[Solved] Dinihou.G.2. Virus - Need Help please

Cassie Br · Apr 16, 2014

Hello everybody, I'm new to this forum and im here in hope of getting some help with a new virus my computer has got.

Basically I cannot remove this with my anti-virus, it just detects it and thats it. I'm not sure if the virus name is Dinihou.G.2. or safa7_.vbs , either way these are the names I got from the infection.

I searched online and I couldn't follow the instructions when they asked to first of all remove from the tast manager the programs running from vbs.dinihou as I have no clue which files they are.

Help would be very appreciated.

starbuck · Apr 16, 2014

Hi Cassie and welcome to CHF

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please do not use any Usb sticks as this worm may infect them.
If you have used any, we can disinfect them later.

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

Double-click the downloaded icon to run the tool.

When the tool opens click Yes to disclaimer.

Make sure that Addition.txt is selected at the bottom

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

In your next reply, please submit:
Both reports from FRST

Thanks.

Cassie Br · Apr 16, 2014

Thank you for your reply. Here is what I got...

FRST.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by Stephnie (administrator) on STEPHNIE-PC on 16-04-2014 21:40:17
Running from C:\Users\Stephnie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wscript.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Microsoft Corporation) C:\windows\System32\WScript.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-28] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [180304 2014-04-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2253502698-3813876070-2504264267-1000\...\Run: [Facebook Update] => C:\Users\Stephnie\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-09] (Facebook Inc.)
HKU\S-1-5-21-2253502698-3813876070-2504264267-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-2253502698-3813876070-2504264267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-02-28] (SUPERAntiSpyware)
HKU\S-1-5-21-2253502698-3813876070-2504264267-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2253502698-3813876070-2504264267-1000\...\Run: [safa7_22] => wscript.exe //B "C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs"
Startup: C:\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\safa7_22.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Stephnie\AppData\Roaming\Mozilla\Firefox\Profiles\alxzs099.default
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Stephnie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Nation Toolbar - C:\Users\Stephnie\AppData\Roaming\Mozilla\Firefox\Profiles\alxzs099.default\Extensions\{ADFA33FD-16F5-4355-8504-DF4D664CFE09} [2013-08-24]
FF Extension: DownloadHelper - C:\Users\Stephnie\AppData\Roaming\Mozilla\Firefox\Profiles\alxzs099.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-29]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [122448 2014-04-15] (Avira Operations GmbH & Co. KG)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-16 21:40 - 2014-04-16 21:40 - 00014466 _____ () C:\Users\Stephnie\Desktop\FRST.txt
2014-04-16 21:39 - 2014-04-16 21:39 - 00000000 ____D () C:\Users\Stephnie\Desktop\FRST-OlderVersion
2014-04-16 14:18 - 2014-04-16 14:18 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-04-16 14:18 - 2014-04-16 14:18 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-16 14:18 - 2014-04-16 14:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-15 17:43 - 2014-04-16 21:40 - 00000000 ____D () C:\FRST
2014-04-15 17:42 - 2014-04-16 21:39 - 02158592 _____ (Farbar) C:\Users\Stephnie\Desktop\FRST64.exe
2014-04-15 16:19 - 2014-04-15 16:19 - 00132597 _____ () C:\Users\Stephnie\Desktop\Flash_Disinfector.exe
2014-04-15 16:05 - 2014-04-16 09:45 - 00000000 ____D () C:\Users\Stephnie\AppData\Local\{92A21437-E3F7-457F-B262-FE0A3CC65128}
2014-04-15 15:57 - 2014-04-15 15:57 - 00003158 _____ () C:\windows\System32\Tasks\{33E8E5CF-64AB-4BD0-9AC7-4C2E878DBAC9}
2014-04-14 16:09 - 2014-04-14 16:09 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-04-13 13:31 - 2014-04-13 13:31 - 00000000 ____D () C:\Users\Stephnie\AppData\Roaming\Avira
2014-04-13 13:28 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-04-13 13:28 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-04-13 13:28 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-04-13 13:23 - 2014-04-16 16:45 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-13 13:23 - 2014-04-16 16:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-13 13:23 - 2014-04-16 16:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-13 13:23 - 2014-04-13 13:28 - 00000000 ____D () C:\ProgramData\Avira
2014-04-11 17:22 - 2013-07-02 21:58 - 00031349 ____N () C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs
2014-04-11 15:02 - 2014-04-11 15:02 - 00009318 _____ () C:\Users\Stephnie\Desktop\intro to fix.wlmp
2014-04-11 11:48 - 2014-04-11 11:48 - 00000000 ____D () C:\Users\Stephnie\AppData\Local\{BC83AAA7-2C2D-4A87-BE6F-485D864FE635}
2014-04-11 03:03 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-11 03:03 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-11 03:03 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-11 03:03 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-11 03:03 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-11 03:03 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-11 03:03 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-11 03:03 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-11 03:03 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-11 03:03 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-11 03:03 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-11 03:03 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-11 03:03 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-11 03:03 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-11 03:03 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-11 03:03 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-11 03:03 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-11 03:03 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-11 03:03 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-11 03:03 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-11 03:03 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-11 03:03 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-11 03:03 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-11 03:03 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-11 03:03 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-11 03:03 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-11 03:03 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-11 03:03 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-11 03:02 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-11 03:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-11 03:02 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-11 03:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-11 03:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-11 03:02 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-11 03:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-11 03:02 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-11 03:02 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-11 03:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-11 03:02 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-11 03:02 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-11 03:02 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-11 03:02 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-11 03:02 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-11 03:02 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-11 03:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-11 03:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-11 03:02 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-11 03:02 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-09 10:53 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 10:53 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 10:53 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 10:53 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 10:53 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 10:53 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 10:53 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 10:53 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 10:53 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 10:53 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 10:53 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 10:53 - 2014-02-04 04:37 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 10:53 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 10:53 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 10:53 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 10:53 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 10:53 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-03-29 08:36 - 2014-03-29 08:38 - 00000000 ____D () C:\Users\Stephnie\Desktop\CV
2014-03-29 03:46 - 2014-03-29 03:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-16 21:40 - 2014-04-16 21:40 - 00014466 _____ () C:\Users\Stephnie\Desktop\FRST.txt
2014-04-16 21:40 - 2014-04-15 17:43 - 00000000 ____D () C:\FRST
2014-04-16 21:39 - 2014-04-16 21:39 - 00000000 ____D () C:\Users\Stephnie\Desktop\FRST-OlderVersion
2014-04-16 21:39 - 2014-04-15 17:42 - 02158592 _____ (Farbar) C:\Users\Stephnie\Desktop\FRST64.exe
2014-04-16 21:38 - 2012-08-19 09:14 - 00000000 ____D () C:\Users\Stephnie\AppData\Local\Nero
2014-04-16 21:30 - 2012-10-24 18:39 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-16 21:28 - 2013-09-28 20:15 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 21:27 - 2012-04-25 13:46 - 01074666 _____ () C:\windows\WindowsUpdate.log
2014-04-16 20:54 - 2012-08-16 11:44 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 20:30 - 2012-08-09 17:06 - 00000940 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000UA.job
2014-04-16 20:30 - 2012-08-09 17:06 - 00000918 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000Core.job
2014-04-16 16:45 - 2014-04-13 13:23 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-16 16:45 - 2014-04-13 13:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-16 16:45 - 2014-04-13 13:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-16 14:20 - 2013-12-09 19:52 - 00000000 ____D () C:\windows\Minidump
2014-04-16 14:20 - 2012-11-13 20:33 - 00000000 ____D () C:\Users\Stephnie\Tracing
2014-04-16 14:20 - 2011-02-23 15:08 - 00000000 ____D () C:\windows\Panther
2014-04-16 14:18 - 2014-04-16 14:18 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-04-16 14:18 - 2014-04-16 14:18 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-16 14:18 - 2014-04-16 14:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-16 13:19 - 2013-09-28 20:15 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-16 09:45 - 2014-04-15 16:05 - 00000000 ____D () C:\Users\Stephnie\AppData\Local\{92A21437-E3F7-457F-B262-FE0A3CC65128}
2014-04-15 16:19 - 2014-04-15 16:19 - 00132597 _____ () C:\Users\Stephnie\Desktop\Flash_Disinfector.exe
2014-04-15 16:12 - 2009-07-14 06:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 16:12 - 2009-07-14 06:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-15 16:08 - 2012-08-09 20:36 - 00000000 ____D () C:\Users\Stephnie\AppData\Roaming\Skype
2014-04-15 16:07 - 2013-07-30 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-04-15 16:05 - 2012-04-25 14:44 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-15 16:05 - 2012-04-25 14:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-15 16:05 - 2012-04-25 14:31 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-15 16:03 - 2012-08-09 16:42 - 00000000 ___RD () C:\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 16:02 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-15 16:02 - 2009-07-14 06:45 - 00322312 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-15 15:57 - 2014-04-15 15:57 - 00003158 _____ () C:\windows\System32\Tasks\{33E8E5CF-64AB-4BD0-9AC7-4C2E878DBAC9}
2014-04-15 14:15 - 2013-06-10 13:14 - 00003440 _____ () C:\windows\System32\Tasks\PCDEventLauncherTask
2014-04-14 16:09 - 2014-04-14 16:09 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-04-13 13:31 - 2014-04-13 13:31 - 00000000 ____D () C:\Users\Stephnie\AppData\Roaming\Avira
2014-04-13 13:28 - 2014-04-13 13:23 - 00000000 ____D () C:\ProgramData\Avira
2014-04-12 19:24 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-04-11 17:24 - 2014-02-22 23:19 - 00000000 ____D () C:\Users\Stephnie\AppData\Local\Windows Live
2014-04-11 15:03 - 2014-02-16 17:58 - 00000000 ____D () C:\Users\Stephnie\Desktop\TEMP FILE
2014-04-11 15:02 - 2014-04-11 15:02 - 00009318 _____ () C:\Users\Stephnie\Desktop\intro to fix.wlmp
2014-04-11 13:20 - 2014-01-22 00:35 - 00000000 ____D () C:\Users\Stephnie\dwhelper
2014-04-11 13:20 - 2012-08-09 16:39 - 00075248 _____ () C:\Users\Stephnie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-11 11:48 - 2014-04-11 11:48 - 00000000 ____D () C:\Users\Stephnie\AppData\Local\{BC83AAA7-2C2D-4A87-BE6F-485D864FE635}
2014-04-11 11:47 - 2012-04-25 14:11 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-11 03:21 - 2012-08-09 16:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-11 03:20 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-11 03:00 - 2012-08-16 11:17 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-29 13:58 - 2013-09-28 20:15 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 13:58 - 2013-09-28 20:15 - 00003646 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 08:38 - 2014-03-29 08:36 - 00000000 ____D () C:\Users\Stephnie\Desktop\CV
2014-03-29 03:47 - 2014-03-29 03:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-17 10:32 - 2014-03-16 18:13 - 00000000 ____D () C:\Users\Stephnie\AppData\Local\{3FFB8EF6-1BF4-45ED-8775-2827B6472622}

