Jump to content

Home Page & Search Bar HiJacked / Odd Windows Pop Up


TishB

Recommended Posts

Fourth time's a charm, Mr. C. Here's the log. Although it appears I've lost my google home page. Won't even load.
What browser??


Also somehow Amazon.com seems to now be my preferred search bar.
What browser?

What's the matter with those guys?
Who??


I had respect for them till now. That's a pretty stupid advertizing gimmick if I may say so. Wait till I write those guys!
Who?? There's no advertising associated with ComboFix or the page it's on:

http://www.bleepingcomputer.com/download/combofix/



(p.s. also...Mr. C. I've restored my protection to come back online. I have a warning now from my system that the microsoft restore it wanted is in conflict with the Roxio restore program that was on this system when I got it. What should I do?)

I'm not familiar with Roxio restore, did you have windows restore disabled??

MrC




MrC

Link to post
Share on other sites

  • Replies 87
  • Created
  • Last Reply

Top Posters In This Topic

My browser is Firefox, the search bar in my browser now says Amazon.com, the who again is Amazon.com for whatever it is they used causing my searchbar to use them...and only them, btw. Tried a search on it and immediately put me in the store. Forgive me for being unclear and so fussy. It was not my intent to imply it was combofix. I am sorry. I will, however write Amazon.com and express my disapproval with their search bar host or whatever it is. All not important and again, my apologies.

And lastly, no sir, I haven't disabled Windows restore, I touch nothing until you tell me to. The combofixer wanted Microsoft back up and went to fetch it then installed it...at least that's what I think. It's listed in my system as Roxio\BackOnTrack

Link to post
Share on other sites

I don't use FF but there's plenty of info on the web about changing it:




 

 

OK, ComboFix installed the Recovery Console and now BackOnTrack doesn't like it??

 

Is that what you're saying?

 

We can uninstall the recovery console.


 

MrC

 

Link to post
Share on other sites

Yes, that's correct. Combofix went for the Microsoft recovery console, downloaded it and placed it. I don't know why Roxio Back on Track is installed and not Recovery console. It's not important to me which one is working. But obviously one of them needs to go. I'll see if I can disable the Back on Track so we have no conflicts on that level. It's the logical choice considering you have not heard of them. If future issues pop up...I'd rather something someone is familiar with.

Thank you for those sites. I'll work it later to restore what I want in FoxFire.

What now, boss? ;) Does the log look good?

Link to post
Share on other sites

Yes, the recovery console is standard on Vista, W7 and W8 but not on XP.

That's why it's installed before running ComboFix, just in case of any problems.

I suggest you keep the RC and disable the other.

 

Here's a little tweak to speed up boot time with the RC installed:

http://www.geekstogo.com/forum/topic/273470-xp-recovery-console-how-to-speed-up-windows-boot-time/page__p__1800871#entry1800871

 

MrC

Link to post
Share on other sites

Perfect. Roxio is disabled...I hope. There wasn't anything to actually disable it...but I did uncheck all the boxes. I'm not seeing the little info warning bubble popping up now. And RC is now set to 10 and 30. Thank you, Mr. C.

Shall I return to your post on page two that you had me 'cleaning' up some? Like the FRST file folder and such? Also, there's a folder on my desktop that's titled RK_Quarantine. Every time I see it...my heart rate jumps and I start feeling itchy. Do I dump it in the garbage?

Link to post
Share on other sites

You can delete these with RogueKiller if they're still there:

¤¤¤ Registry Entries :

[RUN][sUSP PATH] HKCU\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect" [x]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1226193511-2892163551-3241378241-1006\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect" [x]) -> FOUND

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you can't manually delete the FRST/quarantine folder then use the FRST with the fixlist.txt I have prepared.

Uninstall ComboFix.

Run OTC , that will delete a lot of items

The rest you can manually delete as outlined before.

MrC

Link to post
Share on other sites

Thank you, Mr. Charlie. Again, you rock. So far it appears we've done it. I think I'll keep combofix in my protection folder for a bit. Sorta makes me feel safer. Same with RKiller. I'll head out to use the OTC in just a moment. I reran RK and I'll post the report below. I don't see those particular registry entries. But I'll double check.

I do have a question, though. On this log there are multiple entries for something called EAT@ in the driver section. Also I note one new entry in drivers I don't believe I've seen earlier called IRP DriverStartIO followed by multi unknowns and a FALSE. Are these entries okay?

Here's the report.

