TechSpot

Have a virus & can't download anything

Solved
By callaroz
Nov 8, 2013
  1. I ended up in a bit of a tough spot this week! I changed internet service providers and didn't realize that my anti virus that my old isp provided was no longer working. Of course, I ended up with a virus. I'm unable to access many sites and when I try to download anything it says my computer has been infected with a virus. I can't even download anti virus software to try and get rid of it, so I'm not sure what my next step is! Thank you
     
  2. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    What Windows version is it?
     
  3. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Thanks for your response. I have Windows Vista.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    NOTE 1. Use another working computer to download following tool.
    NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  5. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Thank you. Before I start...my only other computer is a Mac. Can I download these program's to a mac or do I need to use another uninfected pc? Thank you
     
  6. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Just an update. I didn't hear back from you, but decided to try it with the Mac.

    The first thing is that your first link for Panda was broken. I was directed to the home page and was able to use the search function to find the appropriate download. When I tried downloading both Panda & Bit Defender, it showed up in my downloads folder, but when I clicked it a bunch of strange text appeared. I do not know how to use a Mac well, so I'm not sure if there is another way to access the download, or if I need to use a PC to do this.

    Thanks again!
     
  7. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    You can't use those programs on Mac so skip that step.
    You can download FRST on Mac though.
     
  8. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    *EDIT*, I think I figured it out. Thanks for your help. Will update as soon as I can :)
     
  9. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013
    Ran by SYSTEM on MINWINPC on 10-11-2013 09:37:03
    Running from J:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Tsa.exe] - C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [10208568 2012-03-09] (TELUS)
    HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [112632 2010-09-17] (Trend Micro Inc.)
    HKLM\...\Run: [TELUS security services] - C:\Program Files\TELUS\TELUS security services\10.0.41.60099\Rps.exe [541400 2012-04-17] (TELUS)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
    HKU\Breanne\...\Run: [Google Update] - [x]
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

    ========================== Services (Whitelisted) =================

    S2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink)
    S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
    S2 Radialpoint Security Services; C:\Program Files\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe [154632 2012-04-17] (TELUS)
    S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] ()
    S2 ServicepointService; C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe [10294584 2012-03-09] (Radialpoint SafeCare Inc.)
    S2 AnviStartupTime; C:\Program Files\Anvisoft\StartupBooster\StartupTimeSrv.exe [x]
    S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
    S4 BrowserProtect; [x]
    S2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [x]
    S2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [x]
    S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ \...\???\{46bdc989-289d-ea48-ab74-525a3982e5a1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

    ==================== Drivers (Whitelisted) ====================

    S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-18] (AMD Technologies Inc.)
    S1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
    S2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)
    S0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
    S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
    S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
    S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
    S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
    S2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio)
    S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-11-10 09:36 - 2013-11-10 09:36 - 00000000 ____D C:\FRST
    2013-11-08 18:45 - 2013-11-08 18:45 - 00000000 ____D C:\Program Files\Panda Security
    2013-11-08 18:45 - 2009-06-30 10:37 - 00028552 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot.sys
    2013-11-08 13:57 - 2013-11-08 13:57 - 00000000 ____D C:\Program Files\ESET
    2013-11-08 13:51 - 2013-11-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-11-08 13:28 - 2013-11-08 13:28 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\QuickScan
    2013-11-07 17:15 - 2013-11-07 17:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2013-10-25 15:08 - 2013-10-25 15:08 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-10-25 15:07 - 2013-10-25 15:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-25 15:07 - 2013-10-25 15:07 - 00000000 ____D C:\Program Files\iPod

    ==================== One Month Modified Files and Folders =======

    2013-11-10 09:36 - 2013-11-10 09:36 - 00000000 ____D C:\FRST
    2013-11-10 09:31 - 2006-11-02 04:47 - 00003344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-10 09:31 - 2006-11-02 04:47 - 00003344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-10 09:30 - 2006-11-02 04:52 - 00073618 _____ C:\Windows\setupact.log
    2013-11-10 09:25 - 2008-08-26 20:08 - 00000000 _____ C:\Windows\System32\LogConfigTemp.xml
    2013-11-10 09:25 - 2008-03-15 15:06 - 00000147 _____ C:\Windows\System32\agent.log
    2013-11-10 09:25 - 2008-01-20 18:47 - 11558808 _____ C:\Windows\PFRO.log
    2013-11-09 09:03 - 2012-11-14 12:45 - 00000000 ____D C:\ProgramData\Radialpoint
    2013-11-09 08:54 - 2006-11-02 02:33 - 00722646 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-11-09 08:51 - 2013-02-13 06:53 - 00102400 _____ C:\Windows\RegBootClean.exe
    2013-11-08 18:45 - 2013-11-08 18:45 - 00000000 ____D C:\Program Files\Panda Security
    2013-11-08 17:50 - 2009-07-01 06:58 - 00007944 _____ C:\Users\Breanne\AppData\Local\d3d9caps.dat
    2013-11-08 13:57 - 2013-11-08 13:57 - 00000000 ____D C:\Program Files\ESET
    2013-11-08 13:51 - 2013-11-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-11-08 13:28 - 2013-11-08 13:28 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\QuickScan
    2013-11-08 11:11 - 2012-11-14 12:45 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\Radialpoint
    2013-11-07 17:15 - 2013-11-07 17:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2013-11-07 17:10 - 2013-03-02 15:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2013-11-07 17:10 - 2011-08-21 13:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2013-11-07 17:10 - 2008-08-26 18:35 - 01123460 _____ C:\Windows\WindowsUpdate.log
    2013-11-07 17:09 - 2011-08-19 22:56 - 00000000 ____D C:\Program Files\Google
    2013-11-07 17:06 - 2009-04-16 07:05 - 00000000 ____D C:\Users\Breanne\AppData\Local\Google
    2013-11-01 15:47 - 2008-03-15 14:59 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-10-25 15:08 - 2013-10-25 15:08 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-10-25 15:08 - 2013-10-25 15:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-25 15:08 - 2010-06-21 07:54 - 00000000 ____D C:\Program Files\iTunes
    2013-10-25 15:07 - 2013-10-25 15:07 - 00000000 ____D C:\Program Files\iPod
    2013-10-25 15:07 - 2008-09-29 12:03 - 00000000 ____D C:\Program Files\Common Files\Apple
    2013-10-23 06:15 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-10-18 12:07 - 2011-08-26 11:21 - 00001923 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-10-18 12:06 - 2011-08-20 11:00 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-10-16 11:31 - 2010-11-21 09:05 - 00000000 ____D C:\Users\Breanne\Desktop\Daycare

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    Files to move or delete:
    ====================
    ZeroAccess:
    C:\Users\Breanne\AppData\Local\Google\Desktop\Install
    ZeroAccess:
    C:\Program Files\Google\Desktop\Install


