Help please. Rootkit.0.Access found.

[lnr123bsr]

Yes, I ran fixdamage.exe but I don't think I rebooted last time. So I ran it again and rebooted. There was no message that anything was found.

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01

Ran by Leslie at 2013-11-12 08:42:16

Running from C:\Users\Leslie\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)

Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.2.0)

Adobe Acrobat 9.2.0 - CPSID_50026

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (Version: 11.6.602.180)

Adobe Reader 9.2 (Version: 9.2.0)

AIO_Scan (Version: 130.0.365.000)

Aleks 3.15

Apple Application Support (Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (Version: 2.1.3.127)

Bonjour (Version: 3.0.0.10)

BufferChm (Version: 130.0.331.000)

C7200 (Version: 130.0.365.000)

C7200_Help (Version: 100.0.206.000)

Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.0.1.2)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)

Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)

Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)

Canon Personal Printing Guide (Version: 1.0.0.1)

Canon PowerShot SX120 IS Camera User Guide (Version: 1.0.1.2)

Canon Utilities CameraWindow (Version: 7.3.0.4)

Canon Utilities CameraWindow DC (Version: 7.4.1.10)

Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19)

Canon Utilities MyCamera (Version: 7.3.0.5)

Canon Utilities PhotoStitch (Version: 3.1.22.46)

Canon Utilities ZoomBrowser EX (Version: 6.4.0.7)

Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)

Citrix Online Launcher (Version: 1.0.110)

Citrix online plug-in - web (Version: 12.1.0.30)

Citrix online plug-in (DV) (Version: 12.1.0.30)

Citrix online plug-in (HDX) (Version: 12.1.0.30)

Citrix online plug-in (USB) (Version: 12.1.0.30)

Citrix online plug-in (Web) (Version: 12.1.0.30)

Copy (Version: 130.0.428.000)

Dell Backup and Recovery Manager (Version: 1.1.0)

Dell Edoc Viewer (Version: 1.0.0)

Destinations (Version: 130.0.0.0)

DeviceDiscovery (Version: 130.0.465.000)

DocProc (Version: 13.0.0.0)

Dropbox (HKCU Version: 2.0.22)

ESET Online Scanner v3

Fax (Version: 130.0.418.000)

GoToMeeting 5.7.0.1172 (HKCU Version: 5.7.0.1172)

GPBaseService2 (Version: 130.0.371.000)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0)

HP Photosmart Essential 3.5 (Version: 3.5)

HP Smart Web Printing 4.51 (Version: 4.51)

HP Solution Center 13.0 (Version: 13.0)

HP Update (Version: 4.000.011.006)

HPPhotoGadget (Version: 130.0.282.000)

HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000)

HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000)

HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)

hpphotosmartdisclabelplugin (Version: 2.04.0000)

HPPhotosmartEssential (Version: 2.04.0000)

HPProductAssistant (Version: 130.0.371.000)

Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2869)

Intel® TV Wizard

Intel® Matrix Storage Manager

Internet Explorer (Enable DEP)

iTunes (Version: 11.1.1.11)

iVideo Converter

Junk Mail filter update (Version: 14.0.8089.726)

LiveReg (Symantec Corporation) (Version: 2.3.0.1833)

LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Maxtor Backup (Version: 1.00.0011)

Maxtor OneTouch III (Version: 3.00.0015)

Memeo Instant Backup (Version: 4.60.0.7252)

MFCLOC (Version: 1.00.0000)

Microsoft .NET Framework 4.5 (Version: 4.5.50709)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)

Microsoft Office Basic 2007 (Version: 12.0.4518.1014)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)

Microsoft Search Enhancement Pack (Version: 1.2.123.0)

Microsoft Silverlight (Version: 4.0.60831.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010)

Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)

Mozilla Maintenance Service (Version: 21.0)

MSVCRT (Version: 14.0.1468.721)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)

NETGEAR Genie (Version: 2.2.27.1 )

Network (Version: 130.0.572.000)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

PowerDVD DX (Version: 8.3.5424)

PS_AIO_02_ProductContext (Version: 130.0.365.000)

PS_AIO_02_Software (Version: 130.0.365.000)

PS_AIO_02_Software_Min (Version: 130.0.365.000)

QuickBooks (Version: 23.0.4007.2305)

QuickBooks Pro 2013 (Version: 23.0.4006.2305)

QuickTime (Version: 7.69.80.9)

Realtek High Definition Audio Driver (Version: 6.0.1.5859)

