Jump to content

Trojan.Zaccess keeps being detected by MBAM


Recommended Posts

MBAM keeps detecting trojan.zaccess even though it says it has successfully deleted. Please help to remove this.

 

Farbar Results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013
Ran by Linda (administrator) on LINDA-PC on 08-09-2013 12:44:47
Running from C:\Users\Linda\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Affinegy, Inc.) C:\Program Files (x86)\Bresnan\DigiDo\AffinegyService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(ParentsOnPatrol) c:\McGruffSafeGuard\driver\wuaudt .exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncclipboard.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - -
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\AutorunsDisabled: 
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-07] (Google Inc.)
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update*] -  <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Event Agent] - c:\McGruffSafeGuard\bin\smss .exe [742400 2011-12-05] ()
HKLM-x32\...\Run: [EMET Notifier] - C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [2796576 2012-11-09] (Fitbit, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [CCLite] - c:\McGruffSafeGuard\ea.exe [61040 2011-09-06] (ms)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 127.0.0.1:9666
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {62BF0546-F880-44F7-A74F-8DB2F8C7CD41} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll (Symantec Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\Windows\system32\eventagentpc.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\eventagentpc.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\eventagentpc.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\eventagentpc.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 C:\Windows\system32\eventagentpc.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)
Winsock: Catalog9-x64 02 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)
Winsock: Catalog9-x64 03 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)
Winsock: Catalog9-x64 04 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 15 C:\Windows\system32\eventagentpc64.dll [429168] (ParentsOnPatrol)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: (McAfee) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
 
==================== Services (Whitelisted) =================
 
R2 AffinegyService; C:\Program Files (x86)\Bresnan\DigiDo\AffinegyService.exe [586608 2011-02-21] (Affinegy, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1200160 2012-11-09] (Fitbit, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-26] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation)
S2 System Event Agent; c:\McGruffSafeGuard\bin\spoolsv .exe [372336 2011-07-11] ()
R3 System Event Audit; c:\McGruffSafeGuard\driver\wuaudt .exe [3386992 2011-09-06] (ParentsOnPatrol)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-03-04] (RealVNC Ltd)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}\   \...\???\{30670d85-f9bb-3b53-459a-0a56e2b953a2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-10-03] (support.com, Inc)
U3 mfeavfk01; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-08 12:43 - 2013-09-08 12:43 - 01948988 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2013-09-08 11:26 - 2013-09-08 11:26 - 00000000 ____D C:\Program Files\RealVNC
2013-09-08 11:26 - 2013-03-04 12:55 - 00037704 _____ (RealVNC Ltd) C:\Windows\system32\VNCpm.dll
2013-09-08 11:26 - 2013-03-04 12:55 - 00026112 _____ (RealVNC Ltd.) C:\Windows\system32\vncmirror.dll
2013-09-08 11:26 - 2013-03-04 12:55 - 00004608 _____ (RealVNC Ltd.) C:\Windows\system32\Drivers\vncmirror.sys
2013-09-08 11:24 - 2013-09-08 11:25 - 07189288 _____ (RealVNC Ltd                                                 ) C:\Users\Linda\Downloads\VNC-5.0.5-Windows.exe
2013-09-08 08:52 - 2013-09-08 08:52 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-08 08:52 - 2013-09-08 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 08:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-08 08:50 - 2013-09-08 08:51 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 12:04 - 2013-08-20 12:04 - 01194600 _____ C:\Windows\Minidump\082013-12604-01.dmp
2013-08-18 13:22 - 2013-08-18 13:22 - 01215688 _____ C:\Windows\Minidump\081813-12480-01.dmp
2013-08-15 19:53 - 2013-08-20 12:04 - 540653039 _____ C:\Windows\MEMORY.DMP
2013-08-15 19:53 - 2013-08-20 12:04 - 00000000 ____D C:\Windows\Minidump
2013-08-15 19:53 - 2013-08-15 19:53 - 01229792 _____ C:\Windows\Minidump\081513-15256-01.dmp
2013-08-14 18:12 - 2013-07-25 23:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 18:12 - 2013-07-25 23:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 18:12 - 2013-07-25 23:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 18:12 - 2013-07-25 23:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 18:12 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 18:12 - 2013-07-25 21:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 18:12 - 2013-07-25 21:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 18:12 - 2013-07-25 21:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 18:12 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 18:12 - 2013-07-25 21:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 18:12 - 2013-07-25 21:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 18:12 - 2013-07-25 20:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 18:12 - 2013-07-25 20:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 18:12 - 2013-07-25 19:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 18:07 - 2013-08-14 18:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 17:30 - 2013-07-08 23:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 17:30 - 2013-07-08 23:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 17:30 - 2013-07-08 23:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 17:30 - 2013-07-08 23:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 17:30 - 2013-07-08 22:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 17:30 - 2013-07-08 22:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 17:30 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 17:30 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 17:25 - 2013-07-25 03:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 17:25 - 2013-07-25 02:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 17:25 - 2013-07-18 19:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 17:25 - 2013-07-18 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 17:25 - 2013-07-09 00:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 17:25 - 2013-07-08 23:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 17:25 - 2013-07-08 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 17:25 - 2013-07-08 23:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 17:25 - 2013-07-08 23:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 17:25 - 2013-07-08 23:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 17:25 - 2013-07-08 22:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 17:25 - 2013-07-08 22:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 17:25 - 2013-07-08 22:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 17:25 - 2013-07-08 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 17:25 - 2013-07-08 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 17:25 - 2013-07-08 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 17:25 - 2013-07-08 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 17:25 - 2013-07-06 00:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 17:25 - 2013-06-14 22:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-09 22:13 - 2013-08-09 22:13 - 00000000 ____D C:\Users\Linda\AppData\Local\{1FCB3537-729E-4801-A379-63C357C55CB2}
 
