Jump to content

Making sure it's clean


Recommended Posts

I'm helping a friend with her computer that got infected.  It looks like it was Trojan.0Access...

 

The machine has McAfee and it didn't seem to be able to remove when it detected a problem in desktop.ini so I created a different user account and scanned with Malwarebytes root kit scanner while in safe mode.  It looks like it cleaned it, but how can I be sure?  If I run a full scan with Malwarebytes and come up clean, am I good?  Or is there some other deeper check that should be done?  And should there still be desktop.ini files if this has been cleaned?  Or do I need to go in and clean those out by hand?

 

This looks like a particularly PITA root kit so I want to make sure I've got it all.  Thanks in advance.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

 

Kevin

Link to post
Share on other sites

Attached the Addition.txt file as requested... Addition.txt

 

Here is the FRST.txt...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2013 01
Ran by AntiVirus (administrator) on FISHTANK on 27-10-2013 15:39:05
Running from C:\Users\AntiVirus\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [382248 2013-06-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-14] (Realtek Semiconductor)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-17] (Google Inc.)
MountPoints2: {ab27d512-6116-11e0-bd7f-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-27] (AVAST Software)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\Program Files (x86)\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe [159744 2009-03-24] ()
HKU\Laura\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKU\Laura\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)
HKU\Laura\...\Run: [Google Update] - C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-14] (Google Inc.)
HKU\Laura\...\Run: [HP Photosmart 5520 series (NET)] - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Laura\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Laura\...\Run: [Google Update] - C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-14] (Google Inc.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AntiVirus\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0
CHR Extension: (avast! Online Security) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Skype Click to Call) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ANTIVI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-27] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
S2 HPSLPSVC; C:\Users\Laura\AppData\Local\Temp\7zS737C\7zS34AC\7zS3BB6\hpslpsvc64.dll [1039360 2013-02-06] (Hewlett-Packard Co.)
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-14] (Realtek Semiconductor)
S4 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b73a1789-0201-7845-3b95-6983abd87d97}\   \...\???\{b73a1789-0201-7845-3b95-6983abd87d97}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
S2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-27] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-27] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-27] ()
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-02] (Broadcom Corporation.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\system32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-05-24] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motport; system32\DRIVERS\motport.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-27 15:38 - 2013-10-27 15:38 - 01956442 _____ (Farbar) C:\Users\AntiVirus\Downloads\FRST64.exe
2013-10-27 15:38 - 2013-10-27 15:38 - 00000000 ____D C:\FRST
2013-10-27 12:55 - 2013-10-27 12:55 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\AVAST Software
2013-10-27 12:53 - 2013-10-27 12:53 - 00001977 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 12:53 - 2013-10-27 12:52 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 12:53 - 2013-10-27 12:52 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 12:53 - 2013-10-27 12:52 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 12:53 - 2013-10-27 12:52 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 12:53 - 2013-10-27 12:52 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 12:53 - 2013-10-27 12:52 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-27 12:52 - 2013-10-27 12:52 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 12:52 - 2013-10-27 12:52 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-27 12:52 - 2013-10-27 12:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 12:52 - 2013-10-27 12:52 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-27 12:52 - 2013-10-27 12:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-27 12:49 - 2013-10-27 12:49 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-27 12:48 - 2013-10-27 12:48 - 00123880 _____ C:\Users\AntiVirus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-27 09:51 - 2013-10-27 09:52 - 85269544 _____ (AVAST Software) C:\Users\AntiVirus\Downloads\avast_free_antivirus_setup.exe
2013-10-27 09:49 - 2013-10-27 10:23 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-27 09:48 - 2013-10-27 10:24 - 00000000 ____D C:\Users\AntiVirus\Desktop\Root
2013-10-27 09:48 - 2013-10-27 09:48 - 12576792 _____ (Malwarebytes Corp.) C:\Users\AntiVirus\Downloads\mbar-1.07.0.1007.exe
2013-10-27 09:47 - 2013-10-27 09:47 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\Google
2013-10-27 09:47 - 2013-10-27 09:47 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\Adobe
2013-10-27 09:46 - 2013-10-27 09:46 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-27 09:46 - 2013-10-27 09:46 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\Malwarebytes
2013-10-27 09:45 - 2013-10-27 09:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-27 09:45 - 2013-10-27 09:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\AntiVirus\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-27 09:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-26 18:30 - 2013-10-27 09:47 - 00000000 ____D C:\Users\AntiVirus\AppData\Local\Google
2013-10-26 18:30 - 2013-10-27 09:44 - 00002270 _____ C:\Users\AntiVirus\Desktop\Google Chrome.lnk
2013-10-26 18:30 - 2013-10-26 18:30 - 00001458 _____ C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-26 18:30 - 2013-10-26 18:30 - 00001424 _____ C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-10-26 18:30 - 2013-10-26 18:30 - 00000020 ___SH C:\Users\AntiVirus\ntuser.ini
2013-10-26 18:30 - 2013-10-26 18:30 - 00000000 ___RD C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-26 18:30 - 2013-10-26 18:30 - 00000000 ___RD C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-26 18:30 - 2013-10-26 18:30 - 00000000 ____D C:\Users\AntiVirus\AppData\Local\VirtualStore
2013-10-26 18:30 - 2013-07-30 19:35 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\TuneUp Software
2013-10-26 18:30 - 2013-06-21 10:59 - 00000000 ____D C:\Users\AntiVirus\AppData\LocalGoogle
2013-10-26 18:30 - 2011-12-06 20:49 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\Macromedia
2013-10-26 18:30 - 2011-07-28 05:16 - 00000000 ____D C:\Users\AntiVirus\AppData\Local\Microsoft Help
2013-10-26 18:30 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-26 18:30 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-26 18:29 - 2013-10-26 18:30 - 00000000 ____D C:\Users\AntiVirus