 

RogueKiller V8.7.0 [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shauna [Admin rights]
Mode : Scan -- Date : 10/01/2013 15:41:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] g7yufipz.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[DriverStartIo] : atapi.sys -> HOOKED (Unknown @ 0x869692E2)
[inline] EAT @explorer.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)
[inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x4B7D2083)
[inline] EAT @firefox.exe (_pctype) : MSVCR100.dll -> HOOKED (Unknown @ 0xA2B56E90)
[inline] EAT @firefox.exe (_wpgmptr) : MSVCR100.dll -> HOOKED (Unknown @ 0x652DEC70)
[inline] EAT @firefox.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ )  -  +++++
--- User ---
[MBR] 4d32227ea6f80138149a3e3352c3b752
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 001bae72239183c3812aa2f539227b2b
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo

Finished : << RKreport[0]_S_10012013_154134.txt >>
RKreport[0]_D_09302013_140547.txt;RKreport[0]_D_09302013_203517.txt;RKreport[0]_D_09302013_215643.txt
RKreport[0]_D_09302013_224724.txt;RKreport[0]_D_10012013_100103.txt;RKreport[0]_S_09302013_140044.txt
RKreport[0]_S_09302013_203247.txt;RKreport[0]_S_09302013_211845.txt;RKreport[0]_S_09302013_220703.txt
RKreport[0]_S_10012013_085030.txt;RKreport[0]_S_10012013_101619.txt;RKreport[0]_S_10012013_122025.txt



 

Link to post
Share on other sites

I believe they're OK...but we can check:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Mr. Charlie! Help!!

Okay, I've had to switch to my mac to reach you. Here's an update.  I followed your above directions to the letter. One problem...the tdsskiller stalls out at 70%. Once I selected the module and it wants to reboot all was fine until it initlizes then stalls at 70%. Not just stalls...it completely freezes my entire system. Nix, nil, nada, nyet, nothing.  I attempted a restart 3 times and gave up. The 4th time I thought I was being clever I tried to use cnt alt delete and stop the tdss from another initializing attempt. It even froze the task window. The 5th time I selected F8 and figured maybe I could go into safe mode.

Wasn't gonna happen. It did give me options, safe mode, safe mode with networking, safe mode with command prompt. I tried to select safe mode and it jumps into a window asking me if I want to start windows xp or go to last known working config for my system. I tried the last known config because it would have been just today. Then it wanted me to find where it was...and type it after a C: prompt...all I could do was ask it for help and still didn't see anything that looked right. So I shut down and repeated and tried other options in F8. Once I did get something happen when I tried the last known conf selection but it stopped and told me "a disk read prompt occurred and please use cnt alt delete...which by the way didn't work in that blue screen selection area.

I shut it down again and restarted it normal in win xp...but this time...I didn't wait for the tdsskiller to start to initialize...I immediately selected the program and hoped it would start ahead of the other before it initialized. It started another instance of the tdssk and I immediately unselected that module section...it continued to open and asked me to scan which I did. The final results showed one instance. A threat was detected at Rootkit.Boot.Pihar.c; device Hard DRO; High Risk.

So at this moment I have the tdsskiller up on the pc along with a task window opened...nothing has stalled out yet. I believe it's because I superceded it with another instance of itself and ran a normal scan without the module selected. Gawd, I hope all this makes sense to you.

I cannot get into safe mode the normal way. When trying, I get those 3 safe mode options I've listed above as well as these options; Enable Boot logging, Enable VGA Mode, Last Known Good Config. (which I couldn't find when selected earlier), Directory Service Restore Mode (Windows Domain), Debugging Mode and finally Disable Automatic Restart on sys fail.

Now two questions. One, should I go ahead and have tdssk skip, copy quarantine, cure, or restore? Just to see if it stabilizes. And two, how can I remove this puppy from my system? Meaning tdsskiller. Note: the scan I ran was after I deselected that modules portion.

I'll just wait till I hear back.

Link to post
Share on other sites

Then that's what I'll do. I just reread your instructions to use tdssk and I saw where you mentioned that Ddevice Hard DRO and wasn't certain if that was it or not. That's why I've asked. okay...brb. Let the adventure begin. I'll keep you informed.

Link to post
Share on other sites

Mr. C. I know this is getting to be a pain in the sitdown and for that I apologize. I went ahead and tried the cure. It accepted it and wanted to shut down. It did so. Unfortunately when it tried to reboot...tdssk tried again to initialize. Again freezing me out completely.

I've somehow managed to get into safe mode. Is there something that I can do to actually stop tdss from initializing? I've looked in the add/remove in my control panel. It isn't in there. I've checked the start up section. I can't see it in there. I've also looked in the program files for it and only found a quarantine folder titled tdssk. Not the actual program. I have a feeling if I could just get it to not start I should be okay. Would simply deleting the program stop it?

Link to post
Share on other sites

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

It's a good thing I still have it on my pc's desktop. I'm on my Mac writing this. I won't be able to post the logs until can reaccess my pc and windows without freezing up. I'll go and do what I can. I should be able to do this in safe mode correct?

Do i understand you correctly. This running of mbar will stop tdssk from attempting to initialize?

Link to post
Share on other sites

Mr. Charlie, Just a quick note to let you know that through trial and error I have managed to retake my PC system. Oddly enough, it apparently only needed me to simply dump the TDSSK into the garbage bin and restart out of safe mode. At least that is what I believe to be so. Prior to doing so I ran roguekiller, malwarebyte, FRST, HiJackThis, and spybot in safe mode. No apparent change in any of them from their safe mode reports compared to earlier reports. Frustrated I trashed the TDSSK.exe. Backed out and rebooted. Froze just once but subsequent reboots have been pretty smooth. Go figure. I have no idea what was the problem and I'm content to assign the blame to TDSSK and leave it at that. I'm learning too much about Windows then I ever really wanted to know.