==================== One Month Modified Files and Folders =======
 
2013-09-08 12:44 - 2013-09-08 12:44 - 00000000 ____D C:\FRST
2013-09-08 12:43 - 2013-09-08 12:43 - 01948988 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2013-09-08 12:43 - 2012-02-28 21:09 - 00000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-09-08 12:02 - 2011-09-07 21:00 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-08 11:55 - 2012-04-07 11:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-08 11:27 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 11:27 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 11:26 - 2013-09-08 11:26 - 00000000 ____D C:\Program Files\RealVNC
2013-09-08 11:25 - 2013-09-08 11:24 - 07189288 _____ (RealVNC Ltd                                                 ) C:\Users\Linda\Downloads\VNC-5.0.5-Windows.exe
2013-09-08 11:25 - 2013-03-08 00:10 - 00001790 _____ C:\Users\Public\Desktop\McAfee Security Center.lnk
2013-09-08 11:21 - 2011-09-07 21:00 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-08 11:21 - 2011-07-23 08:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-08 11:21 - 2011-07-23 08:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-08 11:21 - 2011-07-23 08:05 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-08 11:20 - 2012-12-01 19:29 - 00027274 _____ C:\Windows\setupact.log
2013-09-08 11:20 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-08 09:52 - 2013-03-08 00:08 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-09-08 09:52 - 2012-12-13 15:51 - 00119442 _____ C:\Windows\PFRO.log
2013-09-08 08:52 - 2013-09-08 08:52 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-08 08:52 - 2013-09-08 08:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-08 08:51 - 2013-09-08 08:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-08 08:49 - 2011-07-23 08:20 - 00000000 ____D C:\ProgramData\Sonic
2013-09-02 20:04 - 2013-03-08 00:08 - 00000000 ____D C:\Program Files\McAfee
2013-09-02 20:02 - 2011-07-23 08:00 - 01238334 _____ C:\Windows\WindowsUpdate.log
2013-08-20 12:04 - 2013-08-20 12:04 - 01194600 _____ C:\Windows\Minidump\082013-12604-01.dmp
2013-08-20 12:04 - 2013-08-15 19:53 - 540653039 _____ C:\Windows\MEMORY.DMP
2013-08-20 12:04 - 2013-08-15 19:53 - 00000000 ____D C:\Windows\Minidump
2013-08-18 13:22 - 2013-08-18 13:22 - 01215688 _____ C:\Windows\Minidump\081813-12480-01.dmp
2013-08-15 19:53 - 2013-08-15 19:53 - 01229792 _____ C:\Windows\Minidump\081513-15256-01.dmp
2013-08-15 17:56 - 2011-09-07 21:00 - 00000000 ____D C:\Users\Linda\AppData\Local\Google
2013-08-15 12:12 - 2011-09-07 20:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-15 11:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 18:11 - 2009-07-13 23:13 - 00798186 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 18:09 - 2013-08-14 18:07 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 18:07 - 2011-09-12 16:52 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-09 22:17 - 2013-07-22 12:29 - 00000000 ____D C:\Users\Linda\Desktop\mission pics
2013-08-09 22:13 - 2013-08-09 22:13 - 00000000 ____D C:\Users\Linda\AppData\Local\{1FCB3537-729E-4801-A379-63C357C55CB2}
2013-08-09 22:08 - 2013-07-30 09:03 - 00000000 ____D C:\Users\Linda\Desktop\Linda's mission pix
2013-08-09 21:54 - 2013-04-13 15:00 - 00000000 ____D C:\Users\Linda\Desktop\Jones service
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\Linda\AppData\Local\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-09-08 11:15
 
==================== End Of Log ============================
 
 
 
Addition.txt results:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2013
Ran by Linda at 2013-09-08 12:45:30
Running from C:\Users\Linda\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17)
Angry Birds (x32 Version: 3.0.0)
Angry Birds Seasons (x32 Version: 2.4.1)
Angry Birds Space (x32 Version: 1.4.1)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.1.361.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Bonjour (Version: 2.0.0.34)
Bounce Symphony (x32 Version: 2.2.0.95)
BufferChm (x32 Version: 140.0.212.000)
Build-a-lot 2 (x32 Version: 2.2.0.95)
C310 (x32 Version: 140.0.304.000)
Cake Mania (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Conexant HD Audio (Version: 8.50.4.0)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Marketplace Webslice IE8 (x32 Version: 8.0)
Dell MusicStage (x32 Version: 1.5.201.0)
Dell PhotoStage (x32 Version: 1.5.0.65)
Dell Stage (x32 Version: 1.7.209.0)
Dell VideoStage  (x32 Version: 1.2.0.1712)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DigiDo (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DirectX 9 Runtime (x32 Version: 1.00.0000)
Dora's World Adventure (x32 Version: 2.2.0.95)
eaner (Version: 3.25)
eBay (x32 Version: 1.4.0)
EMET (x32 Version: 3.0.0)
Escape Whisper Valley (x32 Version: 2.2.0.95)
Farm Frenzy (x32 Version: 2.2.0.95)
Farm Frenzy (x32)
FATE (x32 Version: 2.2.0.95)
Final Drive Fury (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
Fitbit Connect (x32 Version: 1.0.0.2292)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
GoToAssist 8.0.0.514 (x32)
GoToMeeting 4.8.0.723 (HKCU Version: 4.8.0.723)
GPBaseService2 (x32 Version: 140.0.211.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.11352)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.005.000.002)
HPAppStudio (x32 Version: 140.0.95.000)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Internet Explorer (x32 Version: 8)
Java Auto Updater (x32 Version: 2.0.6.1)
Java 6 Update 24 (64-bit) (Version: 6.0.240)
Java 6 Update 30 (x32 Version: 6.0.300)
Jewel Quest (x32 Version: 2.2.0.95)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
JumpStart Artist (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Luxor (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Math Missions Grades K-2 (x32)
McAfee SecurityCenter (x32 Version: 11.6.511)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Norton Safe Web Lite (x32 Version: 1.2.0.7)
OverDrive Media Console (x32 Version: 3.2.20)
Penguins! (x32 Version: 2.2.0.95)
PhotoShowExpress (x32 Version: 2.0.063)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000)
QuickTime (x32 Version: 7.73.80.64)
QuickTransfer (x32 Version: 140.0.98.000)
RBVirtualFolder64Inst (Version: 1.00.0000)
Reading Blaster Ages 4-6 (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Samantha Swift (x32 Version: 2.2.0.95)
Scan (x32 Version: 140.0.80.000)
Schooltown Launcher (x32 Version: 1.00.08.07.22)
Shared C Run-time for x64 (Version: 10.0.0)
Shockwave (x32)
Shop for HP Supplies (Version: 14.0)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 5.10 (x32 Version: 5.10.116)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.214.000)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Status (x32 Version: 140.0.256.000)
swMSM (x32 Version: 12.0.0.1)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
TrustedID (x32 Version: 5.0)
Typing Quick & Easy (x32 Version: 17.0)
Unity Web Player (x32 Version: 2.1.0f5_16147)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
VNC Mirror Driver 1.8.0 (Version: 1.8.0)
VNC Printer Driver 1.8.0 (Version: 1.8.0)
VNC Server 5.0.5 (Version: 5.0.5)
WebReg (x32 Version: 140.0.212.017)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)
 
==================== Restore Points  =========================
 
19-07-2013 12:43:17 Scheduled Checkpoint
27-07-2013 01:20:46 Scheduled Checkpoint
03-08-2013 12:55:00 Scheduled Checkpoint
10-08-2013 18:16:43 Scheduled Checkpoint
15-08-2013 00:06:57 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {16ED777F-4B62-4C42-82D8-D545A5807BA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-02] (Adobe Systems Incorporated)
Task: {2EC8D4CC-4A28-4B92-9C47-2C384E2061A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {33ACF680-1D3F-4433-ABCC-3F83699AC709} - System32\Tasks\WPD\SqmUpload_S-1-5-21-919036067-3736366667-2788334649-1003 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {510EB980-20BD-46F1-9EB1-A768B8A3EF0E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {78D1EAB0-9A67-487E-A4D3-72DB6D983EC5} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-12-03] ()
Task: {AED4B2AD-6C25-4B8C-B0A8-CDFD68238C7E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {AEE0C2A0-50FE-45AF-B178-D1C139417B29} - System32\Tasks\User_Feed_Synchronization-{6DCB4E77-A9FA-4C6E-A99E-BB94184238E0} => C:\Windows\system32\msfeedssync.exe [2013-02-26] (Microsoft Corporation)
Task: {C9DD2EB8-BCFA-444F-8FA8-63FEED73E3AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6D6E35D-4974-484D-903A-BCD97C9260F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07] (Google Inc.)
Task: {F312BA45-F19C-4716-8A09-7AF83C9FFD02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07] (Google Inc.)
Task: {F80FFA99-3681-4A4B-8060-428CF61468D6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-03 19:02 - 2013-07-03 19:02 - 00261744 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
2013-07-03 19:02 - 2013-07-03 19:02 - 00661448 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\MSVCP110.dll
2013-07-03 19:02 - 2013-07-03 19:02 - 00828872 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\MSVCR110.dll
2012-12-14 03:42 - 2012-12-14 03:42 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2011-07-23 09:34 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-09 14:25 - 2012-05-09 14:25 - 01815552 _____ (Developer Express Inc.) C:\Program Files (x86)\EMET\DevExpress.XtraBars.v10.1.dll
2012-05-09 14:25 - 2012-05-09 14:25 - 02921984 _____ (Developer Express Inc.) C:\Program Files (x86)\EMET\DevExpress.Utils.v10.1.dll
2012-05-09 14:25 - 2012-05-09 14:25 - 02460160 _____ (Developer Express Inc.) C:\Program Files (x86)\EMET\DevExpress.Data.v10.1.dll
2012-02-24 11:09 - 2011-09-06 10:53 - 00429168 _____ (ParentsOnPatrol) C:\Windows\system32\eventagentpc64.dll
2011-12-06 18:25 - 2011-02-21 14:35 - 00393584 _____ (Affinegy, Inc.) C:\Program Files (x86)\Bresnan\DigiDo\AffIpHelper.dll
2011-12-06 18:25 - 2011-02-21 14:35 - 00139632 _____ (Affinegy, Inc.) C:\Program Files (x86)\Bresnan\DigiDo\AffCrypto.dll
2009-11-18 05:16 - 2009-11-18 05:16 - 00137344 _____ (Hewlett-Packard Co.) c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2009-11-18 05:16 - 2009-11-18 05:16 - 00217728 _____ (Hewlett-Packard Co.) c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2009-11-18 05:16 - 2009-11-18 05:16 - 00253568 _____ (Hewlett-Packard Co.) c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2010-11-20 21:24 - 2010-11-20 21:24 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINSPOOL.DRV
2011-11-16 20:08 - 2010-11-23 20:34 - 00675704 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccL100U.dll
2011-11-16 20:08 - 2010-11-23 20:21 - 00085880 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccVrTrst.dll
2011-11-16 20:08 - 2010-11-23 20:21 - 00140152 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvc.dll
2011-11-16 20:08 - 2010-11-23 20:21 - 00158584 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccIPC.dll
2011-11-16 20:08 - 2010-12-02 20:38 - 00262584 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\DIMASTER.DLL
2011-11-16 20:08 - 2010-11-23 20:21 - 00268664 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSet.dll
2011-11-16 20:08 - 2010-12-16 19:28 - 00273336 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\COSVCNST.DLL
2011-11-16 20:08 - 2010-11-23 20:21 - 00291704 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\CCGEVT.DLL
2011-11-16 20:08 - 2010-11-23 20:21 - 00199544 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccGLog.dll
2011-11-16 20:08 - 2010-11-23 20:21 - 00386936 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON SAFE WEB LITE\ENGINE\1.2.0.7\CCJOBMGR.DLL
2011-11-16 20:08 - 2010-12-02 20:38 - 00293304 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\diStRptr.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 18858496 _____ (Unlimited Realities) C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-07-03 19:02 - 2013-07-03 19:02 - 00222832 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
2013-07-03 19:02 - 2013-07-03 19:02 - 00534480 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCP110.dll
2013-07-03 19:02 - 2013-07-03 19:02 - 00862664 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\MSVCR110.dll
2013-07-03 19:02 - 2013-07-03 19:02 - 00543856 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\Telemetry.dll
2013-07-03 19:02 - 2013-07-03 19:02 - 00039536 _____ (Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\logging.dll
2011-09-06 10:53 - 2011-09-06 10:53 - 00151152 _____ (ParentsOnPatrol) c:\McGruffSafeGuard\driver\EventDLL.dll
2011-09-06 10:53 - 2011-09-06 10:53 - 00302704 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\libnspr4.dll
2011-09-06 10:54 - 2011-09-06 10:54 - 00859248 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\nss3.dll
2011-09-06 10:54 - 2011-09-06 10:54 - 00126064 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\nssutil3.dll
2011-09-06 10:54 - 2011-09-06 10:54 - 00056432 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\libplc4.dll
2011-09-06 10:54 - 2011-09-06 10:54 - 00053872 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\libplds4.dll
2011-09-06 10:54 - 2011-09-06 10:54 - 00142960 _____ (Mozilla Foundation) c:\McGruffSafeGuard\driver\smime3.dll
2013-09-08 08:52 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-09-08 08:52 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\Users\Linda\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Linda\Documents\Thumbs.db:encryptable
 
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2013 11:30:51 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (09/08/2013 11:30:20 AM) (Source: VNC Server) (User: )
Description: SDisplay: VNC Mirror Driver missing or unsupported on this platform
 
Error: (09/08/2013 11:29:43 AM) (Source: VNC Server) (User: )
Description: SDisplay: VNC Mirror Driver missing or unsupported on this platform
 
Error: (09/08/2013 11:28:57 AM) (Source: VNC Server) (User: )
Description: SConnection: AuthFailureException: Either the username was not recognised, or the password was incorrect
 
Error: (09/08/2013 11:26:56 AM) (Source: VNC Server) (User: )
Description: VncServerLicenseManager: No license installed
 
Error: (09/08/2013 11:26:56 AM) (Source: VNC Server) (User: )
Description: VncServerLicenseManager: No license installed
 
Error: (09/08/2013 11:22:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2013 10:03:00 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (09/08/2013 09:54:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2013 09:10:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/08/2013 11:22:59 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (09/08/2013 11:22:59 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (09/08/2013 11:22:51 AM) (Source: Service Control Manager) (User: )
Description: The System Event Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/08/2013 11:22:42 AM) (Source: Service Control Manager) (User: )
Description: The System Event Audit service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/08/2013 11:21:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (09/08/2013 11:20:35 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (09/08/2013 11:20:34 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (09/08/2013 11:20:34 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (09/08/2013 11:20:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (09/08/2013 09:55:07 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
 
Microsoft Office Sessions:
=========================
Error: (09/08/2013 11:30:51 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (09/08/2013 11:30:20 AM) (Source: VNC Server)(User: )
Description: SDisplayVNC Mirror Driver missing or unsupported on this platform
 
Error: (09/08/2013 11:29:43 AM) (Source: VNC Server)(User: )
Description: SDisplayVNC Mirror Driver missing or unsupported on this platform
 
Error: (09/08/2013 11:28:57 AM) (Source: VNC Server)(User: )
Description: SConnectionAuthFailureException: Either the username was not recognised, or the password was incorrect
 
Error: (09/08/2013 11:26:56 AM) (Source: VNC Server)(User: )
Description: VncServerLicenseManagerNo license installed
 
Error: (09/08/2013 11:26:56 AM) (Source: VNC Server)(User: )
Description: VncServerLicenseManagerNo license installed
 
Error: (09/08/2013 11:22:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2013 10:03:00 AM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (09/08/2013 09:54:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2013 09:10:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-08 11:27:00.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 11:27:00.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 11:27:00.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 09:58:36.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 09:58:36.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 09:58:36.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 09:11:57.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 09:11:57.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-08 09:11:57.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 6056.63 MB
Available physical RAM: 4135.14 MB
Total Pagefile: 12111.44 MB
Available Pagefile: 9865.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:854.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: B76748FB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Please read the following information first.

 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Results of Fixlist:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2013
Ran by Linda at 2013-09-08 13:26:00 Run:1
Running from C:\Users\Linda\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] -  
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}\   \...\???\{30670d85-f9bb-3b53-459a-0a56e2b953a2}\GoogleUpdate.exe" 
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Linda\AppData\Local\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}
C:\Program Files (x86)\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2}
 
 
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
*etadpug => Service deleted successfully.
C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
C:\Users\Linda\AppData\Local\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2} => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install\{30670d85-f9bb-3b53-459a-0a56e2b953a2} => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

McAfee Security Center has been running on this PC should it have protected against this?

It's only part of the protection.

 

---------------

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

MrC

Link to post
Share on other sites

RogueKiller V8.6.9 _x64_ [sep  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Linda [Admin rights]

Mode : Scan -- Date : 09/08/2013 14:50:18

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 7 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:9666) -> FOUND

[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][Folder] Install : C:\Users\Linda\AppData\Local\Google\Desktop\Install [-] --> FOUND

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EALX-759BA1 ATA Device +++++

--- User ---

[MBR] 2a03389d6bffa36975cd8185b6b67227

[bSP] a4a946999aaf5c0329b099ac7fc53613 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09082013_145018.txt >>
Link to post
Share on other sites

Run RogueKiller again and click Scan
When the scan completes > click on the Files tab
Put a check next to all of these and uncheck the rest: (if found)
 

[ZeroAccess][Folder] Install : C:\Users\Linda\AppData\Local\Google\Desktop\Install [-] --> FOUND


Now click Delete on the right hand column under Options

-------------

Reboot and run another scan to ensure it's gone.

Then.........

Lets clean out any adware while you're here: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

RogueKiller results are reboot and rescan....

 

RogueKiller V8.6.9 _x64_ [sep  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Linda [Admin rights]

Mode : Scan -- Date : 09/08/2013 15:12:56

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 1 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:9666) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD10EALX-759BA1 ATA Device +++++

--- User ---

[MBR] 2a03389d6bffa36975cd8185b6b67227

[bSP] a4a946999aaf5c0329b099ac7fc53613 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_09082013_151256.txt >>

RKreport[0]_D_09082013_150653.txt;RKreport[0]_S_09082013_145018.txt;RKreport[0]_S_09082013_150618.txt
Link to post
Share on other sites

# AdwCleaner v3.003 - Report created 08/09/2013 at 15:44:02

# Updated 07/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Linda - LINDA-PC

# Running from : C:\Users\Linda\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Trymedia

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1640 octets] - [08/09/2013 15:41:54]

AdwCleaner[s0].txt - [1581 octets] - [08/09/2013 15:44:02]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1641 octets] ##########
Link to post
Share on other sites

Latest MBAM scan.  The PC does seem to be running much better.  

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.08.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Linda :: LINDA-PC [administrator]

 

9/8/2013 3:54:09 PM

mbam-log-2013-09-08 (15-54-09).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 250918

Time elapsed: 4 minute(s), 57 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Great.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

McAfee Anti-Virus and Anti-Spyware   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 30  

 Java version out of Date! 

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

 Google Chrome 28.0.1500.95  

 Google Chrome 29.0.1547.66  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 3% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 30 <---please uninstall from your add/remove programs

Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 25) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------------------------

Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.