2013-10-26 14:58 - 2013-10-27 10:21 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-25 13:10 - 2013-10-25 13:10 - 00103832 _____ C:\Users\Laura\GoToAssistDownloadHelper.exe
2013-10-25 10:18 - 2013-10-25 10:18 - 00000000 ____D C:\Users\Laura\AppData\Roaming\McAfee
2013-10-22 17:41 - 2013-10-27 13:04 - 00036630 _____ C:\Windows\PFRO.log
2013-10-22 17:40 - 2013-10-22 17:40 - 00000000 _____ C:\asc_rdflag
2013-10-22 17:26 - 2013-10-27 13:02 - 00002364 _____ C:\Windows\setupact.log
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-22 17:24 - 2013-04-17 20:20 - 00026432 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2013-10-22 17:11 - 2013-10-22 17:12 - 00000000 ____D C:\ProgramData\IObit
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\Users\Laura\AppData\Roaming\IObit
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Apple Computer
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\Program Files (x86)\IObit
2013-10-22 16:56 - 2013-10-22 17:07 - 23398360 _____ (IObit                                                       ) C:\Users\Laura\Downloads\asc-setup.exe
2013-10-22 16:53 - 2013-09-04 05:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-22 16:53 - 2013-09-04 05:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-22 16:53 - 2013-09-04 05:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-22 16:53 - 2013-09-04 05:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-22 16:53 - 2013-09-04 05:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-22 16:53 - 2013-09-04 05:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-22 16:53 - 2013-09-04 05:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-15 10:24 - 2013-10-15 12:04 - 00000000 ____D C:\Users\Laura\Documents\AAA Mileage
2013-10-10 03:12 - 2013-09-22 08:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 03:12 - 2013-09-22 08:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 03:12 - 2013-09-22 07:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 03:12 - 2013-09-22 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 03:12 - 2013-09-22 07:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-10 03:12 - 2013-09-22 07:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 03:12 - 2013-09-22 07:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-10 03:12 - 2013-09-22 07:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 03:12 - 2013-09-22 07:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-10 03:12 - 2013-09-22 07:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 03:12 - 2013-09-22 07:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-10 03:12 - 2013-09-22 07:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 03:12 - 2013-09-22 07:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 03:12 - 2013-09-22 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-10 03:12 - 2013-09-22 07:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 03:12 - 2013-09-22 07:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 03:12 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 03:12 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 03:12 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 03:12 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-10 03:12 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 03:12 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 03:12 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-10 03:12 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 03:12 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-10 03:12 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 03:12 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-10 03:12 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 03:12 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 03:12 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 03:12 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-10 03:12 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 23:12 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 23:12 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:12 - 2013-07-12 03:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 23:12 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 23:12 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 23:12 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 23:12 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 23:12 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 23:12 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 23:12 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 23:12 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 23:12 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 23:12 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 23:12 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 23:12 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 23:12 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 23:11 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 23:11 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 23:10 - 2013-09-13 18:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 23:10 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 23:10 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 23:10 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 23:10 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 23:10 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 23:10 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 23:10 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 23:10 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 23:10 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 23:10 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 23:10 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 23:10 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 23:10 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 23:10 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 23:10 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:10 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:10 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 23:10 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 23:10 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:09 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 23:09 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 23:09 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 23:09 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 23:09 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 23:09 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 23:09 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 23:09 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 23:09 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 19:13 - 2013-10-09 19:16 - 00010338 _____ C:\Users\Laura\Desktop\Budget 10.9.13.xlsx
2013-10-02 18:02 - 2013-10-02 18:02 - 02253016 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
2013-10-02 18:02 - 2013-10-02 18:02 - 02232024 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
2013-10-02 18:02 - 2013-10-02 18:02 - 00170712 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2013-10-02 18:02 - 2013-10-02 18:02 - 00166104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2013-10-02 18:02 - 2013-10-02 18:02 - 00066264 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
2013-09-30 14:19 - 2013-10-24 09:54 - 00000000 ____D C:\Users\Laura\Desktop\Federal Forms
 