My homepage and browser selection are back to normal. Search bar still has Amazon, but I'll head to the Firefox website you gave me in an earlier post to address how to fix it. No arbitrary odd web windows have been popping up so far. I'll deal with that later at the Firefox help site if they do. My task manager tells me I'm running approximately 56 processes...which seems to me to be pretty high. So maybe I need to find a site that deals with processes running on windows. Shouldn't be terribly difficult to do that.

I'm posting an mbam-log as well as a recently run FRST report for you to look at. I am hoping they'll show no sign of infection. It may be that all we've done so far has done some good I hope so. If you see something that looks worrisome, please let me know. If it looks good to you I am content to address other issues elsewhere as noted above.

I can't tell you how grateful I am for all you've done to help me. Thank you.

Here are those reports for you to look over. If you want any other report please let me know...with the one caveat that it's not TDSSK. ;)

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.01.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Shauna :: LITTLEBIRD2 [administrator]

Protection: Enabled

10/2/2013 9:59:50 AM
mbam-log-2013-10-02 (09-59-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282996
Time elapsed: 34 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Shauna (administrator) on LITTLEBIRD2 on 02-10-2013 10:45:58
Running from C:\Documents and Settings\Shauna\Desktop\FRST
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sonic Solutions) C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\Syncables.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
() C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\MigoMapi.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\a7dede2f34b584ebf88fe3c2b593c234\update\update.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] - C:\Windows\system32\AESTFltr.exe [737280 2009-02-18] (Andrea Electronics Corporation)
HKLM\...\Run: [HP Mobile Broadband] - c:\SWsetup\HPQWWAN\HPMobileBroadband.exe [455224 2009-01-09] (Hewlett-Packard Company)
HKLM\...\Run: [syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [173360 2009-04-02] (syncables, LLC)
HKLM\...\Run: [Microsoft Default Manager] - c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM\...\Run: [PININST] - C:\SYSTEM.SAV\UTIL\PININST.EXE [94208 2006-02-25] ()
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [HP BTW Detect Program] - C:\Program Files\HP\HPBTWD.exe
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-15] (Synaptics, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-06-14] (Sun Microsystems, Inc.)
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [Xvid] - C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\Runonce: [spUninstallDeleteDir] - rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {C44A8427-A5BA-4FA9-945A-7936B0D694F2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {F636501E-CE16-4CE0-9FB8-8B4C6B9E5574} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {C44A8427-A5BA-4FA9-945A-7936B0D694F2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {D4F130FD-E0B8-4770-8AAD-BF28F263B5A0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN20604546432976931&UM=2
SearchScopes: HKCU - {F636501E-CE16-4CE0-9FB8-8B4C6B9E5574} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  No File
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: jid0-HVSBDzuc3UFGvmtex3x0IZzgCM8 - C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\Extensions\jid0-HVSBDzuc3UFGvmtex3x0IZzgCM8@jetpack.xpi
FF Extension: personas - C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\Extensions\personas@christopher.beard.xpi
FF Extension: trtv3 - C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\Extensions\trtv3@trtv.com.xpi
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Docs) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [125424 2008-12-12] ()
R2 BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [203248 2009-03-19] (Sonic Solutions)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [254042 2009-03-30] (IDT, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [113664 2009-03-19] (Andrea Electronics Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-09-28] (AVG Technologies)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1735040 2009-09-17] (Broadcom Corporation)