Roxio Creator Audio (Version: 3.7.0)

Roxio Creator Copy (Version: 3.7.0)

Roxio Creator Data (Version: 3.7.0)

Roxio Creator DE 10.3 (Version: 10.3)

Roxio Creator DE 10.3 (Version: 3.7.0)

Roxio Creator Tools (Version: 3.7.0)

Roxio Express Labeler 3 (Version: 3.2.2)

Roxio Update Manager (Version: 6.0.0)

Scan (Version: 13.0.0.0)

Seagate Dashboard (Version: 1.0.0.809)

Skype Toolbars (Version: 1.0.4051)

Skype™ 4.2 (Version: 4.2.187)

SmartWebPrinting (Version: 130.0.457.000)

SolutionCenter (Version: 130.0.373.000)

Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)

Status (Version: 130.0.469.000)

Symantec pcAnywhere (Version: 11.0.0)

System Requirements Lab for Intel (Version: 4.5.13.0)

Toolbox (Version: 130.0.648.000)

TrayApp (Version: 130.0.422.000)

UnloadSupport (Version: 11.0.0)

ViewChoice

Visual Studio Tools for the Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)

WebReg (Version: 130.0.132.017)

Where in the World Is Carmen Sandiego? Treasures of Knowledge

Windows Live Communications Platform (Version: 14.0.8064.206)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live Movie Maker (Version: 14.0.8091.0730)

Windows Live Photo Gallery (Version: 14.0.8081.709)

Windows Live Sign-in Assistant (Version: 5.000.818.5)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live Toolbar (Version: 14.0.8064.206)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8089.0726)

==================== Restore Points =========================

04-11-2013 15:26:24 Scheduled Checkpoint

05-11-2013 19:49:10 Removed Java 7 Update 6

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-11-03 23:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {7B50BDB3-C216-4BCA-8886-B8714390C5E1} - System32\Tasks\task251025498 => C:\Users\Public\Documents\e.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Photosmart C7200 series

Description: Photosmart C7200 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (11/11/2013 11:18:28 PM) (Source: Windows Activation Technologies) (User: )

Description: Health check failure:

hr = 0x8004FE21, HealthStatus: 0x000000000003EFFF

Error: (11/11/2013 09:59:50 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

.

Error: (11/11/2013 09:59:45 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

.

Error: (11/11/2013 09:59:45 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

.

Error: (11/11/2013 09:59:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

.

Error: (11/11/2013 09:59:33 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

.

Error: (11/11/2013 09:59:26 AM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

.

Error: (11/06/2013 11:01:08 PM) (Source: QuickBooks) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2013":

DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (11/06/2013 11:01:08 PM) (Source: QuickBooks) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2013":

Connection String:CON=QBConnectionPool-Probe-QB_data_engine_23; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Family, Ear, Nose & Throat.QBW;ENG=QB_data_engine_23;DBN=69afee3f280c41f3bf9bc556078394da

Error: (11/06/2013 11:01:08 PM) (Source: QuickBooks) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2013":

Connection Error:Invalid user ID or password

System errors:

=============

Error: (11/12/2013 08:39:46 AM) (Source: Service Control Manager) (User: )

Description: The NETGEARGenieDaemon service failed to start due to the following error:

%%1053

Error: (11/12/2013 08:39:46 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (120000 milliseconds) while waiting for the NETGEARGenieDaemon service to connect.

Error: (11/11/2013 10:52:14 PM) (Source: mbamchameleon) (User: )

Description: C01C0005

Error: (11/11/2013 10:50:08 PM) (Source: mbamchameleon) (User: )

Description: C01C0005

Error: (11/11/2013 03:07:50 PM) (Source: Service Control Manager) (User: )

Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (11/11/2013 10:11:28 AM) (Source: Service Control Manager) (User: )

Description: The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2013 07:41:42 AM) (Source: Service Control Manager) (User: )

Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (11/10/2013 09:15:53 AM) (Source: Service Control Manager) (User: )

Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (11/09/2013 09:43:57 AM) (Source: Service Control Manager) (User: )

Description: The NETGEARGenieDaemon service failed to start due to the following error:

%%1053

Error: (11/09/2013 09:43:57 AM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (120000 milliseconds) while waiting for the NETGEARGenieDaemon service to connect.

Microsoft Office Sessions:

=========================

Error: (01/05/2013 11:02:52 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4986 seconds with 2040 seconds of active time. This session ended with a crash.