==================== One Month Modified Files and Folders =======
 
2013-10-27 15:38 - 2013-10-27 15:38 - 01956442 _____ (Farbar) C:\Users\AntiVirus\Downloads\FRST64.exe
2013-10-27 15:38 - 2013-10-27 15:38 - 00000000 ____D C:\FRST
2013-10-27 13:09 - 2009-07-13 22:13 - 00726254 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 13:04 - 2013-10-22 17:41 - 00036630 _____ C:\Windows\PFRO.log
2013-10-27 13:04 - 2012-06-10 22:52 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-10-27 13:02 - 2013-10-22 17:26 - 00002364 _____ C:\Windows\setupact.log
2013-10-27 13:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2013-10-27 13:01 - 2011-04-07 06:01 - 01402679 _____ C:\Windows\WindowsUpdate.log
2013-10-27 12:57 - 2011-05-04 18:41 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-27 12:55 - 2013-10-27 12:55 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\AVAST Software
2013-10-27 12:53 - 2013-10-27 12:53 - 00001977 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 12:52 - 2013-10-27 12:53 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 12:52 - 2013-10-27 12:53 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 12:52 - 2013-10-27 12:53 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 12:52 - 2013-10-27 12:53 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 12:52 - 2013-10-27 12:53 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 12:52 - 2013-10-27 12:53 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-10-27 12:52 - 2013-10-27 12:52 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 12:52 - 2013-10-27 12:52 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-10-27 12:52 - 2013-10-27 12:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 12:52 - 2013-10-27 12:52 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-27 12:52 - 2013-10-27 12:52 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-27 12:49 - 2013-10-27 12:49 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-27 12:48 - 2013-10-27 12:48 - 00123880 _____ C:\Users\AntiVirus\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-27 12:37 - 2013-06-26 19:17 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078737145-1151105967-3883727586-1000UA.job
2013-10-27 12:34 - 2012-04-04 08:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 12:14 - 2012-01-17 15:12 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 10:29 - 2009-07-13 21:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-27 10:29 - 2009-07-13 21:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-27 10:24 - 2013-10-27 09:48 - 00000000 ____D C:\Users\AntiVirus\Desktop\Root
2013-10-27 10:23 - 2013-10-27 09:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-27 10:22 - 2012-01-17 15:12 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 10:21 - 2013-10-26 14:58 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-10-27 10:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-27 09:52 - 2013-10-27 09:51 - 85269544 _____ (AVAST Software) C:\Users\AntiVirus\Downloads\avast_free_antivirus_setup.exe
2013-10-27 09:48 - 2013-10-27 09:48 - 12576792 _____ (Malwarebytes Corp.) C:\Users\AntiVirus\Downloads\mbar-1.07.0.1007.exe
2013-10-27 09:47 - 2013-10-27 09:47 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\Google
2013-10-27 09:47 - 2013-10-27 09:47 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\Adobe
2013-10-27 09:47 - 2013-10-26 18:30 - 00000000 ____D C:\Users\AntiVirus\AppData\Local\Google
2013-10-27 09:46 - 2013-10-27 09:46 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-27 09:46 - 2013-10-27 09:46 - 00000000 ____D C:\Users\AntiVirus\AppData\Roaming\Malwarebytes