    Some content of TEMP:
    ====================
    C:\Users\Breanne\AppData\Local\Temp\0.5005427483777525.exe
    C:\Users\Breanne\AppData\Local\Temp\1358930893_dp.exe
    C:\Users\Breanne\AppData\Local\Temp\AMPing.exe
    C:\Users\Breanne\AppData\Local\Temp\AskInstallChecker.exe
    C:\Users\Breanne\AppData\Local\Temp\BingoCafeInstaller.exe
    C:\Users\Breanne\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
    C:\Users\Breanne\AppData\Local\Temp\bstrapInstall.exe
    C:\Users\Breanne\AppData\Local\Temp\burnsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\conduitinstaller.exe
    C:\Users\Breanne\AppData\Local\Temp\contentDATs.exe
    C:\Users\Breanne\AppData\Local\Temp\ffmpeg4.exe
    C:\Users\Breanne\AppData\Local\Temp\ffsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate01.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate02.exe
    C:\Users\Breanne\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
    C:\Users\Breanne\AppData\Local\Temp\fs_health_check.exe
    C:\Users\Breanne\AppData\Local\Temp\GLFC07B.tmp.ConduitEngineSetup.exe
    C:\Users\Breanne\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe
    C:\Users\Breanne\AppData\Local\Temp\HP_Vista_D4100_Ph1.exe
    C:\Users\Breanne\AppData\Local\Temp\ICReinstall_Allmyapps.exe
    C:\Users\Breanne\AppData\Local\Temp\ICSTMP_4045.exe
    C:\Users\Breanne\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Breanne\AppData\Local\Temp\InstallManager_BAB_BAB.exe
    C:\Users\Breanne\AppData\Local\Temp\jna3400670845490457031.dll
    C:\Users\Breanne\AppData\Local\Temp\jna3532275972095609770.dll
    C:\Users\Breanne\AppData\Local\Temp\jna6247437036475420251.dll
    C:\Users\Breanne\AppData\Local\Temp\jna7633095387940453928.dll
    C:\Users\Breanne\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
    C:\Users\Breanne\AppData\Local\Temp\LimeWireWin.exe
    C:\Users\Breanne\AppData\Local\Temp\n1setup.exe
    C:\Users\Breanne\AppData\Local\Temp\nsj5512.exe
    C:\Users\Breanne\AppData\Local\Temp\nsl1FC2.exe
    C:\Users\Breanne\AppData\Local\Temp\nsoA650.exe
    C:\Users\Breanne\AppData\Local\Temp\nsp3B80.exe
    C:\Users\Breanne\AppData\Local\Temp\nsp8192.exe
    C:\Users\Breanne\AppData\Local\Temp\nsu7996.exe
    C:\Users\Breanne\AppData\Local\Temp\nswDB93.exe
    C:\Users\Breanne\AppData\Local\Temp\nsyE3ED.exe
    C:\Users\Breanne\AppData\Local\Temp\prxGLFC07B.tmp.tbSwag.dll
    C:\Users\Breanne\AppData\Local\Temp\RADIALPOINT_RPS.exe
    C:\Users\Breanne\AppData\Local\Temp\RegAsm.exe
    C:\Users\Breanne\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Breanne\AppData\Local\Temp\SPStub.exe
    C:\Users\Breanne\AppData\Local\Temp\swt-awt-win32-3346.dll
    C:\Users\Breanne\AppData\Local\Temp\swt-win32-3346.dll
    C:\Users\Breanne\AppData\Local\Temp\tbKey0.dll
    C:\Users\Breanne\AppData\Local\Temp\tbsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\tbSwa2.dll
    C:\Users\Breanne\AppData\Local\Temp\tbSwag.dll
    C:\Users\Breanne\AppData\Local\Temp\ToolbarHelper.exe
    C:\Users\Breanne\AppData\Local\Temp\ttsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\uninst.exe
    C:\Users\Breanne\AppData\Local\Temp\uninst1.exe
    C:\Users\Breanne\AppData\Local\Temp\uninstall.exe
    C:\Users\Breanne\AppData\Local\Temp\UpdaterCopy.exe
    C:\Users\Breanne\AppData\Local\Temp\UpdUninstall.exe
    C:\Users\Breanne\AppData\Local\Temp\utt3AC7.tmp.exe
    C:\Users\Breanne\AppData\Local\Temp\uttB73B.tmp.exe
    C:\Users\Breanne\AppData\Local\Temp\wlsetup-cvr.exe
    C:\Users\Breanne\AppData\Local\Temp\wpsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\_is2D0D.exe
    C:\Users\Breanne\AppData\Local\Temp\_is5F7D.exe


    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 2814.56 MB
    Available physical RAM: 2483.64 MB
    Total Pagefile: 2721.43 MB
    Available Pagefile: 2582.13 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1955.42 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:180.42 GB) (Free:40.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive h: (DATA) (Fixed) (Total:270.68 GB) (Free:72.26 GB) NTFS
    Drive j: (Transcend) (Removable) (Total:15.08 GB) (Free:14.53 GB) FAT32
    Drive x: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:6.8 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 6AE35D27)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
    Partition 2: (Active) - (Size=180 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=271 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=15 GB) - (Type=0C)


    LastRegBack: 2013-11-10 09:31

    ==================== End Of Log ============================
     
  10. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    *deleted* double post
     
  11. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    See if you can boot and operate your computer normally.

    If so....

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     

    Attached Files:

     
  12. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013
    Ran by SYSTEM at 2013-11-10 11:27:27 Run:1
    Running from D:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    HKU\Breanne\...\Run: [Google Update] - [x]
    S4 BrowserProtect; [x]
    S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ \...\???\{46bdc989-289d-ea48-ab74-525a3982e5a1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
    C:\Windows\assembly\GAC\Desktop.ini
    C:\Users\Breanne\AppData\Local\Google\Desktop\Install
    C:\Program Files\Google\Desktop\Install


    *****************

    HKU\Breanne\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.
    BrowserProtect => Service deleted successfully.
    *etadpug => Unable to delete service
    *etadpug => Service should be removed with FRST outside recovery mode.
    C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
    "C:\Users\Breanne\AppData\Local\Google\Desktop\Install" => Could not move.
    "C:\Program Files\Google\Desktop\Install" => Could not move.

    ==== End of Fixlog ====
     
  13. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    I've tried to download FRST and save it to my desktop. Unfortunately when I do this, it still says the virus scan has failed and will not allow me to download.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Use your Mac to download the following and USB flash drive to transfer it to bad computer's Desktop.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  15. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Thank you for all of your help so far! Here is the FRST and Addition logs

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013
    Ran by Breanne (administrator) on BREANNE-PC on 10-11-2013 11:58:11
    Running from C:\Users\Breanne\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    (CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    (TELUS) C:\Program Files\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Radialpoint SafeCare Inc.) C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (TELUS) C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\system32\conime.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\WscStatusController.exe
    (TELUS) C:\Program Files\TELUS\TELUS security services\10.0.41.60099\Rps.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\WscStatusController.exe
    (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Tsa.exe] - C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [10208568 2012-03-09] (TELUS)
    HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [112632 2010-09-17] (Trend Micro Inc.)
    HKLM\...\Run: [TELUS security services] - C:\Program Files\TELUS\TELUS security services\10.0.41.60099\Rps.exe [541400 2012-04-17] (TELUS)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
    HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.ca/
    HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.ca/
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ax...ByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1271100387
    URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    SearchScopes: HKLM - DefaultScope {A8F2C04A-5079-4DFC-9078-E95052915900} URL =
    SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...ByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1271100387
    SearchScopes: HKCU - DefaultScope {A8F2C04A-5079-4DFC-9078-E95052915900} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3286042&CUI=UN25632235462322517&UM=2
    SearchScopes: HKCU - Backup.Old.DefaultScope {E8096F30-38C0-4B70-97EE-0C4534FF9AF6}
    SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=42
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=5245e47c000000000000001fe2052fda
    SearchScopes: HKCU - {4FA54BCC-2778-6A28-934F-18E0B5033BAA} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
    SearchScopes: HKCU - {A8F2C04A-5079-4DFC-9078-E95052915900} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3286042&CUI=UN25632235462322517&UM=2
    SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
    SearchScopes: HKCU - {E8096F30-38C0-4B70-97EE-0C4534FF9AF6} URL = http://start.funmoods.com/results.p...ByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1271100387
    BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)
    BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll No File
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll No File
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
    DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {76716694-EADA-4810-8C3B-4826328A317F} http://content.dll1.com/Connectus/SmartCouponPrinter/SmartCouponPrinter20080221.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 mswsock.dll File Not found ()
    Winsock: Catalog9 02 mswsock.dll File Not found ()
    Winsock: Catalog9 03 mswsock.dll File Not found ()
    Winsock: Catalog9 04 mswsock.dll File Not found ()
    Winsock: Catalog9 05 mswsock.dll File Not found ()
    Winsock: Catalog9 06 mswsock.dll File Not found ()
    Winsock: Catalog9 07 mswsock.dll File Not found ()
    Winsock: Catalog9 08 mswsock.dll File Not found ()
    Winsock: Catalog9 09 mswsock.dll File Not found ()
    Winsock: Catalog9 10 mswsock.dll File Not found ()
    Winsock: Catalog9 11 mswsock.dll File Not found ()
    Winsock: Catalog9 12 mswsock.dll File Not found ()
    Winsock: Catalog9 13 mswsock.dll File Not found ()
    Winsock: Catalog9 14 mswsock.dll File Not found ()
    Winsock: Catalog9 15 mswsock.dll File Not found ()
    Winsock: Catalog9 16 mswsock.dll File Not found ()
    Winsock: Catalog9 17 mswsock.dll File Not found ()
    Winsock: Catalog9 18 mswsock.dll File Not found ()
    Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.ca/
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Google Talk Plugin) - C:\Users\Breanne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Breanne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Unity Player) - C:\Users\Breanne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
    CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Breanne\AppData\Local\Roblox\Versions\version-5fb0645efa584e24\\NPRobloxProxy.dll No File
    CHR Plugin: (HotWheels Loader) - C:\Users\Breanne\AppData\Local\sswat_hwrc_win_live\npHotWheelsLoader.dll (Mattel, Inc)
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Extension: (YouTube) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Google Wallet) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR Extension: (Gmail) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
    CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Breanne\AppData\Local\funmoods.crx
    CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Breanne\AppData\Local\funmoods-speeddial.crx
    CHR HKLM\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\Breanne\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx
    CHR HKLM\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files\TELUS\TELUS security advisor\ChromeExtension.crx
    CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