R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [160816 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [104160 2012-03-14] (ESET)
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-30] (MalwareBytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1550891 2009-03-30] (IDT, Inc.)
R0 SysCow; C:\Windows\System32\drivers\syscow32x.sys [103792 2008-09-25] (Sonic Solutions)
S0 26069313; system32\drivers\10837736.sys [x]
S3 catchme; \??\C:\DOCUME~1\Shauna\LOCALS~1\Temp\catchme.sys [x]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\1F86.tmp [x]
U4 RemoteRegistry;
S3 RSUSBSTOR; System32\Drivers\RTS5121.sys [x]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [x]
U3 TlntSvr;
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 10:47 - 2013-10-02 10:48 - 00008301 _____ C:\WINDOWS\KB2820197.log
2013-10-02 10:47 - 2013-10-02 10:47 - 00006396 _____ C:\WINDOWS\KB2863058.log
2013-10-02 10:47 - 2013-10-02 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-10-02 10:47 - 2013-10-02 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-10-02 10:47 - 2013-10-02 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$
2013-10-02 10:46 - 2013-10-02 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-10-02 10:45 - 2013-10-02 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2013-10-02 10:44 - 2013-10-02 10:44 - 00000000 ____D C:\WINDOWS\LastGood
2013-10-02 10:21 - 2013-10-02 10:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-02 09:02 - 2013-10-02 09:02 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-01 23:37 - 2013-10-01 23:37 - 00002353 _____ C:\Documents and Settings\Shauna\Desktop\safe-RKreport[0]_S_10012013_233546.txt
2013-10-01 23:35 - 2013-10-01 23:35 - 00002353 _____ C:\Documents and Settings\Shauna\Desktop\RKreport[0]_S_10012013_233546.txt
2013-10-01 23:27 - 2013-10-01 23:35 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\RK_Quarantine
2013-10-01 23:11 - 2013-10-01 23:11 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Calibre Library
2013-10-01 23:10 - 2013-10-01 23:10 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\My Documents\Calibre Library
2013-10-01 23:09 - 2013-10-01 23:14 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\calibre
2013-10-01 22:53 - 2013-10-01 22:53 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\Mozilla
2013-10-01 22:53 - 2013-10-01 22:53 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\Mozilla
2013-10-01 19:58 - 2013-10-01 19:58 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\Google
2013-10-01 19:54 - 2013-10-01 19:54 - 00055496 _____ C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-01 19:50 - 2013-10-01 23:17 - 00000178 ___SH C:\Documents and Settings\Administrator.LITTLEBIRD2\ntuser.ini
2013-10-01 19:50 - 2013-10-01 23:11 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2
2013-10-01 19:50 - 2012-07-27 06:07 - 00000000 __SHD C:\Documents and Settings\Administrator.LITTLEBIRD2\IETldCache
2013-10-01 19:50 - 2009-06-14 21:17 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\HP Mobile Broadband
2013-10-01 19:50 - 2009-06-14 21:00 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\Macromedia
2013-10-01 19:50 - 2009-06-14 21:00 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\Adobe
2013-10-01 19:50 - 2009-06-14 20:58 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\Sun
2013-10-01 19:50 - 2009-06-14 20:55 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\Seven Zip
2013-10-01 19:50 - 2009-06-14 20:51 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\Microsoft Help
2013-10-01 19:50 - 2009-06-14 20:49 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\InstallShield
2013-10-01 19:50 - 2009-06-14 20:23 - 00000803 _____ C:\Documents and Settings\Administrator.LITTLEBIRD2\Start Menu\Programs\Internet Explorer.lnk
2013-10-01 19:50 - 2009-06-14 20:23 - 00000738 _____ C:\Documents and Settings\Administrator.LITTLEBIRD2\Start Menu\Programs\Outlook Express.lnk
2013-10-01 19:50 - 2009-06-14 19:17 - 00000000 ___RD C:\Documents and Settings\Administrator.LITTLEBIRD2\Start Menu\Programs\Accessories
2013-10-01 19:50 - 2008-06-24 21:12 - 00001503 _____ C:\Documents and Settings\Administrator.LITTLEBIRD2\Start Menu\Programs\Remote Assistance.lnk
2013-10-01 13:18 - 2013-10-01 13:18 - 00012153 _____ C:\ComboFix.txt
2013-10-01 13:13 - 2013-10-01 13:13 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-01 12:30 - 2013-10-02 10:48 - 00004752 _____ C:\WINDOWS\KB2757638.log
2013-10-01 12:29 - 2013-10-01 12:31 - 00004178 _____ C:\WINDOWS\KB2758857.log
2013-10-01 12:29 - 2013-10-01 12:31 - 00004094 _____ C:\WINDOWS\KB2802968.log
2013-10-01 12:29 - 2013-10-01 12:31 - 00004009 _____ C:\WINDOWS\KB2780091.log
2013-10-01 12:28 - 2013-10-01 12:31 - 00004526 _____ C:\WINDOWS\KB2876315.log
2013-10-01 12:28 - 2013-10-01 12:31 - 00004009 _____ C:\WINDOWS\KB2876217.log
2013-10-01 12:28 - 2013-10-01 12:31 - 00004009 _____ C:\WINDOWS\KB2845187.log
2013-10-01 12:28 - 2013-10-01 12:30 - 00004007 _____ C:\WINDOWS\KB2864063.log
2013-10-01 12:28 - 2013-10-01 12:30 - 00003922 _____ C:\WINDOWS\KB2850869.log
2013-10-01 12:27 - 2013-10-01 12:30 - 00004350 _____ C:\WINDOWS\KB2859537.log
2013-10-01 12:27 - 2013-10-01 12:30 - 00003841 _____ C:\WINDOWS\KB2820917.log
2013-10-01 12:27 - 2013-07-16 20:46 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzchange.exe
2013-10-01 12:26 - 2013-10-02 10:46 - 00013494 _____ C:\WINDOWS\KB2813345.log
2013-10-01 12:26 - 2013-10-02 10:46 - 00011940 _____ C:\WINDOWS\KB2727528.log
2013-10-01 11:02 - 2013-10-01 11:02 - 00000000 _RSHD C:\cmdcons
2013-10-01 11:02 - 2012-07-20 19:24 - 00000245 _____ C:\Boot.bak
2013-10-01 11:02 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-10-01 10:52 - 2013-10-01 13:18 - 00000000 ____D C:\Qoobox
2013-10-01 10:52 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-01 10:52 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-01 10:52 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-01 10:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-01 10:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-01 10:52 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-01 10:52 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-01 10:52 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-01 10:52 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-01 10:51 - 2013-10-01 13:14 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-01 09:58 - 2013-10-01 10:50 - 05132885 ____R (Swearware) C:\Documents and Settings\Shauna\Desktop\ComboFix.exe
2013-10-01 08:28 - 2013-10-01 08:28 - 03958206 _____ C:\Documents and Settings\Shauna\Desktop\AutorunRemover.zip
2013-09-30 20:04 - 2013-09-30 20:04 - 00000000 ____D C:\Documents and Settings\Shauna\Local Settings\Application Data\Sun
2013-09-30 18:03 - 2013-10-01 09:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Shauna\Desktop\SpyHunter-Installer.exe
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun
2013-09-30 17:38 - 2013-09-30 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-09-30 17:38 - 2013-09-30 17:37 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-30 17:38 - 2013-09-30 17:37 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-30 17:38 - 2013-09-30 17:37 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-30 17:38 - 2013-09-30 17:37 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-30 17:38 - 2013-09-30 17:37 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-30 17:38 - 2013-09-30 17:37 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-30 17:04 - 2013-09-30 17:04 - 00201728 _____ (OldTimer Tools) C:\Documents and Settings\Shauna\Desktop\OTC.exe
2013-09-30 12:06 - 2013-09-30 12:06 - 00090112 _____ C:\WINDOWS\Minidump\Mini093013-01.dmp
2013-09-30 11:22 - 2013-10-02 10:45 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\FRST
2013-09-30 10:16 - 2013-09-30 20:00 - 00000000 ____D C:\FRST
2013-09-30 08:59 - 2013-09-30 11:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-30 08:58 - 2013-09-30 08:58 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-30 06:50 - 2013-09-30 06:50 - 01030305 _____ (Thisisu) C:\Documents and Settings\Shauna\Desktop\JRT.exe
2013-09-29 23:33 - 2013-09-30 14:43 - 00000000 ____D C:\AdwCleaner
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-24 09:40 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-22 21:13 - 2013-09-30 11:33 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\round-up
2013-09-19 21:50 - 2013-10-02 08:56 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\Calibre Library
2013-09-18 12:30 - 2013-09-28 16:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-09-07 16:40 - 2013-09-07 16:40 - 00000000 ____D C:\Documents and Settings\Shauna\Calibre Library

==================== One Month Modified Files and Folders =======

2013-10-02 10:48 - 2013-10-02 10:47 - 00008301 _____ C:\WINDOWS\KB2820197.log
2013-10-02 10:48 - 2013-10-01 12:30 - 00006081 _____ C:\WINDOWS\KB2757638.log
2013-10-02 10:48 - 2008-06-24 21:48 - 01912328 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-02 10:48 - 2008-06-24 21:48 - 00665744 _____ C:\WINDOWS\setupapi.log
2013-10-02 10:48 - 2008-06-24 21:32 - 00380213 _____ C:\WINDOWS\tsoc.log
2013-10-02 10:48 - 2008-06-24 21:32 - 00150574 _____ C:\WINDOWS\iis6.log
2013-10-02 10:48 - 2008-06-24 21:25 - 00971946 _____ C:\WINDOWS\FaxSetup.log
2013-10-02 10:48 - 2008-06-24 21:25 - 00492432 _____ C:\WINDOWS\ocgen.log
2013-10-02 10:48 - 2008-06-24 21:25 - 00330862 _____ C:\WINDOWS\comsetup.log
2013-10-02 10:48 - 2008-06-24 21:25 - 00201317 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-02 10:48 - 2008-06-24 21:25 - 00053994 _____ C:\WINDOWS\ocmsn.log
2013-10-02 10:48 - 2008-06-24 21:25 - 00049176 _____ C:\WINDOWS\msgsocm.log
2013-10-02 10:48 - 2008-06-24 21:25 - 00001374 _____ C:\WINDOWS\imsins.log
2013-10-02 10:47 - 2013-10-02 10:47 - 00006396 _____ C:\WINDOWS\KB2863058.log
2013-10-02 10:47 - 2013-10-02 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-10-02 10:47 - 2013-10-02 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-10-02 10:47 - 2013-10-02 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$
2013-10-02 10:47 - 2012-07-26 21:50 - 00017242 _____ C:\WINDOWS\system32\TZLog.log
2013-10-02 10:47 - 2009-06-14 19:17 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-10-02 10:47 - 2008-06-24 21:25 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-10-02 10:47 - 2008-06-24 21:24 - 00099661 _____ C:\WINDOWS\updspapi.log
2013-10-02 10:46 - 2013-10-02 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-10-02 10:46 - 2013-10-01 12:26 - 00013494 _____ C:\WINDOWS\KB2813345.log
2013-10-02 10:46 - 2013-10-01 12:26 - 00011940 _____ C:\WINDOWS\KB2727528.log
2013-10-02 10:45 - 2013-10-02 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2013-10-02 10:45 - 2013-09-30 11:22 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\FRST
2013-10-02 10:44 - 2013-10-02 10:44 - 00000000 ____D C:\WINDOWS\LastGood
2013-10-02 10:44 - 2009-06-14 19:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-02 10:43 - 2008-06-24 21:26 - 00502516 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-02 10:38 - 2009-09-17 04:10 - 00000282 _____ C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
2013-10-02 10:34 - 2012-07-27 06:06 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-10-02 10:31 - 2013-10-02 10:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-02 10:22 - 2012-07-22 22:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 09:56 - 2012-07-24 14:15 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2013-10-02 09:49 - 2013-06-10 18:03 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job
2013-10-02 09:47 - 2012-07-22 22:44 - 00000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1226193511-2892163551-3241378241-1006.job
2013-10-02 09:47 - 2012-07-22 22:44 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1226193511-2892163551-3241378241-1006.job
2013-10-02 09:46 - 2008-06-24 14:08 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-10-02 09:46 - 2008-06-24 14:08 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-10-02 09:45 - 2012-07-22 22:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 09:45 - 2008-06-24 21:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-02 09:40 - 2013-08-13 19:02 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2013-10-02 09:40 - 2013-06-15 11:59 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-02 09:34 - 2012-07-24 14:29 - 00000000 ____D C:\Program Files\stinger
2013-10-02 09:02 - 2013-10-02 09:02 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-02 08:56 - 2013-09-19 21:50 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\Calibre Library
2013-10-01 23:37 - 2013-10-01 23:37 - 00002353 _____ C:\Documents and Settings\Shauna\Desktop\safe-RKreport[0]_S_10012013_233546.txt
2013-10-01 23:35 - 2013-10-01 23:35 - 00002353 _____ C:\Documents and Settings\Shauna\Desktop\RKreport[0]_S_10012013_233546.txt
2013-10-01 23:35 - 2013-10-01 23:27 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\RK_Quarantine
2013-10-01 23:17 - 2013-10-01 19:50 - 00000178 ___SH C:\Documents and Settings\Administrator.LITTLEBIRD2\ntuser.ini
2013-10-01 23:17 - 2012-07-10 17:37 - 00000000 ____D C:\Calibre
2013-10-01 23:14 - 2013-10-01 23:09 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\calibre
2013-10-01 23:11 - 2013-10-01 23:11 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Calibre Library
2013-10-01 23:11 - 2013-10-01 19:50 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2
2013-10-01 23:10 - 2013-10-01 23:10 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\My Documents\Calibre Library
2013-10-01 22:53 - 2013-10-01 22:53 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\Mozilla
2013-10-01 22:53 - 2013-10-01 22:53 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Application Data\Mozilla
2013-10-01 20:23 - 2012-07-22 20:58 - 00000000 ____D C:\Program Files\HijackThis
2013-10-01 20:05 - 2008-06-24 21:09 - 00000356 ___SH C:\boot.ini
2013-10-01 19:58 - 2013-10-01 19:58 - 00000000 ____D C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\Google
2013-10-01 19:54 - 2013-10-01 19:54 - 00055496 _____ C:\Documents and Settings\Administrator.LITTLEBIRD2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-01 19:41 - 2009-09-17 04:08 - 00000178 ___SH C:\Documents and Settings\Shauna\ntuser.ini
2013-10-01 19:41 - 2009-09-17 04:08 - 00000000 ____D C:\Documents and Settings\Shauna
2013-10-01 19:41 - 2008-06-24 21:48 - 00032382 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-01 17:29 - 2012-07-25 13:36 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\Protection
2013-10-01 15:25 - 2009-06-14 19:17 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-01 13:18 - 2013-10-01 13:18 - 00012153 _____ C:\ComboFix.txt
2013-10-01 13:18 - 2013-10-01 10:52 - 00000000 ____D C:\Qoobox
2013-10-01 13:14 - 2013-10-01 10:51 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-01 13:13 - 2013-10-01 13:13 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-01 12:31 - 2013-10-01 12:29 - 00004178 _____ C:\WINDOWS\KB2758857.log
2013-10-01 12:31 - 2013-10-01 12:29 - 00004094 _____ C:\WINDOWS\KB2802968.log
2013-10-01 12:31 - 2013-10-01 12:29 - 00004009 _____ C:\WINDOWS\KB2780091.log
2013-10-01 12:31 - 2013-10-01 12:28 - 00004526 _____ C:\WINDOWS\KB2876315.log
2013-10-01 12:31 - 2013-10-01 12:28 - 00004009 _____ C:\WINDOWS\KB2876217.log
2013-10-01 12:31 - 2013-10-01 12:28 - 00004009 _____ C:\WINDOWS\KB2845187.log
2013-10-01 12:30 - 2013-10-01 12:28 - 00004007 _____ C:\WINDOWS\KB2864063.log
2013-10-01 12:30 - 2013-10-01 12:28 - 00003922 _____ C:\WINDOWS\KB2850869.log
2013-10-01 12:30 - 2013-10-01 12:27 - 00004350 _____ C:\WINDOWS\KB2859537.log
2013-10-01 12:30 - 2013-10-01 12:27 - 00003841 _____ C:\WINDOWS\KB2820917.log
2013-10-01 11:41 - 2009-06-14 20:49 - 00000000 ____D C:\Program Files\HP
2013-10-01 11:02 - 2013-10-01 11:02 - 00000000 _RSHD C:\cmdcons
2013-10-01 10:50 - 2013-10-01 09:58 - 05132885 ____R (Swearware) C:\Documents and Settings\Shauna\Desktop\ComboFix.exe
2013-10-01 09:01 - 2013-09-30 18:03 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Shauna\Desktop\SpyHunter-Installer.exe
2013-10-01 08:28 - 2013-10-01 08:28 - 03958206 _____ C:\Documents and Settings\Shauna\Desktop\AutorunRemover.zip
2013-09-30 20:04 - 2013-09-30 20:04 - 00000000 ____D C:\Documents and Settings\Shauna\Local Settings\Application Data\Sun
2013-09-30 20:00 - 2013-09-30 10:16 - 00000000 ____D C:\FRST
2013-09-30 17:57 - 2012-07-12 08:17 - 00000000 ____D C:\Games
2013-09-30 17:53 - 2012-11-05 17:35 - 00000000 ____D C:\Program Files\Detective Stories Hollywood
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun
2013-09-30 17:38 - 2013-09-30 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-09-30 17:37 - 2013-09-30 17:38 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-30 17:37 - 2013-09-30 17:38 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-30 17:37 - 2013-09-30 17:38 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-30 17:37 - 2013-09-30 17:38 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-30 17:37 - 2013-09-30 17:38 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-30 17:37 - 2013-09-30 17:38 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-30 17:37 - 2009-06-14 20:59 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-09-30 17:36 - 2009-06-14 20:58 - 00000000 ____D C:\Program Files\Java
2013-09-30 17:04 - 2013-09-30 17:04 - 00201728 _____ (OldTimer Tools) C:\Documents and Settings\Shauna\Desktop\OTC.exe
2013-09-30 16:20 - 2009-06-14 19:17 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-30 14:43 - 2013-09-29 23:33 - 00000000 ____D C:\AdwCleaner
2013-09-30 12:28 - 2013-04-21 11:16 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\New Books
2013-09-30 12:06 - 2013-09-30 12:06 - 00090112 _____ C:\WINDOWS\Minidump\Mini093013-01.dmp
2013-09-30 12:06 - 2012-07-22 19:10 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-30 11:45 - 2013-09-30 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-30 11:33 - 2013-09-22 21:13 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\round-up
2013-09-30 08:58 - 2013-09-30 08:58 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-30 06:50 - 2013-09-30 06:50 - 01030305 _____ (Thisisu) C:\Documents and Settings\Shauna\Desktop\JRT.exe
2013-09-29 23:48 - 2012-07-26 21:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2013-09-28 16:42 - 2013-09-18 12:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 16:42 - 2013-05-20 18:34 - 00003727 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-09-28 16:41 - 2013-01-03 19:32 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-09-25 20:30 - 2009-06-14 19:17 - 00000000 ____D C:\WINDOWS\Registration
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-23 18:02 - 2013-01-03 19:37 - 00000000 ____D C:\Documents and Settings\Shauna\Application Data\mIRC
2013-09-23 04:49 - 2013-05-03 16:22 - 00000000 ____D C:\mIRCa
2013-09-20 13:04 - 2012-07-25 13:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-19 10:53 - 2008-06-24 21:48 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-19 10:50 - 2008-06-24 21:12 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2013-09-19 06:29 - 2013-06-15 13:04 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\calibre & ebook progs
2013-09-17 20:17 - 2013-01-09 17:31 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-09-17 20:12 - 2012-07-22 22:35 - 00000000 ____D C:\Program Files\Google
2013-09-07 16:40 - 2013-09-07 16:40 - 00000000 ____D C:\Documents and Settings\Shauna\Calibre Library