2013-10-27 09:46 - 2013-10-27 09:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-27 09:45 - 2013-10-27 09:45 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\AntiVirus\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-27 09:44 - 2013-10-26 18:30 - 00002270 _____ C:\Users\AntiVirus\Desktop\Google Chrome.lnk
2013-10-27 09:37 - 2013-07-13 20:15 - 00001545 _____ C:\QcOSD.txt
2013-10-27 09:36 - 2013-08-25 09:44 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-10-26 18:37 - 2013-06-26 19:17 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3078737145-1151105967-3883727586-1000Core.job
2013-10-26 18:30 - 2013-10-26 18:30 - 00001458 _____ C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-26 18:30 - 2013-10-26 18:30 - 00001424 _____ C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-10-26 18:30 - 2013-10-26 18:30 - 00000020 ___SH C:\Users\AntiVirus\ntuser.ini
2013-10-26 18:30 - 2013-10-26 18:30 - 00000000 ___RD C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-26 18:30 - 2013-10-26 18:30 - 00000000 ___RD C:\Users\AntiVirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-26 18:30 - 2013-10-26 18:30 - 00000000 ____D C:\Users\AntiVirus\AppData\Local\VirtualStore
2013-10-26 18:30 - 2013-10-26 18:29 - 00000000 ____D C:\Users\AntiVirus
2013-10-26 16:45 - 2013-04-23 20:53 - 00000000 ___RD C:\Users\Laura\Dropbox
2013-10-26 16:45 - 2013-04-23 20:49 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Dropbox
2013-10-26 16:44 - 2013-05-20 10:31 - 00000000 ___RD C:\Users\Laura\Google Drive
2013-10-26 16:26 - 2009-07-13 21:45 - 00437536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-26 11:40 - 2011-05-04 18:41 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-10-26 11:39 - 2011-05-04 18:41 - 00003492 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-10-26 11:19 - 2011-09-23 00:10 - 00000000 ____D C:\Users\Laura\Documents\Outlook Files
2013-10-25 13:10 - 2013-10-25 13:10 - 00103832 _____ C:\Users\Laura\GoToAssistDownloadHelper.exe
2013-10-25 13:10 - 2011-04-14 22:24 - 00000000 ____D C:\Users\Laura
2013-10-25 12:40 - 2013-09-05 15:04 - 00000000 ____D C:\Users\Laura\Desktop\MASTER
2013-10-25 12:40 - 2013-08-26 16:22 - 00000000 ____D C:\Users\Laura\Desktop\Officeteam
2013-10-25 10:18 - 2013-10-25 10:18 - 00000000 ____D C:\Users\Laura\AppData\Roaming\McAfee
2013-10-25 10:14 - 2011-05-05 17:05 - 00000000 ____D C:\ProgramData\McAfee
2013-10-25 09:39 - 2011-05-04 14:37 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Mozilla
2013-10-24 10:12 - 2013-09-11 11:19 - 00000000 ____D C:\Users\Laura\Desktop\Resume Versions
2013-10-24 09:54 - 2013-09-30 14:19 - 00000000 ____D C:\Users\Laura\Desktop\Federal Forms
2013-10-24 08:04 - 2013-05-26 08:14 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-24 08:03 - 2013-05-26 08:14 - 00000000 ____D C:\ProgramData\Garmin
2013-10-24 08:03 - 2012-06-21 13:52 - 00000000 ____D C:\Program Files (x86)\Garmin
2013-10-23 23:42 - 2012-10-14 10:50 - 00000000 ____D C:\Users\Laura\AppData\Roaming\MediaMonkey
2013-10-23 20:45 - 2013-07-11 15:58 - 00000000 ____D C:\Users\Laura\AppData\Local\LogMeIn Rescue Applet
2013-10-23 20:00 - 2013-01-31 15:24 - 00000000 ____D C:\Users\Laura\Documents\Resume Project
2013-10-23 19:26 - 2013-06-30 17:36 - 00000000 ____D C:\Users\Laura\AppData\Roaming\HpUpdate
2013-10-23 12:13 - 2012-01-17 15:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-23 12:12 - 2012-01-17 15:11 - 00000000 ____D C:\Users\Laura\AppData\Local\Google
2013-10-22 18:15 - 2011-05-05 16:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-22 18:15 - 2009-07-13 19:34 - 00000513 _____ C:\Windows\win.ini
2013-10-22 17:40 - 2013-10-22 17:40 - 00000000 _____ C:\asc_rdflag
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 _____ C:\Windows\setuperr.log
2013-10-22 17:24 - 2012-09-02 17:48 - 00000000 ____D C:\Windows\Minidump
2013-10-22 17:24 - 2009-07-24 10:29 - 00000000 ____D C:\Windows\Panther
2013-10-22 17:17 - 2011-05-04 21:54 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Skype
2013-10-22 17:12 - 2013-10-22 17:11 - 00000000 ____D C:\ProgramData\IObit
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\Users\Laura\AppData\Roaming\IObit
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Apple Computer
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-22 17:11 - 2013-10-22 17:11 - 00000000 ____D C:\Program Files (x86)\IObit
2013-10-22 17:07 - 2013-10-22 16:56 - 23398360 _____ (IObit                                                       ) C:\Users\Laura\Downloads\asc-setup.exe
2013-10-18 12:55 - 2011-09-23 00:12 - 00000000 ____D C:\Users\Laura\Documents\Moving, travel
2013-10-17 20:18 - 2012-10-31 15:08 - 00000000 ____D C:\Users\Laura\Documents\Workability
2013-10-17 07:56 - 2011-05-04 18:41 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-15 21:00 - 2011-05-04 18:41 - 00004232 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-10-15 12:04 - 2013-10-15 10:24 - 00000000 ____D C:\Users\Laura\Documents\AAA Mileage
2013-10-15 11:01 - 2013-09-11 11:37 - 00000000 ____D C:\Users\Laura\Desktop\Cover Versions
2013-10-15 10:26 - 2011-12-03 17:04 - 03991552 ___SH C:\Users\Laura\Desktop\Thumbs.db
2013-10-14 12:16 - 2011-11-19 10:37 - 00000000 ____D C:\Users\Laura\Documents\on USB
2013-10-13 07:35 - 2013-04-23 20:49 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-13 07:35 - 2011-04-14 22:27 - 00000000 ___RD C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-11 18:32 - 2013-06-26 19:17 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3078737145-1151105967-3883727586-1000UA
2013-10-11 18:32 - 2013-06-26 19:17 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3078737145-1151105967-3883727586-1000Core
2013-10-10 04:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 03:34 - 2013-03-15 08:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 03:34 - 2013-03-15 08:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 03:07 - 2013-07-13 19:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 03:04 - 2011-05-04 15:09 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 19:16 - 2013-10-09 19:13 - 00010338 _____ C:\Users\Laura\Desktop\Budget 10.9.13.xlsx
2013-10-09 15:09 - 2012-01-17 15:12 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 15:09 - 2012-01-17 15:12 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-09 14:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-09 08:54 - 2012-04-04 08:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 08:54 - 2012-04-04 08:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 08:54 - 2011-06-10 09:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 11:10 - 2013-09-19 13:20 - 00000000 ____D C:\Users\Laura\Desktop\Sched A
2013-10-07 22:35 - 2011-09-23 00:12 - 00000000 ____D C:\Users\Laura\Documents\Recipes
2013-10-02 18:02 - 2013-10-02 18:02 - 02253016 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
2013-10-02 18:02 - 2013-10-02 18:02 - 02232024 _____ (Broadcom Corporation.) C:\Windows\system32\BcmBtRSupport.dll
2013-10-02 18:02 - 2013-10-02 18:02 - 00170712 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2013-10-02 18:02 - 2013-10-02 18:02 - 00166104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2013-10-02 18:02 - 2013-10-02 18:02 - 00066264 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
2013-10-02 14:13 - 2013-07-05 14:34 - 00000000 ____D C:\Users\Laura\Documents\Career Connections
2013-09-30 08:46 - 2013-09-18 20:03 - 00014254 _____ C:\Users\Laura\Desktop\dept research.xlsx
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\Laura\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
 
