 2013 Author ID:699141 Share Posted July 5, 2013 Yes, I have tried to do exactly as you said, but the FRST program freezes when after I hit search. I tried a few different times and gave it time to run through, but to no avail. I work alot, so I am only on the computer a little while at a time every day. What should I do next? Thanks! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 5, 2013 Staff ID:699201 Share Posted July 5, 2013 HelloI would like to run this next to search for some files on the computer.SystemLook:Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::filefindservices.exeClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txtGringo Link to post Share on other sites More sharing options...
Telesha Posted July 7, 2013 Author ID:699844 Share Posted July 7, 2013 How long should it take to scan? It has been scanning for a long while now. I wonder if it, too, has frozen? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 8, 2013 Staff ID:699940 Share Posted July 8, 2013 Did it finish the scan? If not try in safe mode. Boot into Safe Mode Reboot your computer in Safe Mode.If the computer is running, shut down Windows, and then turn off the power.Wait 30 seconds, and then turn the computer on.Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.Ensure that the Safe Mode option is selected.Press Enter. The computer then begins to start in Safe mode.Login on your usual account. Link to post Share on other sites More sharing options...
Telesha Posted July 8, 2013 Author ID:700387 Share Posted July 8, 2013 Ok, tried in safe mode and it just scans and scans and scans and scans with no outcome. It doesn't freeze because I can exit off easily. But nothing happens for hours. Just continues scanning. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 9, 2013 Staff ID:700465 Share Posted July 9, 2013 Hello Telesha I Would like you to do the following. Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Run Combofix: You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here< Combofix may need to reboot your computer more than once to do its job this is normal. You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1 Link 2 Link 3 1. Close any open browsers or any other programs that are open. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer "information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
Telesha Posted July 9, 2013 Author ID:700717 Share Posted July 9, 2013 Ok, I downloaded and ran the program and the first time it ran all the way through and finished, but no log was produced. The thing just finished and closed. So I tried to rerun the program and I had a couple of error messages so I restarted the computer. Ran again, but it froze half way through. I restarted and reran again, but it froze again. And again on a fourth try. I will try a few more times while awaiting your reply as it ran the first time, so it should run again. But if you don't see another reply after this, it was to no avail and I am awaiting my next instruction. Link to post Share on other sites More sharing options...
Telesha Posted July 9, 2013 Author ID:700720 Share Posted July 9, 2013 Ok, so it ran all the way through again, but it is not producing any report. Just finishing and closing. Is there somewhere I might find this report? Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 10, 2013 Staff ID:700924 Share Posted July 10, 2013 Hello Telesha I would like you to try and run these next. TDSSKiller Please download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Put a checkmark beside loaded modules.A reboot will be needed to apply the changes. Do it.TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.Then click on Change parameters in TDSSKiller.Check all boxes then click OK.Click the Start Scan button.The scan should take no longer than 2 minutes.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan resultsEnsure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here. Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it If the forum still complains about it being to long send me everything that is at the end of the report after where it says ================== Scan finished ==================and I will see if I want to see the whole report --RogueKiller-- Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.the scan will make two reports the one I would like to see is called RKreport[2].txt on your DesktopExit/Close RogueKiller+send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time. Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 12, 2013 Staff ID:701985 Share Posted July 12, 2013 Hello 48 Hour bump It has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
Telesha Posted July 12, 2013 Author ID:702047 Share Posted July 12, 2013 I am on roguekiller right now, waiting for it to "delete". It has been "deleting" for about a half an hour, there were only five infections found from the scan. I will let it go for a little while longer. I do have the TDSSKILLER report so I will attach it in this reply and I will do another reply for the roguekiller report once it finishes if it does at all. TDSSKiller.2.8.16.0_12.07.2013_12.30.44_log.txt Link to post Share on other sites More sharing options...
Telesha Posted July 12, 2013 Author ID:702061 Share Posted July 12, 2013 Ok, so it just kept deleting and nothing was happening, and it wouldn't let me exit, so I think it froze. I restarted the computer, ran another scan and just hit report. It looked like it had actually deleted everything the first time,just never finished the process. I am trying to run malwarebytes again to see if it will clean everything up. I will update and let you know what happens next. I am heading to work, so it will be tomorrow probably. Thanks! Oh, here is the report from Roguekiller after the second scan. RogueKiller V8.6.2 [Jul 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Childers [Admin rights]Mode : Scan -- Date : 07/12/2013 13:37:39| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][Folder] U : C:\WINDOWS\Installer\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\U [-] --> FOUND[ZeroAccess][Folder] U : C:\Users\Childers\AppData\Local\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\U [-] --> FOUND[ZeroAccess][Folder] L : C:\WINDOWS\Installer\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\L [-] --> FOUND[ZeroAccess][Folder] L : C:\Users\Childers\AppData\Local\{84e54e5a-1780-a930-6890-2ceaaa40bc93}\L [-] --> FOUND¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost::1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD3200AAJS-65B4A0 ATA Device +++++--- User ---[MBR] fa6b5ad83bc8c62c2ce3f009019015fb[bSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 293429 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600944400 | Size: 11812 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_07122013_133739.txt >>RKreport[0]_S_07122013_124427.txt;RKreport[0]_S_07122013_131651.txt Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 12, 2013 Staff ID:702157 Share Posted July 12, 2013 Hello Telesha Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan. Boot into Safe Mode Reboot your computer in Safe Mode.If the computer is running, shut down Windows, and then turn off the power.Wait 30 seconds, and then turn the computer on.Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.Ensure that the Safe Mode option is selected.Press Enter. The computer then begins to start in Safe mode.Login on your usual account.after combofix has finished its scan please post the report back here. Gringo Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16, 2013 Root Admin ID:703390 Share Posted July 16, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts