zachk

Is My PC Really Clean

20 posts in this topic

Hello,

 

I would like help in making sure this PC is clean.  The scanners do not appear to find anything, but I am suspicious that when I connect it back to the network the virus/trojan will reemerge.

 

I have run the scan as instructed:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688
Run by zach.k at 14:33:36 on 2013-09-18
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3968.2887 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\melissa.b\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Users\melissa.b\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\zach.k\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\zach.k\AppData\Local\Temp\_uninst_86990328.bat
TCP: Interfaces\{5EDA67FF-0F30-4370-B920-A9341B50D0F3} : DHCPNameServer = 10.0.1.11 64.60.0.17 64.60.0.18
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-12-3 92536]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-3 7168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-3 166720]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2012-12-3 1914728]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-3 365376]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-12-3 77824]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-12-3 342528]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-3 683664]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2012-12-3 10752]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-09-18 18:15:24 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE893638-9522-4090-A8A6-C75DFE6F4768}\mpengine.dll
2013-09-17 15:38:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-09-16 23:18:40 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-09-16 17:14:10 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-16 16:28:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-16 16:28:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-13 17:02:55 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2013-09-11 15:31:01 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F84D8EEE-778A-4FA3-BF20-229567014453}\gapaengine.dll
2013-09-11 15:18:18 4038144 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-09-05 20:09:17 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll
2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe
2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys
2013-06-24 22:54:52 447488 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll
.
============= FINISH: 14:33:41.98 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2012 5:56:11 PM
System Uptime: 9/17/2013 10:46:46 AM (28 hours ago)
.
Motherboard: Dell Inc. |  | 0XR1GT      
Processor: Intel® Core i3-3220 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 421.42 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP39: 8/30/2013 9:18:41 AM - Scheduled Checkpoint
RP40: 9/6/2013 12:39:28 PM - Scheduled Checkpoint
RP41: 9/11/2013 8:23:21 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.02)
Conexant SmartAudio HD
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Support Center
Dell Wireless Driver Installation
DSC/AA Factory Installer
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.7 (x86 en-US)
MSVCRT
MSVCRT110
MSVCRT110_amd64
OpenOffice.org 3.4.1
PDFCreator
Photo Common
Photo Gallery
SUPERAntiSpyware
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/18/2013 2:33:07 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
9/16/2013 2:16:50 PM, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume OS. A corruption was found in a file system index structure.  The file reference number is 0x1000000001239.  The name of the file is "\Windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
.
==== End Of File ===========================
 

 

Share this post


Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Share this post


Link to post
Share on other sites

Thank you for helping me out!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013
Ran by melissa.b (ATTENTION: The logged in user is not administrator) on RB-PC-ONT-20D on 18-09-2013 15:01:32
Running from C:\Users\melissa.b\Desktop
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\melissa.b\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Users\melissa.b\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\melissa.b\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-21] (Google Inc.)
HKCU\...\Run: [gueopo] - C:\Users\melissa.b\gueopo.exe /f
HKCU\...\Run: [Ynyq] - C:\Users\melissa.b\AppData\Roaming\Erem\ynyq.exe
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
HKCU\...\Run: [Anli] - C:\Users\melissa.b\AppData\Roaming\Yknaly\anli.exe
HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
Startup: C:\Users\melissa.b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {44CF4D92-C172-4C1B-A559-A1EE6CB01E7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDSJS
SearchScopes: HKLM - {44CF4D92-C172-4C1B-A559-A1EE6CB01E7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDSJS
SearchScopes: HKLM-x32 - DefaultScope {44CF4D92-C172-4C1B-A559-A1EE6CB01E7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDSJS
SearchScopes: HKLM-x32 - {44CF4D92-C172-4C1B-A559-A1EE6CB01E7C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDSJS
SearchScopes: HKCU - DefaultScope {44CF4D92-C172-4C1B-A559-A1EE6CB01E7C} URL = 
SearchScopes: HKCU - {44CF4D92-C172-4C1B-A559-A1EE6CB01E7C} URL = 
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
 
FireFox:
========
FF ProfilePath: C:\Users\melissa.b\AppData\Roaming\Mozilla\Firefox\Profiles\e0mgovmk.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\melissa.b\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\melissa.b\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\melissa.b\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\melissa.b\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\melissa.b\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\melissa.b\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (SaveByclick) - C:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnfipjijjahgcaeoeeabmkmdffophdmc\1_0
CHR Extension: (Gmail) - C:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lnfipjijjahgcaeoeeabmkmdffophdmc] - C:\ProgramData\SaveByclick\lnfipjijjahgcaeoeeabmkmdffophdmc.crx
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-18 15:01 - 2013-09-18 15:01 - 00000000 ____D C:\FRST
2013-09-18 15:00 - 2013-09-18 14:59 - 01950594 _____ (Farbar) C:\Users\melissa.b\Desktop\FRST64.exe
2013-09-18 14:18 - 2013-09-18 14:16 - 00688992 ____R (Swearware) C:\Users\melissa.b\Desktop\dds.scr
2013-09-18 14:18 - 2013-09-18 14:16 - 00688992 ____R (Swearware) C:\Users\melissa.b\Desktop\dds.com
2013-09-17 08:38 - 2013-09-17 08:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-16 16:18 - 2013-09-16 16:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-16 16:17 - 2013-09-16 16:14 - 183971984 _____ C:\Users\melissa.b\Desktop\setup_11.0.1.1245.x01_2013_09_17_00_32.exe
2013-09-16 10:58 - 2013-09-17 08:38 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-09-16 10:31 - 2013-09-16 10:31 - 00000000 ____D C:\Users\melissa.b\AppData\Roaming\Malwarebytes
2013-09-16 09:28 - 2013-09-16 09:32 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-16 09:28 - 2013-09-16 09:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 09:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-16 09:26 - 2013-09-16 09:26 - 00000066 _____ C:\Users\melissa.b\Desktop\notes.txt
2013-09-16 08:36 - 2013-09-16 08:36 - 00000000 ____D C:\Users\melissa.b\Desktop\AntiSpam
2013-09-13 10:02 - 2013-08-06 22:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-12 08:23 - 2013-09-12 08:23 - 00318416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 08:29 - 2013-08-15 22:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-11 08:29 - 2013-08-15 22:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-11 08:29 - 2013-08-15 22:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-11 08:29 - 2013-08-15 22:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-11 08:29 - 2013-08-15 22:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-11 08:29 - 2013-08-15 22:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-11 08:29 - 2013-08-15 22:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-11 08:29 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-11 08:29 - 2013-08-15 22:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-11 08:29 - 2013-08-15 15:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-11 08:29 - 2013-08-15 15:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-11 08:29 - 2013-08-15 15:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-11 08:29 - 2013-08-15 15:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-11 08:25 - 2013-08-20 21:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 08:25 - 2013-08-20 21:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 08:25 - 2013-08-20 21:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 08:25 - 2013-08-20 21:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 08:25 - 2013-08-20 19:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 08:25 - 2013-08-20 19:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 08:25 - 2013-08-20 19:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 08:25 - 2013-08-20 19:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 08:25 - 2013-08-20 19:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 08:25 - 2013-08-20 18:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 08:25 - 2013-08-20 16:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-11 08:20 - 2013-07-09 01:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-09-11 08:20 - 2013-07-08 23:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-09-11 08:20 - 2013-07-08 21:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-09-11 08:20 - 2013-07-08 20:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-09-11 08:20 - 2013-07-08 15:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-09-11 08:20 - 2013-07-08 15:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-09-11 08:20 - 2013-07-08 15:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-09-11 08:20 - 2013-07-08 15:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-09-11 08:20 - 2013-07-05 17:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-09-11 08:20 - 2013-07-02 17:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-09-11 08:20 - 2013-07-02 17:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-11 08:20 - 2013-07-02 17:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-09-11 08:20 - 2013-07-02 17:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-09-11 08:20 - 2013-07-02 17:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-09-11 08:20 - 2013-07-02 17:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-11 08:20 - 2013-07-02 17:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-09-11 08:20 - 2013-07-01 15:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-11 08:20 - 2013-06-30 15:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-09-11 08:20 - 2013-06-30 15:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-09-11 08:20 - 2013-06-28 23:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-09-11 08:20 - 2013-06-28 23:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-09-11 08:20 - 2013-06-28 22:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-09-11 08:20 - 2013-06-28 18:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-09-11 08:20 - 2013-06-25 20:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-09-11 08:20 - 2013-06-24 15:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-09-11 08:20 - 2013-06-24 15:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-09-11 08:20 - 2013-06-24 15:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-09-11 08:20 - 2013-06-18 22:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-09-11 08:20 - 2013-06-18 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-09-11 08:20 - 2013-06-18 15:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-09-11 08:20 - 2013-06-18 15:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-09-11 08:20 - 2013-06-11 16:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-09-11 08:20 - 2013-06-11 16:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-09-11 08:20 - 2013-06-10 14:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-09-11 08:20 - 2013-06-10 12:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-09-11 08:20 - 2013-06-10 12:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-09-11 08:20 - 2013-06-10 12:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-09-11 08:20 - 2013-06-10 12:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-09-11 08:20 - 2013-06-10 12:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-09-11 08:20 - 2013-06-10 12:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-09-11 08:20 - 2013-06-06 01:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-09-11 08:18 - 2013-08-02 21:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-03 12:30 - 2013-09-03 12:30 - 00000824 _____ C:\Users\melissa.b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLARA SouthWare (G).lnk
2013-08-29 08:43 - 2013-09-16 10:39 - 00000519 _____ C:\Users\melissa.b\AppData\Roaming\Microsoft\Windows\Start Menu\SAP NetWeaver Portal.website
2013-08-21 13:52 - 2013-08-21 13:54 - 00000556 _____ C:\Users\melissa.b\Documents\ClaraSignature.html
 
==================== One Month Modified Files and Folders =======
 
2013-09-18 15:01 - 2013-09-18 15:01 - 00000000 ____D C:\FRST
2013-09-18 15:01 - 2012-07-26 00:28 - 00850046 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 15:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-18 14:59 - 2013-09-18 15:00 - 01950594 _____ (Farbar) C:\Users\melissa.b\Desktop\FRST64.exe
2013-09-18 14:56 - 2012-12-21 15:34 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928124938-2827881753-4186555362-1165UA.job
2013-09-18 14:34 - 2012-12-12 18:56 - 01082896 _____ C:\Windows\WindowsUpdate.log
2013-09-18 14:16 - 2013-09-18 14:18 - 00688992 ____R (Swearware) C:\Users\melissa.b\Desktop\dds.scr
2013-09-18 14:16 - 2013-09-18 14:18 - 00688992 ____R (Swearware) C:\Users\melissa.b\Desktop\dds.com
2013-09-17 10:49 - 2012-12-03 17:14 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-09-17 10:47 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-17 08:38 - 2013-09-17 08:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-17 08:38 - 2013-09-16 10:58 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-09-16 16:32 - 2012-12-19 03:16 - 00000000 ____D C:\Users\melissa.b\AppData\Roaming\Coynec
2013-09-16 16:32 - 2012-12-12 20:23 - 00000000 ____D C:\Users\melissa.b
2013-09-16 16:18 - 2013-09-16 16:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-16 16:17 - 2012-07-26 00:21 - 00014524 _____ C:\Windows\setupact.log
2013-09-16 16:14 - 2013-09-16 16:17 - 183971984 _____ C:\Users\melissa.b\Desktop\setup_11.0.1.1245.x01_2013_09_17_00_32.exe
2013-09-16 12:56 - 2012-12-21 15:34 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1928124938-2827881753-4186555362-1165Core.job
2013-09-16 12:37 - 2012-12-14 17:38 - 00000000 ____D C:\Users\melissa.b\AppData\Roaming\Yknaly
2013-09-16 10:39 - 2013-08-29 08:43 - 00000519 _____ C:\Users\melissa.b\AppData\Roaming\Microsoft\Windows\Start Menu\SAP NetWeaver Portal.website
2013-09-16 10:31 - 2013-09-16 10:31 - 00000000 ____D C:\Users\melissa.b\AppData\Roaming\Malwarebytes
2013-09-16 10:24 - 2012-12-15 08:36 - 00000000 ____D C:\Users\melissa.b\AppData\Roaming\Erem
2013-09-16 10:24 - 2012-12-03 19:02 - 00022956 _____ C:\Windows\PFRO.log
2013-09-16 09:32 - 2013-09-16 09:28 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-16 09:32 - 2013-09-16 09:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-16 09:26 - 2013-09-16 09:26 - 00000066 _____ C:\Users\melissa.b\Desktop\notes.txt
2013-09-16 08:36 - 2013-09-16 08:36 - 00000000 ____D C:\Users\melissa.b\Desktop\AntiSpam
2013-09-16 08:04 - 2012-12-21 15:33 - 00000000 ____D C:\Users\melissa.b\AppData\Local\Google
2013-09-13 10:22 - 2012-12-19 14:49 - 00000000 ____D C:\Users\melissa.b\AppData\Roaming\Macromedia
2013-09-12 12:40 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache
2013-09-12 08:23 - 2013-09-12 08:23 - 00318416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 08:18 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\WinStore
2013-09-12 08:18 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-12 08:18 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe
2013-09-11 08:26 - 2013-07-19 09:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 08:25 - 2012-12-12 19:25 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-05 13:09 - 2012-07-26 01:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-05 13:09 - 2012-07-26 01:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-03 12:30 - 2013-09-03 12:30 - 00000824 _____ C:\Users\melissa.b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLARA SouthWare (G).lnk
2013-09-03 08:04 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-21 13:54 - 2013-08-21 13:52 - 00000556 _____ C:\Users\melissa.b\Documents\ClaraSignature.html
2013-08-20 21:12 - 2013-09-11 08:25 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-20 21:12 - 2013-09-11 08:25 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-20 21:11 - 2013-09-11 08:25 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-20 21:11 - 2013-09-11 08:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-20 19:34 - 2013-09-11 08:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-20 19:06 - 2013-09-11 08:25 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-20 19:06 - 2013-09-11 08:25 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-20 19:06 - 2013-09-11 08:25 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-20 19:05 - 2013-09-11 08:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-20 18:43 - 2013-09-11 08:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-20 16:52 - 2013-09-11 08:25 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\melissa.b\AppData\Local\Google\Desktop\Install
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 

 

Addition.txt

Share this post


Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Post those logs in next reply, also let me know if any issues or concens remain....

 

Kevin

fixlist.txt

Share this post


Link to post
Share on other sites

I am attaching the logs, including the one from Malwarebytes. (I have not yet clicked "Remove Selected".)

 

I followed the instructions, and after connecting to the network to update Malwarebytes, I ran the scan and it found something.  Also, as Malwarebytes was running, Windows Defender quarantined something else.  Here is what Window Defender found today:

 

===WINDOWS DEFENDER QUARANTINE===
 
Category: Password Stealer
 
Description: This program is dangerous and captures user passwords.
 
Recommended action: Remove this software immediately.
 
Items: 
file:C:\$Recycle.Bin\S-1-5-21-1928124938-2827881753-4186555362-1165\$RK1SGH3.exe
 
There are other items in quarantine from earlier dates.  Should I choose the option to remove this and the others?
 
Thanks!

AdwCleanerS0.txt

Fixlog.txt

MBAM-log-2013-09-19 (09-33-31).txt

Share this post


Link to post
Share on other sites

Yes please removed entries found by Malwarebytes... Next,

 

Log on as Admistrator and run FRST one more time, post that log in next reply..

Share this post


Link to post
Share on other sites

So, I removed the one that Malwarebytes found, but I left the ones from Windows Defender in Quarantine.

 

I ran FRST twice, first when I logged in as Administrator, then again logged in as the same user where I have been running the programs, but I chose Run as administrator.

 

Thanks again!

FRST.txt

FRST(admin).txt

Share this post


Link to post
Share on other sites

Delete fixlist.txt from your Desktop.

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run quick scans with Mlawarebytes and Defender, let me see the results..

 

Kevin

fixlist.txt

Share this post


Link to post
Share on other sites

FRST has killed the infection, still a good idea to complete an Online AV scan to ensure no remnants remain....

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

Let me see those logs..

 

Kevin...

Share this post


Link to post
Share on other sites

These are the logs from those programs:

 

ESET SCAN.TXT

 

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnfipjijjahgcaeoeeabmkmdffophdmc\1_0\50c949474393d9.51203202.js Win32/Adware.MultiPlug.H application
C:\Users\melissa.b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3RMG5WC\AA_v3.exe Win32/RemoteAdmin.Ammyy.A application
 
CHECKUP.TXT
 
 Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Mozilla Firefox 17.0.1 Firefox out of Date!  
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

Share this post


Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :FilesC:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnfipjijjahgcaeoeeabmkmdffophdmc\1_0\50c949474393d9.51203202.jsC:\Users\melissa.b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3RMG5WC\AA_v3.exeipconfig /flushdns /c:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Let me see that log. Any remaining issues or concerns?

 

Kevin

Share this post


Link to post
Share on other sites

Possibly, the infection is removed.  I can connect the computer back to the network and see if I notice anything.

 

Here is the log:

 

All processes killed
========== FILES ==========
C:\Users\melissa.b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnfipjijjahgcaeoeeabmkmdffophdmc\1_0\50c949474393d9.51203202.js moved successfully.
C:\Users\melissa.b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3RMG5WC\AA_v3.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\melissa.b\Desktop\cmd.bat deleted successfully.
C:\Users\melissa.b\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: administrator
->Temp folder emptied: 949575 bytes
->Temporary Internet Files folder emptied: 588986 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: melissa.b
->Temp folder emptied: 33041 bytes
->Temporary Internet Files folder emptied: 352186115 bytes
->FireFox cache emptied: 41107472 bytes
->Google Chrome cache emptied: 11464392 bytes
->Flash cache emptied: 643 bytes
 
User: Public
 
User: RB
->Temp folder emptied: 1271 bytes
->Temporary Internet Files folder emptied: 128 bytes
 
User: rbguest01
->Temp folder emptied: 11181 bytes
->Temporary Internet Files folder emptied: 35373273 bytes
->Flash cache emptied: 3145 bytes
 
User: romeo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: zach.k
->Temp folder emptied: 1317841 bytes
->Temporary Internet Files folder emptied: 38279 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 293706160 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 265973107 bytes
 
Total Files Cleaned = 956.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09202013_084016
 

Share this post


Link to post
Share on other sites

Yes please use your system normally, let me know how it responds... Also run a quick scan with Malwarebytes...

Share this post


Link to post
Share on other sites

After 4:30 pm, I'm going to try to connect it back to the network and log on with the same user.  I'll let you know if that triggers anything.

 

Thanks!

Share this post


Link to post
Share on other sites

OK continue:

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 


Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

Next,

 

Delete the following from your Desktop;

 

DDS plus any logs

Security Checks plus any logs

FRST.exe plus any logs

 

Also delete this folder... C:\FRST

 

You should be good to go when the above is complete....

here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.