Some content of TEMP:
====================
C:\Users\Laura\AppData\Local\Temp\InstallFlashPlayer.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-23 11:55
 
==================== End Of Log ============================
Link to post
Share on other sites

The system is still infected with ZeroAccess, unfortunately there is also illegal entries running in the Hosts file to defeat Adobe software activation, that is against Forum Protocol. All help ceases...

 

If you wish to question this decision you can contact a moderator for a second opinion....

Link to post
Share on other sites

OK, I give benefit of doubt, just continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the log

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Let me see those logs...

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Fixlog.txt included below.  Waiting on Quick Scan to run and will post that log once complete.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2013 01
Ran by AntiVirus at 2013-10-27 16:51:33 Run:1
Running from C:\Users\AntiVirus\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
Start
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b73a1789-0201-7845-3b95-6983abd87d97}\   \...\???\{b73a1789-0201-7845-3b95-6983abd87d97}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Laura\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Laura\AppData\Local\Temp\InstallFlashPlayer.exe
2009-07-13 19:34 - 2011-05-06 15:58 - 00001848 ____A C:\Windows\system32\Drivers\etc\hosts
End
 
 
 
*****************
 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
*etadpug => Service deleted successfully.
C:\Users\Laura\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\Users\Laura\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Here is the AdwCleaner log that opened after reboot.  When I ran AdwCleaner the first time I was in Safe Mode but the reboot loaded in Normal mode, should I run AdwCleaner scan again in Normal mode?

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 17:09:04
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : AntiVirus - FISHTANK
# Running from : C:\Users\AntiVirus\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16514
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\AntiVirus\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3346 octets] - [27/10/2013 17:03:53]
AdwCleaner[s0].txt - [3317 octets] - [27/10/2013 17:09:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3377 octets] ##########
Link to post
Share on other sites

Here is the log from the clean in Normal mode.  I would point out that when the clean ran I got a notification pop-up that chrome detected ad blocked an attempt to change my default search settings - not sure if that defeated the clean action or not...?

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 17:26:21
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : AntiVirus - FISHTANK
# Running from : C:\Users\AntiVirus\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16514
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\AntiVirus\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3346 octets] - [27/10/2013 17:03:53]
AdwCleaner[R1].txt - [981 octets] - [27/10/2013 17:25:09]
AdwCleaner[s0].txt - [3469 octets] - [27/10/2013 17:09:04]
AdwCleaner[s1].txt - [903 octets] - [27/10/2013 17:26:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [962 octets] ##########
Link to post
Share on other sites

It's responding fine and the windows firewall settings are now properly reflecting that they are controlled by McAfee (they were looking kind of jacked up before and I couldn't look at the advanced rules list).

 

The one problem that seems to exist is that when I went in under her profile (instead of the one I created for trying to work on the machine) her Chrome browser gave me a popup when it first opened that says... "Your preferences can not be read. Some features may be unavailable and changes to preferences won't be saved."

 

So I ran AdwCleaner while logged in under her profile and I get this in the report (below).  I'm assuming I should run the clean and see what the report is after that, right?  Or do I need to step back to an earlier step while under her profile?

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 17:59:16
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Laura - FISHTANK
# Running from : C:\Temp\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\AntiVirus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3346 octets] - [27/10/2013 17:03:53]
AdwCleaner[R1].txt - [981 octets] - [27/10/2013 17:25:09]
AdwCleaner[R2].txt - [1275 octets] - [27/10/2013 17:59:16]
AdwCleaner[s0].txt - [3469 octets] - [27/10/2013 17:09:04]
AdwCleaner[s1].txt - [1041 octets] - [27/10/2013 17:26:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1455 octets] ##########

Link to post
Share on other sites

Yes run the clean function, when that completes we continue:

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Finally...

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin

Link to post
Share on other sites

Here is the log from security check.

 

 Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 45 
 Java version out of Date!
  Adobe Flash Player 11.5.502.146 Flash Player out of Date! 
 Google Chrome 30.0.1599.101 
 Google Chrome 30.0.1599.69 
````````Process Check: objlist.exe by Laurent```````` 
 McAfee VirusScan mcods.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your version of Java is up to date, the alert can be ignored.

 

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

 

Let me know if you have any remaining issues or concerns...

Link to post
Share on other sites

Things seem to be good.  I've tried launching a few programs and nothing seems to be having any issues.

 

I'll give the computer back to her and see if she can keep herself out of trouble now.

 

Thanks so much for your help in walking through these steps and helping me ensure this got cleaned off.  I really, really appreciate you guys providing your time to help with stuff like this.

Link to post
Share on other sites

We need to clean up tools etc,  do the following:

 

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Any other tools/logs left on the Desktop etc can be deleted..

 

let me know if those steps complete ok, also if any remaining issues/concerns..

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.