    ========================== Services (Whitelisted) =================

    R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink)
    R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
    R2 Radialpoint Security Services; C:\Program Files\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe [154632 2012-04-17] (TELUS)
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] ()
    R2 ServicepointService; C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe [10294584 2012-03-09] (Radialpoint SafeCare Inc.)
    S2 AnviStartupTime; C:\Program Files\Anvisoft\StartupBooster\StartupTimeSrv.exe [x]
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
    S2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [x]
    S2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [x]
    U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ \...\???\{46bdc989-289d-ea48-ab74-525a3982e5a1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

    ==================== Drivers (Whitelisted) ====================

    S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-18] (AMD Technologies Inc.)
    R1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
    R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)
    R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
    R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
    R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
    R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
    R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio)
    S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-11-10 11:56 - 2013-11-10 07:59 - 01090265 _____ (Farbar) C:\Users\Breanne\Desktop\FRST.exe
    2013-11-10 11:52 - 2013-11-10 09:17 - 02132776 _____ (Premium Installer ) C:\Users\Breanne\Desktop\Setup.exe
    2013-11-10 09:36 - 2013-11-10 09:36 - 00000000 ____D C:\FRST
    2013-11-08 18:45 - 2013-11-08 18:45 - 00000000 ____D C:\Program Files\Panda Security
    2013-11-08 18:45 - 2009-06-30 10:37 - 00028552 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot.sys
    2013-11-08 13:57 - 2013-11-08 13:57 - 00000000 ____D C:\Program Files\ESET
    2013-11-08 13:51 - 2013-11-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-11-08 13:28 - 2013-11-08 13:28 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\QuickScan
    2013-11-07 17:15 - 2013-11-07 17:15 - 00000000 __SHD C:\Windows\system32\%APPDATA%
    2013-10-25 15:08 - 2013-10-25 15:08 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-10-25 15:07 - 2013-10-25 15:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-25 15:07 - 2013-10-25 15:07 - 00000000 ____D C:\Program Files\iPod

    ==================== One Month Modified Files and Folders =======

    2013-11-10 11:58 - 2006-11-02 02:33 - 00722646 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-11-10 11:54 - 2012-11-14 12:45 - 00000000 ____D C:\ProgramData\Radialpoint
    2013-11-10 11:51 - 2011-08-19 22:56 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-11-10 11:51 - 2008-08-26 20:08 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
    2013-11-10 11:51 - 2008-03-15 15:06 - 00000147 _____ C:\Windows\system32\agent.log
    2013-11-10 11:51 - 2008-01-20 18:47 - 11559920 _____ C:\Windows\PFRO.log
    2013-11-10 11:51 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-10 11:51 - 2006-11-02 04:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-10 11:51 - 2006-11-02 04:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-10 11:35 - 2006-11-02 05:01 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-11-10 11:19 - 2013-02-13 09:44 - 00000000 _____ C:\Windows\DCEBOOT.LOG
    2013-11-10 10:28 - 2013-02-13 06:53 - 00102400 _____ C:\Windows\RegBootClean.exe
    2013-11-10 10:28 - 2013-02-13 06:53 - 00011264 _____ C:\Windows\DCEBoot.exe
    2013-11-10 10:23 - 2006-11-02 04:52 - 00074413 _____ C:\Windows\setupact.log
    2013-11-10 09:36 - 2013-11-10 09:36 - 00000000 ____D C:\FRST
    2013-11-10 09:17 - 2013-11-10 11:52 - 02132776 _____ (Premium Installer ) C:\Users\Breanne\Desktop\Setup.exe
    2013-11-10 07:59 - 2013-11-10 11:56 - 01090265 _____ (Farbar) C:\Users\Breanne\Desktop\FRST.exe
    2013-11-08 18:45 - 2013-11-08 18:45 - 00000000 ____D C:\Program Files\Panda Security
    2013-11-08 17:50 - 2009-07-01 06:58 - 00007944 _____ C:\Users\Breanne\AppData\Local\d3d9caps.dat
    2013-11-08 13:57 - 2013-11-08 13:57 - 00000000 ____D C:\Program Files\ESET
    2013-11-08 13:51 - 2013-11-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-11-08 13:28 - 2013-11-08 13:28 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\QuickScan
    2013-11-08 13:11 - 2011-08-19 22:56 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-11-08 12:56 - 2013-03-02 15:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-11-08 11:11 - 2012-11-14 12:45 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\Radialpoint
    2013-11-07 17:15 - 2013-11-07 17:15 - 00000000 __SHD C:\Windows\system32\%APPDATA%
    2013-11-07 17:10 - 2013-03-02 15:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2013-11-07 17:10 - 2011-08-21 13:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2013-11-07 17:10 - 2008-08-26 18:35 - 01123460 _____ C:\Windows\WindowsUpdate.log
    2013-11-07 17:09 - 2011-08-19 22:56 - 00000000 ____D C:\Program Files\Google
    2013-11-07 17:06 - 2009-04-16 07:05 - 00000000 ____D C:\Users\Breanne\AppData\Local\Google
    2013-11-01 15:47 - 2008-03-15 14:59 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-10-25 15:08 - 2013-10-25 15:08 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-10-25 15:08 - 2013-10-25 15:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-25 15:08 - 2010-06-21 07:54 - 00000000 ____D C:\Program Files\iTunes
    2013-10-25 15:07 - 2013-10-25 15:07 - 00000000 ____D C:\Program Files\iPod
    2013-10-25 15:07 - 2008-09-29 12:03 - 00000000 ____D C:\Program Files\Common Files\Apple
    2013-10-23 06:15 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-10-18 12:07 - 2011-08-26 11:21 - 00001923 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-10-18 12:06 - 2011-08-20 11:00 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-10-16 11:31 - 2010-11-21 09:05 - 00000000 ____D C:\Users\Breanne\Desktop\Daycare

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    Files to move or delete:
    ====================
    ZeroAccess:
    C:\Users\Breanne\AppData\Local\Google\Desktop\Install
    ZeroAccess:
    C:\Program Files\Google\Desktop\Install


    Some content of TEMP:
    ====================
    C:\Users\Breanne\AppData\Local\Temp\0.5005427483777525.exe
    C:\Users\Breanne\AppData\Local\Temp\1358930893_dp.exe
    C:\Users\Breanne\AppData\Local\Temp\AMPing.exe
    C:\Users\Breanne\AppData\Local\Temp\AskInstallChecker.exe
    C:\Users\Breanne\AppData\Local\Temp\BingoCafeInstaller.exe
    C:\Users\Breanne\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
    C:\Users\Breanne\AppData\Local\Temp\bstrapInstall.exe
    C:\Users\Breanne\AppData\Local\Temp\burnsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\conduitinstaller.exe
    C:\Users\Breanne\AppData\Local\Temp\contentDATs.exe
    C:\Users\Breanne\AppData\Local\Temp\ffmpeg4.exe
    C:\Users\Breanne\AppData\Local\Temp\ffsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate01.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate02.exe
    C:\Users\Breanne\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
    C:\Users\Breanne\AppData\Local\Temp\fs_health_check.exe
    C:\Users\Breanne\AppData\Local\Temp\GLFC07B.tmp.ConduitEngineSetup.exe
    C:\Users\Breanne\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe
    C:\Users\Breanne\AppData\Local\Temp\HP_Vista_D4100_Ph1.exe
    C:\Users\Breanne\AppData\Local\Temp\ICReinstall_Allmyapps.exe
    C:\Users\Breanne\AppData\Local\Temp\ICSTMP_4045.exe
    C:\Users\Breanne\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Breanne\AppData\Local\Temp\InstallManager_BAB_BAB.exe
    C:\Users\Breanne\AppData\Local\Temp\jna3400670845490457031.dll
    C:\Users\Breanne\AppData\Local\Temp\jna3532275972095609770.dll
    C:\Users\Breanne\AppData\Local\Temp\jna6247437036475420251.dll
    C:\Users\Breanne\AppData\Local\Temp\jna7633095387940453928.dll
    C:\Users\Breanne\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
    C:\Users\Breanne\AppData\Local\Temp\LimeWireWin.exe
    C:\Users\Breanne\AppData\Local\Temp\n1setup.exe
    C:\Users\Breanne\AppData\Local\Temp\nsj5512.exe
    C:\Users\Breanne\AppData\Local\Temp\nsl1FC2.exe
    C:\Users\Breanne\AppData\Local\Temp\nsoA650.exe
    C:\Users\Breanne\AppData\Local\Temp\nsp3B80.exe
    C:\Users\Breanne\AppData\Local\Temp\nsp8192.exe
    C:\Users\Breanne\AppData\Local\Temp\nsu7996.exe
    C:\Users\Breanne\AppData\Local\Temp\nswDB93.exe
    C:\Users\Breanne\AppData\Local\Temp\nsyE3ED.exe
    C:\Users\Breanne\AppData\Local\Temp\prxGLFC07B.tmp.tbSwag.dll
    C:\Users\Breanne\AppData\Local\Temp\RADIALPOINT_RPS.exe
    C:\Users\Breanne\AppData\Local\Temp\RegAsm.exe
    C:\Users\Breanne\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Breanne\AppData\Local\Temp\SPStub.exe
    C:\Users\Breanne\AppData\Local\Temp\swt-awt-win32-3346.dll
    C:\Users\Breanne\AppData\Local\Temp\swt-win32-3346.dll
    C:\Users\Breanne\AppData\Local\Temp\tbKey0.dll
    C:\Users\Breanne\AppData\Local\Temp\tbsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\tbSwa2.dll
    C:\Users\Breanne\AppData\Local\Temp\tbSwag.dll
    C:\Users\Breanne\AppData\Local\Temp\ToolbarHelper.exe
    C:\Users\Breanne\AppData\Local\Temp\ttsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\uninst.exe
    C:\Users\Breanne\AppData\Local\Temp\uninst1.exe
    C:\Users\Breanne\AppData\Local\Temp\uninstall.exe
    C:\Users\Breanne\AppData\Local\Temp\UpdaterCopy.exe
    C:\Users\Breanne\AppData\Local\Temp\UpdUninstall.exe
    C:\Users\Breanne\AppData\Local\Temp\utt3AC7.tmp.exe
    C:\Users\Breanne\AppData\Local\Temp\uttB73B.tmp.exe
    C:\Users\Breanne\AppData\Local\Temp\wlsetup-cvr.exe
    C:\Users\Breanne\AppData\Local\Temp\wpsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\_is2D0D.exe
    C:\Users\Breanne\AppData\Local\Temp\_is5F7D.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    LastRegBack: 2013-11-10 11:58


    ==================== End Of Log ============================
     
  16. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013
    Ran by Breanne at 2013-11-10 12:14:44
    Running from C:\Users\Breanne\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: TELUS security services (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
    AS: TELUS security services (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    µTorrent (Version: 2.0.0)
    32 Bit HP CIO Components Installer (Version: 7.1.8)
    Acer Arcade Live Main Page (Version: 1.1.1331)
    Acer Assist
    Acer DV Magician (Version: 1.5.0920)
    Acer DVDivine (Version: 3.2.1109)
    Acer eDataSecurity Management (Version: 3.0.3060)
    Acer Empowering Technology (Version: 3.0.3008)
    Acer eRecovery Management (Version: 3.0.3010)
    Acer eSettings Management (Version: 3.0.3006)
    Acer GameZone Console DTV 2.0.1.1
    Acer HomeMedia (Version: 1.4.1331)
    Acer HomeMedia Connect (Version: 1.4.4931)
    Acer HomeMedia Trial Creator (Version: 1.4.1331)
    Acer Registration
    Acer ScreenSaver (Version: 4.01.0422)
    Acer SlideShow DVD (Version: 1.5.1109)
    Acer VideoMagician (Version: 1.4.1017)
    Acrobat.com (Version: 0.0.0)
    Acrobat.com (Version: 1.1.377)
    Activation Assistant for the 2007 Microsoft Office suites
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
    Adobe AIR (Version: 1.0.4990)
    Adobe AIR (Version: 1.0.8.4990)
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
    Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
    Adobe Reader 9.5.5 (Version: 9.5.5)
    Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
    Alice Greenfingers
    Allmyapps (HKCU Version: 2.0.0.9)
    Allmyapps Packages
    Apple Application Support (Version: 2.3.6)
    Apple Mobile Device Support (Version: 7.0.0.117)
    Apple Software Update (Version: 2.1.3.127)
    ATI Catalyst Install Manager (Version: 3.0.664.0)
    Backspin Billiards
    Big Kahuna Reef
    Bonjour (Version: 3.0.0.10)
    Bookworm Deluxe
    Bricks of Egypt
    BrowserProtect
    BufferChm (Version: 82.0.173.000)
    Cake Mania
    Canon G.726 WMP-Decoder (Version: 1.1.0.4)
    Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
    Canon Utilities CameraWindow (Version: 7.0.0.8)
    Canon Utilities CameraWindow DC (Version: 7.0.1.16)
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.1.15)
    Canon Utilities MyCamera (Version: 6.4.0.5)
    Canon Utilities MyCamera DC (Version: 7.0.0.5)
    Canon Utilities PhotoStitch (Version: 3.1.20.44)
    Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
    Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
    Canon Utilities ZoomBrowser EX (Version: 6.0.0.246)
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center Core Implementation (Version: 2008.0309.2141.36947)
    Catalyst Control Center Graphics Full Existing (Version: 2008.0309.2141.36947)
    Catalyst Control Center Graphics Full New (Version: 2008.0309.2141.36947)
    Catalyst Control Center Graphics Light (Version: 2008.0309.2141.36947)
    Catalyst Control Center Graphics Previews Vista (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Chinese Standard (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Chinese Traditional (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Czech (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Danish (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Dutch (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Finnish (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization French (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization German (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Greek (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Hungarian (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Italian (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Japanese (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Korean (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Norwegian (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Polish (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Portuguese (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Russian (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Spanish (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Swedish (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Thai (Version: 2008.0309.2141.36947)
    Catalyst Control Center Localization Turkish (Version: 2008.0309.2141.36947)
    CCC Help Chinese Standard (Version: 2008.0309.2140.36947)
    CCC Help Chinese Traditional (Version: 2008.0309.2140.36947)
    CCC Help Czech (Version: 2008.0309.2140.36947)
    CCC Help Danish (Version: 2008.0309.2140.36947)
    CCC Help Dutch (Version: 2008.0309.2140.36947)
    CCC Help English (Version: 2008.0309.2140.36947)
    CCC Help Finnish (Version: 2008.0309.2140.36947)
    CCC Help French (Version: 2008.0309.2140.36947)
    CCC Help German (Version: 2008.0309.2140.36947)
    CCC Help Greek (Version: 2008.0309.2140.36947)
    CCC Help Hungarian (Version: 2008.0309.2140.36947)
    CCC Help Italian (Version: 2008.0309.2140.36947)
    CCC Help Japanese (Version: 2008.0309.2140.36947)
    CCC Help Korean (Version: 2008.0309.2140.36947)
    CCC Help Norwegian (Version: 2008.0309.2140.36947)
    CCC Help Polish (Version: 2008.0309.2140.36947)
    CCC Help Portuguese (Version: 2008.0309.2140.36947)
    CCC Help Russian (Version: 2008.0309.2140.36947)
    CCC Help Spanish (Version: 2008.0309.2140.36947)
    CCC Help Swedish (Version: 2008.0309.2140.36947)
    CCC Help Thai (Version: 2008.0309.2140.36947)
    CCC Help Turkish (Version: 2008.0309.2140.36947)
    ccc-core-static (Version: 2008.0309.2141.36947)
    ccc-utility (Version: 2008.0309.2141.36947)
    Chicken Invaders 3
    D3DX10 (Version: 15.4.2368.0902)
    D4100 (Version: 82.0.233.000)
    D4100_Help (Version: 82.0.233.000)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations (Version: 82.0.173.000)
    DeviceManagementQFolder (Version: 1.00.0000)
    Diner Dash Flo on the Go
    DivX Setup (Version: 2.6.1.32)
    Driver Whiz (Version: 8.0.1)
    Easy Video Convert
    ESET Online Scanner v3
    eSobi v2 (Version: 2.0.3.000189)
    Express Burn
    Express Dictate
    ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
    Flip Words 2
    Google Chrome (Version: 30.0.1599.101)
    Google Update Helper (Version: 1.3.21.165)
    HP Deskjet & Photosmart Printer Driver Software 8.0.A (Version: 8.0)
    HP Imaging Device Functions 8.0 (Version: 8.0)
    HP Photosmart Essential (Version: 1.12.0.46)
    HP Product Detection (Version: 10.7.9.0)
    HP Update (Version: 5.005.000.002)
    HPDiagnosticAlert (Version: 1.00.0000)
    HPSSupply (Version: 2.1.3.0000)
    iCloud (Version: 2.1.2.8)
    iTunes (Version: 11.1.2.32)
    J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120)
    Java Auto Updater (Version: 2.0.7.1)
    Java(TM) 6 Update 33 (Version: 6.0.330)
    Java(TM) 6 Update 7 (Version: 1.6.0.70)
    Jewel Quest Solitaire
    K-Lite Codec Pack 3.4.5 Full (Version: 3.45)
    LightScribe 1.4.142.1 (Version: 1.4.142.1)
    Mahjong Escape Ancient China
    Mahjongg Artifacts
    McAfee Security Scan Plus (Version: 3.8.130.8)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
    Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
    Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
    Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Works (Version: 08.05.0818)
    Minecraft version 1.5.1 (Version: 1.5.1)
    Monster Trucks Nitro
    MSVCRT (Version: 15.4.2862.0708)
    MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
    MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    Mystery Case Files - Huntsville
    NTI Backup Now 5 (Version: 5.1.2.103)
    NTI Backup Now Standard (Version: 5.1.2.103)
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
    Panda ActiveScan 2.0 (Version: 01.04.01.0014)
    QuickTime (Version: 7.74.80.86)
    RollerCoaster Tycoon 3: Platinum!
    Segoe UI (Version: 15.4.2271.0615)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SF_CDA_ProductContext (Version: 82.0.233.000)
    SF_CDA_Software (Version: 82.0.233.000)
    Sid Meier's Civilization IV (Version: 1.61.0000)
    Skins (Version: 2008.0309.2141.36947)
    Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
    Status (Version: 82.0.173.000)
    Steam (Version: 1.0.0.0)
    Stedman's Plus Standard Edition
    swMSM (Version: 12.0.0.1)
    TELUS security advisor 4.1.18 (Version: 4.1.18)
    TELUS security services (Version: 10.0.41)
    TELUS security services (Version: 3.0)
    TELUS security services (Version: 3.00)
    Toolbox (Version: 82.0.173.000)
    TrayApp (Version: 82.0.188.000)
    Trials 2 Second Edition
    UnloadSupport (Version: 1.00.0000)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
    VLC media player 2.0.6 (Version: 2.0.6)
    WebReg (Version: 82.0.173.000)
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3555.0308)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
    Windows Live Movie Maker (Version: 15.4.3502.0922)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live Photo Gallery (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    WinRAR archiver
    Yahoo! Detect
    Zuma Deluxe

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0F9C2DBB-415C-4B41-81EB-21146042C9C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {13EF9090-938F-4AFE-BFDE-36EB5B996C38} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31] (Microsoft Corporation)
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {30559351-29BF-4DE5-A8A4-8E3606E9F735} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {3AE1D666-18F5-4E94-AA26-7F44318464AD} - System32\Tasks\{83BC461D-2195-43CF-A719-49007F00C88C} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.59.119&amp;LastError=12002
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {400D0D73-70CA-47CF-92CD-837911B44375} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Breanne\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [2013-04-25] ()
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
    Task: {62EFA56B-02F4-4279-9174-B017C3C81438} - System32\Tasks\{1FAF7DE8-BE3F-407A-A01C-75FFE8027491} => Iexplore.exe http://ui.skype.com/ui/0/5.5.59.119...d,google-chrome:notoffered;systemlevelpresent
    Task: {768576A5-4171-4F51-BFBB-55EF4A8CEF99} - System32\Tasks\0 => Iexplore.exe
    Task: {7B655CA2-12A5-47AA-B769-EF06E9F4B8BF} - System32\Tasks\4880 => C:\Users\Breanne\AppData\Local\Temp\launchie.vbsC:\Users\Breanne\AppData\Local\Temp\launchie.vbs //B
    Task: {8D76DE36-FE7B-41E7-B13D-E782B49AA6EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
    Task: {9AA02624-605A-47A1-80EE-559EB6BB0AF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-07] (Adobe Systems Incorporated)
    Task: {DE8D6B04-CC13-46C3-A537-E06829F86638} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-19] (Google Inc.)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AllmyappsUpdateTask.job => C:\Users\Breanne\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe

    ==================== Loaded Modules (whitelisted) =============

    2009-09-16 21:29 - 2009-04-10 22:28 - 00223232 _____ () C:\Windows\system32\MSWSOCK.dll
    2010-02-08 11:35 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
    2008-04-08 22:14 - 2008-08-30 03:59 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
    2012-11-14 13:16 - 2010-09-17 13:14 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
    2012-11-14 13:16 - 2010-09-17 13:14 - 00057344 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
    2009-09-16 21:29 - 2009-04-10 22:28 - 00223232 _____ () C:\Windows\system32\mswsock.dll
    2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-11-14 13:19 - 2012-04-17 18:44 - 01963848 _____ () C:\Program Files\TELUS\TELUS security services\10.0.41.60099\toolsosxR.dll
    2012-11-14 13:19 - 2010-10-21 16:23 - 00841728 _____ () C:\Program Files\TELUS\TELUS security services\10.0.41.60099\xulrunner\js3250.dll
    2012-11-14 13:15 - 2010-09-17 12:32 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll
    2012-11-14 13:15 - 2010-09-17 12:32 - 00057344 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:131C0EE9
    AlternateDataStreams: C:\ProgramData\TEMP:193426B4
    AlternateDataStreams: C:\ProgramData\TEMP:2B99FE60
    AlternateDataStreams: C:\ProgramData\TEMP:2C595FF3
    AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
    AlternateDataStreams: C:\ProgramData\TEMP:4240575B
    AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
    AlternateDataStreams: C:\ProgramData\TEMP:4F636E25
    AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
    AlternateDataStreams: C:\ProgramData\TEMP:793F316E
    AlternateDataStreams: C:\ProgramData\TEMP:8173A019
    AlternateDataStreams: C:\ProgramData\TEMP:861A898F
    AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
    AlternateDataStreams: C:\ProgramData\TEMP:9F683177
    AlternateDataStreams: C:\ProgramData\TEMP:B623B5B8
    AlternateDataStreams: C:\ProgramData\TEMP:C95B63DA
    AlternateDataStreams: C:\ProgramData\TEMP:EC2246A6
    AlternateDataStreams: C:\ProgramData\TEMP:FC420CE6
    AlternateDataStreams: C:\Users\Breanne\Desktop\Bike.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Breanne\Desktop\MVI_1667.AVI:TOC.WMV

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network => "DualDesk"=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/10/2013 10:26:39 AM) (Source: Application Error) (User: )
    Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
    process id 0x119c, application start time 0xsvchost.exe0.

    Error: (11/10/2013 10:22:14 AM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 9.0.8112.16514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: a48
    Start Time: 01cede41864316b7
    Termination Time: 0

    Error: (11/09/2013 08:51:33 AM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 9.0.8112.16514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 6d4
    Start Time: 01cedd6bddcfa578
    Termination Time: 0

    Error: (11/08/2013 01:18:15 PM) (Source: EventSystem) (User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (11/08/2013 01:15:59 PM) (Source: EventSystem) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (11/08/2013 07:42:35 AM) (Source: EventSystem) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (11/08/2013 01:35:01 AM) (Source: Application Error) (User: )
    Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module mshtml.dll, version 9.0.8112.16514, time stamp 0x523ec657, exception code 0xc00000fd, fault offset 0x00414e00,
    process id 0x1668, application start time 0xsvchost.exe0.

    Error: (11/07/2013 04:13:56 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10219

    Error: (11/07/2013 04:13:56 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10219

    Error: (11/07/2013 04:13:56 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: Internet Connection Sharing (ICS)Base Filtering Engine%%5

    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: McAfee Anti-Spam Service%%3

    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: McAfee SiteAdvisor Service%%3

    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: IKE and AuthIP IPsec Keying ModulesBase Filtering Engine%%5

    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: Diagnostic Policy Service%%1290

    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: AnviStartupTime%%2

    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: Computer Browser%%1060

    Error: (11/10/2013 11:52:06 AM) (Source: Service Control Manager) (User: )
    Description: Base Filtering Engine%%5

    Error: (11/10/2013 11:52:05 AM) (Source: WMPNetworkSvc) (User: )
    Description: WMPNetworkSvc0x80070424

    Error: (11/10/2013 11:29:41 AM) (Source: Service Control Manager) (User: )
    Description: Internet Connection Sharing (ICS)Base Filtering Engine%%5


    Microsoft Office Sessions:
    =========================
    Error: (11/10/2013 10:26:39 AM) (Source: Application Error)(User: )
    Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000500000000119c01cede42527a9197

    Error: (11/10/2013 10:22:14 AM) (Source: Application Hang)(User: )
    Description: iexplore.exe9.0.8112.16514a4801cede41864316b70

    Error: (11/09/2013 08:51:33 AM) (Source: Application Hang)(User: )
    Description: iexplore.exe9.0.8112.165146d401cedd6bddcfa5780

    Error: (11/08/2013 01:18:15 PM) (Source: EventSystem)(User: )
    Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

    Error: (11/08/2013 01:15:59 PM) (Source: EventSystem)(User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (11/08/2013 07:42:35 AM) (Source: EventSystem)(User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

    Error: (11/08/2013 01:35:01 AM) (Source: Application Error)(User: )
    Description: svchost.exe6.0.6001.1800047918b89mshtml.dll9.0.8112.16514523ec657c00000fd00414e00166801cedc653749a106

    Error: (11/07/2013 04:13:56 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10219

    Error: (11/07/2013 04:13:56 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10219

    Error: (11/07/2013 04:13:56 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    CodeIntegrity Errors:
    ===================================
    Date: 2013-02-11 21:00:26.784
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-11 21:00:26.249
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-11 20:57:54.230
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-11 20:57:53.780
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-11 20:51:33.459
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-02-11 20:51:32.802
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll because the set of per-page image hashes could not be found on the system.