Error: (10/12/2011 02:18:36 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 254 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/12/2011 11:52:38 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3544 seconds with 1860 seconds of active time. This session ended with a crash.

Error: (12/23/2010 00:36:34 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11035 seconds with 4440 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2012-04-01 01:15:54.508

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-04-01 01:15:54.492

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-04-01 00:50:46.302

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-04-01 00:50:46.271

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-03-31 12:43:00.957

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-03-31 12:43:00.941

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-03-30 11:31:57.043

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-03-30 11:31:57.011

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-03-30 11:24:18.308

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\urlmon.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-03-30 11:24:18.293

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 23%

Total physical RAM: 3036.99 MB

Available physical RAM: 2323.93 MB

Total Pagefile: 6072.26 MB

Available Pagefile: 5356.48 MB

Total Virtual: 2047.88 MB

Available Virtual: 1894.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:6.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 7740BF64)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01

Ran by Leslie (administrator) on LESLIE-PC on 12-11-2013 08:41:38

Running from C:\Users\Leslie\Desktop

Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\gk0ks86b.default-1384008138800

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Leslie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF HKCU\...\Firefox\Extensions: [{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}] - C:\Users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

========================== Services (Whitelisted) =================

S3 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [106496 2003-05-29] (Symantec Corporation)

S3 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2005-11-09] ()

R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo)

S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195400 2012-09-25] (NETGEAR)

S3 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [110592 2005-11-09] ( )

R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.)

S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)

==================== Drivers (Whitelisted) ====================

R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [10901 2003-04-21] (Symantec Corporation)

S4 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [24365 2003-05-05] (Symantec Corporation)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2007-06-15] (Avanquest Software)

R0 Gernuwa; C:\Windows\System32\Drivers\Gernuwa.sys [13898 2003-04-21] (Symantec Corporation)

S3 JRAID; C:\Windows\system32\DRIVERS\jraid.sys [89048 2009-05-21] (JMicron Technology Corp.)

S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)

S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [73496 2010-03-09] (Symantec Corporation)

U3 TrueSight; c:\windows\system32\drivers\TrueSight.sys [13824 2012-03-30] ()

S3 XIRLINK; C:\Windows\System32\DRIVERS\C-itnt.sys [486176 2000-09-26] (Xirlink, Inc)

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Leslie\AppData\Local\Temp\catchme.sys [x]

S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 ____D C:\Windows\LastGood

2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD7436.tmp

2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD71D6.tmp

2013-11-11 22:26 - 2013-11-11 22:27 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Leslie\Desktop\mbar-1.07.0.1007.exe

2013-11-09 09:47 - 2013-11-09 09:47 - 00760937 _____ (Farbar) C:\Users\Leslie\Desktop\MiniToolBox.exe

2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6CC7.tmp

2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6C3B.tmp

2013-11-09 09:42 - 2013-11-09 09:42 - 00000000 ____D C:\Users\Leslie\Desktop\Old Firefox Data

2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD68E0.tmp

2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD6826.tmp

2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD9241.tmp

2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD8FB3.tmp

2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9656.tmp

2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9500.tmp

2013-11-06 08:20 - 2013-11-06 21:55 - 00184844 _____ C:\Windows\PFRO.log

2013-11-06 08:18 - 2013-11-06 08:18 - 00000000 ____D C:\Users\Leslie\Doctor Web

2013-11-05 15:05 - 2013-11-11 23:13 - 01090275 _____ (Farbar) C:\Users\Leslie\Desktop\FRST.exe

2013-11-05 14:54 - 2013-11-05 14:54 - 00004603 _____ C:\JavaRa.log

2013-11-05 14:51 - 2013-11-05 14:55 - 00000000 ____D C:\Users\Leslie\Desktop\Remove Java

2013-11-05 01:01 - 2013-11-05 01:01 - 00000000 ____D C:\FRST

2013-11-04 23:52 - 2013-11-04 23:52 - 00000000 ____D C:\Program Files\ESET

2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7619.tmp

2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7511.tmp

2013-11-04 23:33 - 2013-11-04 23:34 - 00000000 ____D C:\AdwCleaner

2013-11-04 23:30 - 2013-11-04 23:30 - 00000000 ____D C:\Windows\ERUNT

2013-11-04 23:16 - 2013-11-11 22:53 - 00000000 ____D C:\Users\Leslie\Desktop\mbar

2013-11-04 23:16 - 2013-11-11 22:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-04 23:16 - 2013-11-11 22:28 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-03 23:26 - 2013-11-03 23:26 - 00015223 _____ C:\ComboFix.txt

2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3B6B.tmp

2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3A82.tmp

2013-11-03 23:15 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe

2013-11-03 23:15 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe

2013-11-03 23:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-11-03 23:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-11-03 23:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-11-03 23:15 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe

2013-11-03 23:15 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe

2013-11-03 23:15 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe

2013-11-03 23:14 - 2013-11-03 23:59 - 00000000 ____D C:\Qoobox

2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7E25.tmp

2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7BB6.tmp

2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7DF6.tmp

2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7CEE.tmp

2013-10-31 22:45 - 2013-11-12 08:39 - 00002092 _____ C:\Windows\setupact.log

2013-10-31 22:45 - 2013-10-31 22:45 - 00000000 _____ C:\Windows\setuperr.log

2013-10-31 22:43 - 2013-11-03 08:53 - 391172094 _____ C:\avenger.txt

2013-10-31 22:28 - 2013-10-31 22:28 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-10-31 22:24 - 2013-10-31 22:24 - 00000000 ____D C:\Program Files\Google

2013-10-31 22:23 - 2013-10-31 22:44 - 00000000 ____D C:\ProgramData\gpngVpn3

2013-10-31 22:23 - 2013-10-31 22:23 - 00000000 ____D C:\Users\Leslie\AppData\Local\Google

2013-10-25 09:17 - 2013-10-25 09:17 - 00009471 _____ C:\Users\Leslie\Documents\Work contact email list.xlsx

2013-10-25 09:16 - 2013-10-25 09:16 - 00000462 _____ C:\Users\Leslie\Documents\Work contact email list.csv

2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6FD3.tmp

2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6E00.tmp

2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD9186.tmp

2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD8E1D.tmp

2013-10-23 13:37 - 2009-08-19 22:50 - 00046928 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll

2013-10-23 13:37 - 2009-08-19 22:50 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll

2013-10-23 13:36 - 2013-10-23 13:36 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk

==================== One Month Modified Files and Folders =======

2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 ____D C:\Windows\LastGood

2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD7436.tmp

2013-11-12 08:39 - 2013-11-12 08:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD71D6.tmp

2013-11-12 08:39 - 2013-10-31 22:45 - 00002092 _____ C:\Windows\setupact.log

2013-11-12 08:39 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-12 08:38 - 2009-07-13 23:55 - 01428563 _____ C:\Windows\WindowsUpdate.log

2013-11-11 23:24 - 2009-12-03 15:59 - 00785112 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-11 23:23 - 2009-07-13 23:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-11 23:23 - 2009-07-13 23:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-11 23:13 - 2013-11-05 15:05 - 01090275 _____ (Farbar) C:\Users\Leslie\Desktop\FRST.exe

2013-11-11 22:53 - 2013-11-04 23:16 - 00000000 ____D C:\Users\Leslie\Desktop\mbar

2013-11-11 22:53 - 2013-11-04 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-11 22:28 - 2013-11-04 23:16 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-11 22:27 - 2013-11-11 22:26 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Leslie\Desktop\mbar-1.07.0.1007.exe

2013-11-11 22:27 - 2010-03-13 22:07 - 00007613 _____ C:\Users\Leslie\AppData\Local\Resmon.ResmonCfg

2013-11-11 10:02 - 2010-09-27 13:55 - 00002054 ____H C:\Users\Leslie\Documents\Default.rdp

2013-11-11 10:00 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-11-09 09:47 - 2013-11-09 09:47 - 00760937 _____ (Farbar) C:\Users\Leslie\Desktop\MiniToolBox.exe

2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6CC7.tmp

2013-11-09 09:44 - 2013-11-09 09:44 - 00000000 _____ C:\Windows\system32\Drivers\OLD6C3B.tmp

2013-11-09 09:42 - 2013-11-09 09:42 - 00000000 ____D C:\Users\Leslie\Desktop\Old Firefox Data

2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD68E0.tmp

2013-11-07 20:39 - 2013-11-07 20:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD6826.tmp

2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD9241.tmp

2013-11-06 21:55 - 2013-11-06 21:55 - 00000000 _____ C:\Windows\system32\Drivers\OLD8FB3.tmp

2013-11-06 21:55 - 2013-11-06 08:20 - 00184844 _____ C:\Windows\PFRO.log

2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9656.tmp

2013-11-06 08:21 - 2013-11-06 08:21 - 00000000 _____ C:\Windows\system32\Drivers\OLD9500.tmp

2013-11-06 08:19 - 2009-07-13 23:53 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-11-06 08:18 - 2013-11-06 08:18 - 00000000 ____D C:\Users\Leslie\Doctor Web

2013-11-06 08:18 - 2010-02-16 16:24 - 00000000 ____D C:\Users\Leslie

2013-11-05 14:55 - 2013-11-05 14:51 - 00000000 ____D C:\Users\Leslie\Desktop\Remove Java

2013-11-05 14:54 - 2013-11-05 14:54 - 00004603 _____ C:\JavaRa.log

2013-11-05 14:49 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Java

2013-11-05 01:01 - 2013-11-05 01:01 - 00000000 ____D C:\FRST

2013-11-05 01:00 - 2010-02-16 16:48 - 00000000 ____D C:\Users\Leslie\Documents\Adobe

2013-11-04 23:52 - 2013-11-04 23:52 - 00000000 ____D C:\Program Files\ESET

2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7619.tmp

2013-11-04 23:36 - 2013-11-04 23:36 - 00000000 _____ C:\Windows\system32\Drivers\OLD7511.tmp

2013-11-04 23:34 - 2013-11-04 23:33 - 00000000 ____D C:\AdwCleaner

2013-11-04 23:30 - 2013-11-04 23:30 - 00000000 ____D C:\Windows\ERUNT

2013-11-04 10:01 - 2010-02-16 16:47 - 00000000 ____D C:\Users\Leslie\Documents\Word

2013-11-04 09:44 - 2010-02-16 16:47 - 00000000 ____D C:\Users\Leslie\Documents\Excel

2013-11-03 23:59 - 2013-11-03 23:14 - 00000000 ____D C:\Qoobox

2013-11-03 23:26 - 2013-11-03 23:26 - 00015223 _____ C:\ComboFix.txt

2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3B6B.tmp

2013-11-03 23:24 - 2013-11-03 23:24 - 00000000 _____ C:\Windows\system32\Drivers\OLD3A82.tmp

2013-11-03 23:24 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini

2013-11-03 23:22 - 2012-03-31 22:18 - 00000000 ____D C:\Windows\ERDNT

2013-11-03 23:22 - 2009-07-13 21:03 - 49283072 _____ C:\Windows\system32\config\software.bak

2013-11-03 23:22 - 2009-07-13 21:03 - 15204352 _____ C:\Windows\system32\config\system.bak

2013-11-03 23:22 - 2009-07-13 21:03 - 00524288 _____ C:\Windows\system32\config\default.bak

2013-11-03 23:22 - 2009-07-13 21:03 - 00262144 _____ C:\Windows\system32\config\security.bak

2013-11-03 23:22 - 2009-07-13 21:03 - 00262144 _____ C:\Windows\system32\config\sam.bak

2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7E25.tmp

2013-11-03 08:57 - 2013-11-03 08:57 - 00000000 _____ C:\Windows\system32\Drivers\OLD7BB6.tmp

2013-11-03 08:53 - 2013-10-31 22:43 - 391172094 _____ C:\avenger.txt

2013-11-02 10:46 - 2012-11-14 23:50 - 00003117 _____ C:\SeagateAdapter

2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7DF6.tmp

2013-10-31 22:46 - 2013-10-31 22:46 - 00000000 _____ C:\Windows\system32\Drivers\OLD7CEE.tmp

2013-10-31 22:45 - 2013-10-31 22:45 - 00000000 _____ C:\Windows\setuperr.log

2013-10-31 22:44 - 2013-10-31 22:23 - 00000000 ____D C:\ProgramData\gpngVpn3

2013-10-31 22:43 - 2009-12-03 17:44 - 00000000 ____D C:\Windows\Panther

2013-10-31 22:28 - 2013-10-31 22:28 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-10-31 22:24 - 2013-10-31 22:24 - 00000000 ____D C:\Program Files\Google

2013-10-31 22:23 - 2013-10-31 22:23 - 00000000 ____D C:\Users\Leslie\AppData\Local\Google

2013-10-30 14:13 - 2010-08-25 10:45 - 00000000 ____D C:\Users\Leslie\Documents\My Scans

2013-10-28 17:59 - 2012-08-26 18:59 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\.minecraft

2013-10-25 09:17 - 2013-10-25 09:17 - 00009471 _____ C:\Users\Leslie\Documents\Work contact email list.xlsx

2013-10-25 09:16 - 2013-10-25 09:16 - 00000462 _____ C:\Users\Leslie\Documents\Work contact email list.csv

2013-10-23 23:14 - 2010-03-16 22:54 - 00000000 ____D C:\Users\Leslie\Documents\Fax

2013-10-23 14:58 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF

2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6FD3.tmp

2013-10-23 14:23 - 2013-10-23 14:23 - 00000000 _____ C:\Windows\system32\Drivers\OLD6E00.tmp

2013-10-23 14:19 - 2010-02-16 16:25 - 00000000 ____D C:\Users\Leslie\AppData\Local\Adobe

2013-10-23 14:18 - 2012-04-24 12:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-23 14:18 - 2011-11-28 22:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-23 14:09 - 2013-10-07 09:38 - 00000000 ____D C:\Users\Leslie\AppData\Local\Deployment

2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD9186.tmp

2013-10-23 13:39 - 2013-10-23 13:39 - 00000000 _____ C:\Windows\system32\Drivers\OLD8E1D.tmp

2013-10-23 13:36 - 2013-10-23 13:36 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk

2013-10-23 13:36 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-10-23 13:36 - 2009-12-03 15:55 - 00000000 ____D C:\Program Files\Adobe

2013-10-22 17:58 - 2013-05-24 15:25 - 00000000 ____D C:\Quickbooks backup files

2013-10-21 17:26 - 2012-01-03 11:06 - 00000000 ___RD C:\Users\Leslie\Dropbox

2013-10-21 17:26 - 2012-01-03 11:03 - 00000000 ____D C:\Users\Leslie\AppData\Roaming\Dropbox

Some content of TEMP:

====================

C:\Users\Leslie\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-10 10:04

==================== End Of Log ============================

[AdvancedSetup]

Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

 

 

Then restart the computer and run the following.

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

[lnr123bsr]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013

Ran by Leslie at 2013-11-13 18:03:35 Run:2

Running from C:\Users\Leslie\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Task: {7B50BDB3-C216-4BCA-8886-B8714390C5E1} - System32\Tasks\task251025498 => C:\Users\Public\Documents\e.exe

C:\Users\Public\Documents\e.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

S4 RemoteAccess; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B50BDB3-C216-4BCA-8886-B8714390C5E1} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B50BDB3-C216-4BCA-8886-B8714390C5E1} => Key deleted successfully.

C:\Windows\System32\Tasks\task251025498 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task251025498 => Key deleted successfully.

"C:\Users\Public\Documents\e.exe" => File/Directory not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

RemoteAccess => Service deleted successfully.

==== End of Fixlog ====

[AdvancedSetup]

Please run MBAM and check for updates and do a Quick Scan and post back the new log.

 

 

Please download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!
  

 

[lnr123bsr]

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.13.13

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Leslie :: LESLIE-PC [administrator]

11/13/2013 8:48:00 PM

mbam-log-2013-11-13 (20-48-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 235050

Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x86 (UAC is enabled)

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Adobe Flash Player 11.6.602.180

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 21.0 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[AdvancedSetup]

How is the computer running now?

 

Are there still any signs of an infection?

 

Please update your Adobe Reader and Firefox.

[lnr123bsr]

Things seem to be running well. The only problem I have is that I cannot run Windows Update. In fact, I haven't been able to run Windows Update since the last time the computer got a similar infection about 18 months ago. Is the best thing just to re-install Windows? Thanks.

[AdvancedSetup]

Well a reinstall is always going to produce a safer, better running computer but that's up to you. 

 

Please download and run the following tool and let's see if it can fix it up more

 

Windows Repair (All In One)

 

Let me know how things are after running that tool.

 

Thanks

[lnr123bsr]

That tool worked great. My Windows Update is now all set for the first time in over a year! Thank you so much!

[AdvancedSetup]

Great, please make sure you make multiple rounds to the Windows update site for updates as it will take a few rounds if updates have been off for a long time.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

• Turn off all active protection software including your antivirus.
• Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• Please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
  

 
Remove the rest of the tools used:
 

Please download

OTCleanIt

and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
• If asked to restart the computer, please do so
  

Note:

If you receive a warning from your firewall or other security programs regarding

OTCleanIt

attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes
  

ESET antivirus Removal:

• This tool can be uninstalled via the Control Panel, Programs, Uninstall
  

 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog
  

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!