Some content of TEMP:
====================
C:\Documents and Settings\Shauna\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Shauna\Local Settings\Temp\{2F4B2B39-673C-4C47-A763-EFC28FD5444B}.exe
C:\Documents and Settings\Shauna\Local Settings\Temp\{88C900A5-850D-434F-BCBC-2C269C5B344B}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

Oh I forgot one you asked for earlier. It's those combofix reports. Here:

 

2013-10-01 17:17:01 . 2013-10-01 17:17:01            1,284 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-{3764E0E0-6AAE-11DE-6784-0C73653918BE}.reg.dat
2013-10-01 17:17:01 . 2013-10-01 17:17:01            1,348 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-RealPlayer 15.0.reg.dat
2013-10-01 17:15:31 . 2013-10-01 17:15:32              143 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-vProt.reg.dat
2013-10-01 17:15:30 . 2013-10-01 17:15:30              317 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HP BTW Detect Program.reg.dat
2013-10-01 17:15:23 . 2013-10-01 17:15:23              157 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2013-10-01 15:33:41 . 2013-10-01 17:03:24            7,496 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-10-01 15:20:26 . 2013-10-01 16:54:00              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-10-01 14:52:21 . 2013-10-01 16:51:44              153 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-09-28 20:41:59 . 2013-09-28 20:41:00           10,988 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\8c724a5f17eba621.fb.vir
2013-09-19 01:26:34 . 2013-09-19 01:25:29           10,805 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\8d63d5e913d4f079.fb.vir
2013-09-18 00:32:27 . 2013-09-30 18:43:26          124,084 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\Shauna\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences.vir
2013-08-13 01:06:13 . 2013-08-13 01:06:13          494,162 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\SaveShare\uninstall.exe.vir
2013-07-30 02:46:54 . 2013-07-30 02:45:46           10,805 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\683e0115093f8e87.fb.vir
2013-06-27 12:06:42 . 2013-06-27 12:05:50           10,726 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f12d14ec2e6e84f2.fb.vir
2013-05-20 22:35:10 . 2013-05-20 22:34:26           11,064 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\1b5d40be231f78ee.fb.vir
2013-02-19 01:19:45 . 2013-09-28 20:40:59              577 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\95f567698be8a182.fb.vir
2013-02-19 01:19:45 . 2013-09-28 20:40:59              636 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\26c630d098e22dd5.fb.vir
2013-02-19 01:19:44 . 2013-02-19 01:19:12           10,783 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\0c93d3cf6ac8f14b.fb.vir
2013-02-10 15:17:51 . 2013-02-10 15:17:07           10,993 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\18916bba685a0aba.fb.vir
2013-01-09 20:15:52 . 2013-09-28 20:40:59              639 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\590ba23ce359fd0c.fb.vir
2013-01-09 20:15:52 . 2013-09-28 20:40:59              630 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\272512937d9e61a4.fb.vir
2013-01-09 20:15:52 . 2013-09-28 20:40:59              398 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6c59ac5e7e7a3ad0.fb.vir
2013-01-09 20:15:52 . 2013-01-09 20:14:43              669 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\a8556537add6dfc5.fb.vir
2013-01-09 20:15:52 . 2013-05-20 22:34:26              627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\651c5d3cdbfb8bd1.fb.vir
2013-01-09 20:15:52 . 2013-09-28 20:40:59            1,045 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d201ef9910cd39de.fb.vir
2013-01-09 20:15:52 . 2013-09-28 20:40:59              586 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c4d28dca2e7648be.fb.vir
2013-01-09 20:15:51 . 2013-09-28 20:40:59              663 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c1fa887b03019701.fb.vir
2013-01-09 20:15:51 . 2013-09-28 20:40:59              668 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6d03dad1035885d3.fb.vir
2013-01-09 20:15:50 . 2013-09-28 20:40:59            1,071 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f998975c9cc711ee.fb.vir
2013-01-09 20:15:50 . 2013-09-28 20:40:59              661 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\32c84fe32bb74d60.fb.vir
2013-01-09 20:15:50 . 2013-09-28 20:40:59              366 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\ad10a52aff5e038d.fb.vir
2013-01-09 20:15:50 . 2013-09-28 20:40:59              622 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\287204568329e189.fb.vir
2013-01-09 20:15:50 . 2013-09-28 20:40:59              628 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\31a0997e9a5b5eb3.fb.vir
2013-01-09 20:15:50 . 2013-09-28 20:40:59              365 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\610289e025a3ee9a.fb.vir
2013-01-09 20:15:50 . 2013-09-28 20:40:59              627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d79b9dfe81484ec4.fb.vir
2013-01-09 20:15:49 . 2013-09-28 20:40:59              567 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d2e94710a5708128.fb.vir
2013-01-09 20:15:49 . 2013-09-28 20:40:59            1,022 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\3917078cb68ec657.fb.vir
2013-01-09 20:15:48 . 2013-09-28 20:40:59            1,291 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\28bc8f716fd76a47.fb.vir
2013-01-09 20:15:48 . 2013-01-09 20:14:44           10,936 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\ea65b3487a7c0349.fb.vir
2009-06-15 00:49:21 . 2009-03-30 23:02:08          319,488 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\HP\HPBTWD.exe.vir
 

---------------------------------------------------------------------------

 

Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Boggle Supreme
Broadcom 802.11 Wireless LAN Adapter
calibre
Compatibility Pack for the 2007 Office system
Default Manager
ESET NOD32 Antivirus
Fishdom Seasons Under the Sea 1.00
GoforFiles
Google Chrome
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP BatteryCheck 2.10 A2
HP Doc Viewer
HP Help and Support
HP Mobile Broadband Setup Utility
HP User Guides 0139
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Intel® Graphics Media Accelerator Driver
Invision
Java 7 Update 40
Java Auto Updater
Java 6 Update 11
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Live Search Toolbar
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 6.0 Parser
Mystery Solitaire Secret Island 1.00
OpenAL
Pirate Solitaire 1.00
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio BackOnTrack
Roxio Disaster Recovery
Roxio Instant Restore
Roxio Instant Restore Recovery Disk
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Sophos Anti-Rootkit 1.5.20
Spybot - Search & Destroy
SpywareBlaster 4.6
Synaptics Pointing Device Driver
syncables desktop
Text Twist 2 1.00
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
WebFldrs XP
Windows Backup Utility
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.20 (32-bit)
Xvid Video Codec
Yahoo! Toolbar
 

Link to post
Share on other sites

I'm running RK now...and I am looking for that TDSS text that it gave me last night when I told you I uncheck the module section because it fails to load (initialize). Kept stalling out at 70% three times. I did however run it without checking that module box. I'm looking for the file now.

I'll post as soon as RK is finished...and/or if I can find the TDSS report.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.