    Date: 2012-11-14 13:19:03.874
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Trend Micro\Titanium\Remove.exe because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-06 23:53:10.746
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Shaw Secure\Spam Control\fsscoepl.dll because the set of per-page image hashes could not be found on the system.

    Date: 2012-06-06 23:53:10.366
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Shaw Secure\Spam Control\fsscoepl.dll because the set of per-page image hashes could not be found on the system.

    Date: 2012-03-02 23:47:15.222
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Shaw Secure\Spam Control\fsscoepl.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 40%
    Total physical RAM: 2814.45 MB
    Available physical RAM: 1671.45 MB
    Total Pagefile: 5877.44 MB
    Available Pagefile: 4876.31 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1895.67 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:180.42 GB) (Free:40.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:270.68 GB) (Free:72.26 GB) NTFS
    Drive j: (Transcend) (Removable) (Total:15.08 GB) (Free:14.53 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 6AE35D27)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
    Partition 2: (Active) - (Size=180 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=271 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=15 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Using same way....Mac to USB to bad computer.....

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Re-run FRST one more time and post new log.
     

    Attached Files:

  18. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    I just want to clarify. It says that both FRST and fixlist.txt need to be in the same location. If I have them both saved to my desktop, this is considered to be the same location? Thank you :)
     
  19. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Yes, exactly.
     
  20. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013
    Ran by Breanne at 2013-11-10 12:56:34 Run:2
    Running from C:\Users\Breanne\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
    BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll No File
    Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{46bdc989-289d-ea48-ab74-525a3982e5a1}\ \...\???\{46bdc989-289d-ea48-ab74-525a3982e5a1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
    C:\Windows\assembly\GAC\Desktop.ini
    C:\Users\Breanne\AppData\Local\Google\Desktop\Install
    C:\Program Files\Google\Desktop\Install
    DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    AlternateDataStreams: C:\ProgramData\TEMP:131C0EE9
    AlternateDataStreams: C:\ProgramData\TEMP:193426B4
    AlternateDataStreams: C:\ProgramData\TEMP:2B99FE60
    AlternateDataStreams: C:\ProgramData\TEMP:2C595FF3
    AlternateDataStreams: C:\ProgramData\TEMP:3E7393FC
    AlternateDataStreams: C:\ProgramData\TEMP:4240575B
    AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
    AlternateDataStreams: C:\ProgramData\TEMP:4F636E25
    AlternateDataStreams: C:\ProgramData\TEMP:580E04D8
    AlternateDataStreams: C:\ProgramData\TEMP:793F316E
    AlternateDataStreams: C:\ProgramData\TEMP:8173A019
    AlternateDataStreams: C:\ProgramData\TEMP:861A898F
    AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
    AlternateDataStreams: C:\ProgramData\TEMP:9F683177
    AlternateDataStreams: C:\ProgramData\TEMP:B623B5B8
    AlternateDataStreams: C:\ProgramData\TEMP:C95B63DA
    AlternateDataStreams: C:\ProgramData\TEMP:EC2246A6
    AlternateDataStreams: C:\ProgramData\TEMP:FC420CE6
    AlternateDataStreams: C:\Users\Breanne\Desktop\Bike.avi:TOC.WMV
    AlternateDataStreams: C:\Users\Breanne\Desktop\MVI_1667.AVI:TOC.WMV
    *****************

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
    HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} => Key deleted successfully.
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} => Value deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
    HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    *etadpug => Service deleted successfully.
    C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.

    "C:\Users\Breanne\AppData\Local\Google\Desktop\Install" directory move:

    Could not move "C:\Users\Breanne\AppData\Local\Google\Desktop\Install" directory. => Scheduled to move on reboot.


    "C:\Program Files\Google\Desktop\Install" directory move:

    Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
    "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
    C:\ProgramData\TEMP => ":131C0EE9" ADS removed successfully.
    C:\ProgramData\TEMP => ":193426B4" ADS removed successfully.
    C:\ProgramData\TEMP => ":2B99FE60" ADS removed successfully.
    C:\ProgramData\TEMP => ":2C595FF3" ADS removed successfully.
    C:\ProgramData\TEMP => ":3E7393FC" ADS removed successfully.
    C:\ProgramData\TEMP => ":4240575B" ADS removed successfully.
    C:\ProgramData\TEMP => ":4CF61E54" ADS removed successfully.
    C:\ProgramData\TEMP => ":4F636E25" ADS removed successfully.
    C:\ProgramData\TEMP => ":580E04D8" ADS removed successfully.
    C:\ProgramData\TEMP => ":793F316E" ADS removed successfully.
    C:\ProgramData\TEMP => ":8173A019" ADS removed successfully.
    C:\ProgramData\TEMP => ":861A898F" ADS removed successfully.
    C:\ProgramData\TEMP => ":9E22BBE8" ADS removed successfully.
    C:\ProgramData\TEMP => ":9F683177" ADS removed successfully.
    C:\ProgramData\TEMP => ":B623B5B8" ADS removed successfully.
    C:\ProgramData\TEMP => ":C95B63DA" ADS removed successfully.
    C:\ProgramData\TEMP => ":EC2246A6" ADS removed successfully.
    C:\ProgramData\TEMP => ":FC420CE6" ADS removed successfully.
    C:\Users\Breanne\Desktop\Bike.avi => ":TOC.WMV" ADS removed successfully.
    C:\Users\Breanne\Desktop\MVI_1667.AVI => ":TOC.WMV" ADS removed successfully.

    =========== Result of Scheduled Files to move ===========

    C:\Users\Breanne\AppData\Local\Google\Desktop\Install => Is moved successfully.
    C:\Program Files\Google\Desktop\Install => Deleted successfully.

    ==== End of Fixlog ====
     
  21. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013
    Ran by Breanne (administrator) on BREANNE-PC on 10-11-2013 13:31:16
    Running from C:\Users\Breanne\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\system32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
    (TELUS) C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    (CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    (Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    (TELUS) C:\Program Files\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe
    () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    (Radialpoint SafeCare Inc.) C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (TELUS) C:\Program Files\TELUS\TELUS security services\10.0.41.60099\Rps.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Tsa.exe] - C:\Program Files\TELUS\TELUS security advisor\Tsa.exe [10208568 2012-03-09] (TELUS)
    HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [112632 2010-09-17] (Trend Micro Inc.)
    HKLM\...\Run: [TELUS security services] - C:\Program Files\TELUS\TELUS security services\10.0.41.60099\Rps.exe [541400 2012-04-17] (TELUS)
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()
    HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\Default User\...\RunOnce: [RUN] - C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.ca/
    HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.ca/
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ax...ByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1271100387
    URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    SearchScopes: HKLM - DefaultScope {A8F2C04A-5079-4DFC-9078-E95052915900} URL =
    SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.p...ByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1271100387
    SearchScopes: HKCU - DefaultScope {A8F2C04A-5079-4DFC-9078-E95052915900} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3286042&CUI=UN25632235462322517&UM=2
    SearchScopes: HKCU - Backup.Old.DefaultScope {E8096F30-38C0-4B70-97EE-0C4534FF9AF6}
    SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=42
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&mntrId=5245e47c000000000000001fe2052fda
    SearchScopes: HKCU - {4FA54BCC-2778-6A28-934F-18E0B5033BAA} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
    SearchScopes: HKCU - {A8F2C04A-5079-4DFC-9078-E95052915900} URL = http://search.conduit.com/ResultsEx...4&ctid=CT3286042&CUI=UN25632235462322517&UM=2
    SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
    SearchScopes: HKCU - {E8096F30-38C0-4B70-97EE-0C4534FF9AF6} URL = http://start.funmoods.com/results.p...ByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1271100387
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)
    BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
    DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {76716694-EADA-4810-8C3B-4826328A317F} http://content.dll1.com/Connectus/SmartCouponPrinter/SmartCouponPrinter20080221.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1091\TmIEPlg.dll (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.ca/
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
    CHR Plugin: (Google Talk Plugin) - C:\Users\Breanne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Breanne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Unity Player) - C:\Users\Breanne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
    CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Breanne\AppData\Local\Roblox\Versions\version-5fb0645efa584e24\\NPRobloxProxy.dll No File
    CHR Plugin: (HotWheels Loader) - C:\Users\Breanne\AppData\Local\sswat_hwrc_win_live\npHotWheelsLoader.dll (Mattel, Inc)
    CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Extension: (YouTube) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Google Wallet) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR Extension: (Gmail) - C:\Users\Breanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
    CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Breanne\AppData\Local\funmoods.crx
    CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Breanne\AppData\Local\funmoods-speeddial.crx
    CHR HKLM\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\Breanne\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx
    CHR HKLM\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files\TELUS\TELUS security advisor\ChromeExtension.crx
    CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

    ========================== Services (Whitelisted) =================

    R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink)
    R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
    R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-02-25] ()
    R2 Radialpoint Security Services; C:\Program Files\TELUS\TELUS security services\10.0.41.60099\RpsSecurityAwareR.exe [154632 2012-04-17] (TELUS)
    R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] ()
    R2 ServicepointService; C:\Program Files\TELUS\TELUS security advisor\ServicepointService.exe [10294584 2012-03-09] (Radialpoint SafeCare Inc.)
    S2 AnviStartupTime; C:\Program Files\Anvisoft\StartupBooster\StartupTimeSrv.exe [x]
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
    S2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [x]
    S2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    S4 ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [170000 2007-12-18] (AMD Technologies Inc.)
    R1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
    R2 int15; C:\Windows\system32\drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)
    R0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
    R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2010-09-17] (Trend Micro Inc.)
    R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2010-09-17] (Trend Micro Inc.)
    R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2010-09-17] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2010-09-17] (Trend Micro Inc.)
    R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio)
    S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-11-10 12:14 - 2013-11-10 12:14 - 00030389 _____ C:\Users\Breanne\Desktop\Addition.txt
    2013-11-10 11:56 - 2013-11-10 07:59 - 01090265 _____ (Farbar) C:\Users\Breanne\Desktop\FRST.exe
    2013-11-10 11:52 - 2013-11-10 09:17 - 02132776 _____ (Premium Installer ) C:\Users\Breanne\Desktop\Setup.exe
    2013-11-10 09:36 - 2013-11-10 13:00 - 00000000 ____D C:\FRST
    2013-11-08 18:45 - 2013-11-08 18:45 - 00000000 ____D C:\Program Files\Panda Security
    2013-11-08 18:45 - 2009-06-30 10:37 - 00028552 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot.sys
    2013-11-08 13:57 - 2013-11-08 13:57 - 00000000 ____D C:\Program Files\ESET
    2013-11-08 13:51 - 2013-11-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-11-08 13:28 - 2013-11-08 13:28 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\QuickScan
    2013-11-07 17:15 - 2013-11-07 17:15 - 00000000 __SHD C:\Windows\system32\%APPDATA%
    2013-10-25 15:08 - 2013-10-25 15:08 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-10-25 15:07 - 2013-10-25 15:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-25 15:07 - 2013-10-25 15:07 - 00000000 ____D C:\Program Files\iPod

    ==================== One Month Modified Files and Folders =======

    2013-11-10 13:11 - 2011-08-19 22:56 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-11-10 13:06 - 2006-11-02 02:33 - 00722646 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-11-10 13:00 - 2013-11-10 09:36 - 00000000 ____D C:\FRST
    2013-11-10 12:59 - 2008-08-26 20:08 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
    2013-11-10 12:58 - 2011-08-19 22:56 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-11-10 12:58 - 2008-03-15 15:06 - 00000147 _____ C:\Windows\system32\agent.log
    2013-11-10 12:58 - 2008-01-20 18:47 - 11561204 _____ C:\Windows\PFRO.log
    2013-11-10 12:58 - 2006-11-02 05:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-11-10 12:58 - 2006-11-02 04:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-11-10 12:58 - 2006-11-02 04:47 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-11-10 12:57 - 2006-11-02 05:01 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-11-10 12:47 - 2012-11-14 12:45 - 00000000 ____D C:\ProgramData\Radialpoint
    2013-11-10 12:42 - 2013-03-02 15:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-11-10 12:14 - 2013-11-10 12:14 - 00030389 _____ C:\Users\Breanne\Desktop\Addition.txt
    2013-11-10 11:19 - 2013-02-13 09:44 - 00000000 _____ C:\Windows\DCEBOOT.LOG
    2013-11-10 10:28 - 2013-02-13 06:53 - 00102400 _____ C:\Windows\RegBootClean.exe
    2013-11-10 10:28 - 2013-02-13 06:53 - 00011264 _____ C:\Windows\DCEBoot.exe
    2013-11-10 10:23 - 2006-11-02 04:52 - 00074413 _____ C:\Windows\setupact.log
    2013-11-10 09:17 - 2013-11-10 11:52 - 02132776 _____ (Premium Installer ) C:\Users\Breanne\Desktop\Setup.exe
    2013-11-10 07:59 - 2013-11-10 11:56 - 01090265 _____ (Farbar) C:\Users\Breanne\Desktop\FRST.exe
    2013-11-08 18:45 - 2013-11-08 18:45 - 00000000 ____D C:\Program Files\Panda Security
    2013-11-08 17:50 - 2009-07-01 06:58 - 00007944 _____ C:\Users\Breanne\AppData\Local\d3d9caps.dat
    2013-11-08 13:57 - 2013-11-08 13:57 - 00000000 ____D C:\Program Files\ESET
    2013-11-08 13:51 - 2013-11-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2013-11-08 13:28 - 2013-11-08 13:28 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\QuickScan
    2013-11-08 11:11 - 2012-11-14 12:45 - 00000000 ____D C:\Users\Breanne\AppData\Roaming\Radialpoint
    2013-11-07 17:15 - 2013-11-07 17:15 - 00000000 __SHD C:\Windows\system32\%APPDATA%
    2013-11-07 17:10 - 2013-03-02 15:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2013-11-07 17:10 - 2011-08-21 13:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2013-11-07 17:10 - 2008-08-26 18:35 - 01123460 _____ C:\Windows\WindowsUpdate.log
    2013-11-07 17:09 - 2011-08-19 22:56 - 00000000 ____D C:\Program Files\Google
    2013-11-07 17:06 - 2009-04-16 07:05 - 00000000 ____D C:\Users\Breanne\AppData\Local\Google
    2013-11-01 15:47 - 2008-03-15 14:59 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-10-25 15:08 - 2013-10-25 15:08 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-10-25 15:08 - 2013-10-25 15:07 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-25 15:08 - 2010-06-21 07:54 - 00000000 ____D C:\Program Files\iTunes
    2013-10-25 15:07 - 2013-10-25 15:07 - 00000000 ____D C:\Program Files\iPod
    2013-10-25 15:07 - 2008-09-29 12:03 - 00000000 ____D C:\Program Files\Common Files\Apple
    2013-10-23 06:15 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-10-18 12:07 - 2011-08-26 11:21 - 00001923 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2013-10-18 12:06 - 2011-08-20 11:00 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2013-10-16 11:31 - 2010-11-21 09:05 - 00000000 ____D C:\Users\Breanne\Desktop\Daycare

    Some content of TEMP:
    ====================
    C:\Users\Breanne\AppData\Local\Temp\0.5005427483777525.exe
    C:\Users\Breanne\AppData\Local\Temp\1358930893_dp.exe
    C:\Users\Breanne\AppData\Local\Temp\AMPing.exe
    C:\Users\Breanne\AppData\Local\Temp\AskInstallChecker.exe
    C:\Users\Breanne\AppData\Local\Temp\BingoCafeInstaller.exe
    C:\Users\Breanne\AppData\Local\Temp\bitdefender_isecurity_[quickscan].exe
    C:\Users\Breanne\AppData\Local\Temp\bstrapInstall.exe
    C:\Users\Breanne\AppData\Local\Temp\burnsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\conduitinstaller.exe
    C:\Users\Breanne\AppData\Local\Temp\contentDATs.exe
    C:\Users\Breanne\AppData\Local\Temp\ffmpeg4.exe
    C:\Users\Breanne\AppData\Local\Temp\ffsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate01.exe
    C:\Users\Breanne\AppData\Local\Temp\FlashPlayerUpdate02.exe
    C:\Users\Breanne\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
    C:\Users\Breanne\AppData\Local\Temp\fs_health_check.exe
    C:\Users\Breanne\AppData\Local\Temp\GLFC07B.tmp.ConduitEngineSetup.exe
    C:\Users\Breanne\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe
    C:\Users\Breanne\AppData\Local\Temp\HP_Vista_D4100_Ph1.exe
    C:\Users\Breanne\AppData\Local\Temp\ICReinstall_Allmyapps.exe
    C:\Users\Breanne\AppData\Local\Temp\ICSTMP_4045.exe
    C:\Users\Breanne\AppData\Local\Temp\InstallFlashPlayer.exe
    C:\Users\Breanne\AppData\Local\Temp\InstallManager_BAB_BAB.exe
    C:\Users\Breanne\AppData\Local\Temp\jna3400670845490457031.dll
    C:\Users\Breanne\AppData\Local\Temp\jna3532275972095609770.dll
    C:\Users\Breanne\AppData\Local\Temp\jna6247437036475420251.dll
    C:\Users\Breanne\AppData\Local\Temp\jna7633095387940453928.dll
    C:\Users\Breanne\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
    C:\Users\Breanne\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
    C:\Users\Breanne\AppData\Local\Temp\LimeWireWin.exe
    C:\Users\Breanne\AppData\Local\Temp\n1setup.exe
    C:\Users\Breanne\AppData\Local\Temp\nsj5512.exe
    C:\Users\Breanne\AppData\Local\Temp\nsl1FC2.exe
    C:\Users\Breanne\AppData\Local\Temp\nsoA650.exe
    C:\Users\Breanne\AppData\Local\Temp\nsp3B80.exe
    C:\Users\Breanne\AppData\Local\Temp\nsp8192.exe
    C:\Users\Breanne\AppData\Local\Temp\nsu7996.exe
    C:\Users\Breanne\AppData\Local\Temp\nswDB93.exe
    C:\Users\Breanne\AppData\Local\Temp\nsyE3ED.exe
    C:\Users\Breanne\AppData\Local\Temp\prxGLFC07B.tmp.tbSwag.dll
    C:\Users\Breanne\AppData\Local\Temp\RADIALPOINT_RPS.exe
    C:\Users\Breanne\AppData\Local\Temp\RegAsm.exe
    C:\Users\Breanne\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Breanne\AppData\Local\Temp\SPStub.exe
    C:\Users\Breanne\AppData\Local\Temp\swt-awt-win32-3346.dll
    C:\Users\Breanne\AppData\Local\Temp\swt-win32-3346.dll
    C:\Users\Breanne\AppData\Local\Temp\tbKey0.dll
    C:\Users\Breanne\AppData\Local\Temp\tbsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\tbSwa2.dll
    C:\Users\Breanne\AppData\Local\Temp\tbSwag.dll
    C:\Users\Breanne\AppData\Local\Temp\ToolbarHelper.exe
    C:\Users\Breanne\AppData\Local\Temp\ttsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\uninst.exe
    C:\Users\Breanne\AppData\Local\Temp\uninst1.exe
    C:\Users\Breanne\AppData\Local\Temp\uninstall.exe
    C:\Users\Breanne\AppData\Local\Temp\UpdaterCopy.exe
    C:\Users\Breanne\AppData\Local\Temp\UpdUninstall.exe
    C:\Users\Breanne\AppData\Local\Temp\utt3AC7.tmp.exe
    C:\Users\Breanne\AppData\Local\Temp\uttB73B.tmp.exe
    C:\Users\Breanne\AppData\Local\Temp\wlsetup-cvr.exe
    C:\Users\Breanne\AppData\Local\Temp\wpsetup.exe
    C:\Users\Breanne\AppData\Local\Temp\_is2D0D.exe
    C:\Users\Breanne\AppData\Local\Temp\_is5F7D.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-11-10 13:17

    ==================== End Of Log ============================
     
  22. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    My computer seems to be working normally and I'm able to download things again. THANK YOU!!!! I really appreciate you taking the time out of your day to help me with this.

    After reviewing my logs, if it appears the problem as been solved, what do I do next? My internet service provider provides "Shaw Secure by McAfee" for free. What anti-virus program do you most recommend I should download? Thank you.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Good job :)

    Since your computer was very seriously infected we need to run some extra scans to make sure all bad guys are gone.

    You're fine with McAfee.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  24. callaroz

    callaroz TS Rookie Topic Starter Posts: 41

    RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Breanne [Admin rights]
    Mode : Remove -- Date : 11/10/2013 14:43:11
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] aploader.exe -- C:\Users\Breanne\AppData\Local\Temp\McInstallTemp\SelfProtect\Win32\aploader.exe [7] -> ERROR [5]

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : MISPInst ("C:\Users\Breanne\AppData\Local\Temp\McInstallTemp\Install.exe" /Resume /Restart /Resume /Restart [7]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-3660761015-3852519600-1510374513-1000\[...]\RunOnce : MISPInst ("C:\Users\Breanne\AppData\Local\Temp\McInstallTemp\Install.exe" /Resume /Restart /Resume /Restart [7]) -> [0x2] The system cannot find the file specified.
    [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 3 ¤¤¤
    [V1][SUSP PATH] AllmyappsUpdateTask.job : C:\Users\Breanne\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe - check startup [7][x] -> DELETED
    [V2][ROGUE ST] 4880 : wscript.exe - C:\Users\Breanne\AppData\Local\Temp\launchie.vbs //B -> DELETED
    [V2][SUSP PATH] AllmyappsUpdateTask : c:\users\breanne\appdata\roaming\allmyapps\allmyappsupdater.exe - check startup [7][x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Address] SSDT[64] : NtCreateKey @ 0x82440168 -> HOOKED (Unknown @ 0x86B91B00)
    [Address] SSDT[67] : NtCreateMutant @ 0x82471993 -> HOOKED (Unknown @ 0x86BC4A60)
    [Address] SSDT[72] : NtCreateProcess @ 0x824E300D -> HOOKED (Unknown @ 0x86B90600)
    [Address] SSDT[73] : NtCreateProcessEx @ 0x824E3058 -> HOOKED (Unknown @ 0x86B90900)
    [Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x82411349 -> HOOKED (Unknown @ 0x86BC4E20)
    [Address] SSDT[78] : NtCreateThread @ 0x824E2E40 -> HOOKED (Unknown @ 0x86BC43A0)
    [Address] SSDT[123] : NtDeleteKey @ 0x82403749 -> HOOKED (Unknown @ 0x86B92100)
    [Address] SSDT[126] : NtDeleteValueKey @ 0x823FECEA -> HOOKED (Unknown @ 0x86B92A00)
    [Address] SSDT[129] : NtDuplicateObject @ 0x82449579 -> HOOKED (Unknown @ 0x86BC5000)
    [Address] SSDT[165] : NtLoadDriver @ 0x823BCE12 -> HOOKED (Unknown @ 0x86BC4760)
    [Address] SSDT[194] : NtOpenProcess @ 0x8247212F -> HOOKED (Unknown @ 0x86B90F00)
    [Address] SSDT[197] : NtOpenSection @ 0x8246278C -> HOOKED (Unknown @ 0x86BC4020)
    [Address] SSDT[201] : NtOpenThread @ 0x8246D62B -> HOOKED (Unknown @ 0x86B91200)
    [Address] SSDT[267] : NtRenameKey @ 0x824A5864 -> HOOKED (Unknown @ 0x86B92400)
    [Address] SSDT[280] : NtRestoreKey @ 0x824A3F6A -> HOOKED (Unknown @ 0x86B92700)
    [Address] SSDT[317] : NtSetSystemInformation @ 0x82437F1E -> HOOKED (Unknown @ 0x86BC4C40)
    [Address] SSDT[324] : NtSetValueKey @ 0x8242F405 -> HOOKED (Unknown @ 0x86B91E00)
    [Address] SSDT[334] : NtTerminateProcess @ 0x8244216B -> HOOKED (Unknown @ 0x86B91500)
    [Address] SSDT[335] : NtTerminateThread @ 0x8246D660 -> HOOKED (Unknown @ 0x86B91800)
    [Address] SSDT[358] : NtWriteVirtualMemory @ 0x8245EA27 -> HOOKED (Unknown @ 0x86BC41C0)
    [Address] SSDT[382] : NtCreateThreadEx @ 0x8246D115 -> HOOKED (Unknown @ 0x86BC4580)
    [Address] SSDT[383] : NtCreateUserProcess @ 0x8241AC47 -> HOOKED (Unknown @ 0x86B90C00)
    [Address] Shadow SSDT[572] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x86BC7620)
    [Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86BC7400)
    [Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x364C0366)
    [Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x364C0366)
    [Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x364C0366)
    [Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x68F54927)
    [Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x68F54984)
    [Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x68F72BC2)
    [Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x68F5FA79)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDP725050GLA380 ATA Device +++++
    --- User ---
    [MBR] d801d540590e50213ae995d4fb103b2f
    [BSP] 026ed5352cde1f035ab7e2b82024356d : Acer MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 184754 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409110528 | Size: 277178 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_11102013_144311.txt >>
    RKreport[0]_S_11102013_143852.txt
     
  25. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    MBAR?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.