Some content of TEMP:
====================
C:\Users\Stephnie\AppData\Local\Temp\avgnt.exe
C:\Users\Stephnie\AppData\Local\Temp\nircmd.exe
C:\Users\Stephnie\AppData\Local\Temp\pv.exe
C:\Users\Stephnie\AppData\Local\Temp\vfind.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-12 19:17

==================== End Of Log ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-04-2014 02
Ran by Stephnie at 2014-04-16 21:40:50
Running from C:\Users\Stephnie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avira (HKLM-x32\...\{c13d72f9-bcdd-4c16-a942-7373a528171e}) (Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5218.31571 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.17 - Creative Technology Ltd)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Escape Whisper Valley (TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nation Toolbar (HKLM-x32\...\Nation Toolbar) (Version: 1.0.17 - Blucora Inc)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20010 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20500.9.16 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.10.17 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {5A2C2358-C11C-43E6-A1DE-77523B5E2B49} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000Core => C:\Users\Stephnie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)
Task: {85A15D4B-36C8-4E9E-A87C-14F67D2FF65C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000UA => C:\Users\Stephnie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)
Task: {93D05D6F-AE86-4F7E-B139-F42D2E26C053} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {99125585-C533-4CC9-AF98-BF044B10640E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-28] (Google Inc.)
Task: {99A43C3B-40BC-4990-B5D1-BA05FDC5DB64} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {9FD77D27-CDEA-40B9-821E-1EAEEDE798BB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {BC9AA0EC-0638-40C2-9EAF-D5FFBE00B5EF} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CF9597D8-3AA1-4A0B-83C9-34058B7484FC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E9AE540C-F036-49A1-89F9-682B5FE31DD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {EC9AF747-C5F5-4A4E-A484-4B39859FE540} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-28] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000Core.job => C:\Users\Stephnie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000UA.job => C:\Users\Stephnie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-13 22:56 - 2011-01-13 22:56 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-04-25 16:22 - 2011-03-26 03:28 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2011-06-28 02:26 - 2011-06-28 02:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2010-11-17 17:35 - 2010-11-17 17:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 18:50 - 2012-02-01 18:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-06-29 15:52 - 2011-06-29 15:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2012-04-25 14:32 - 2012-01-27 04:49 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-13 13:28 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-03-17 03:28 - 2010-03-17 03:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 22:52 - 2010-03-22 22:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-17 03:28 - 2010-03-17 03:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-17 03:28 - 2010-03-17 03:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-25 06:20 - 2011-06-25 06:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-28 02:25 - 2011-06-28 02:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-25 06:21 - 2011-06-25 06:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-12 02:52 - 2010-03-12 02:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 22:07 - 2010-03-05 22:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 22:07 - 2010-03-05 22:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-12 02:52 - 2010-03-12 02:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2010-11-25 05:44 - 2010-11-25 05:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-02-01 18:44 - 2012-02-01 18:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 18:44 - 2012-02-01 18:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-04-13 13:29 - 2014-04-01 13:57 - 00049744 ____N () C:\Users\Stephnie\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-02-16 04:37 - 2014-02-16 04:37 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-04-25 13:56 - 2011-01-13 00:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-01-01 00:04 - 2012-01-01 00:04 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2012-01-01 00:04 - 2012-01-01 00:04 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
2014-03-29 03:46 - 2014-03-29 03:47 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-15 18:34 - 2014-04-15 18:34 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:33 - 2014-04-15 18:33 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-11 20:55 - 2014-03-11 20:55 - 16276872 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2014 00:24:03 PM) (Source: Google Update) (User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x

Error: (04/16/2014 03:35:07 AM) (Source: Google Update) (User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/15/2014 04:04:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 11:10:33 AM) (Source: Google Update) (User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (04/14/2014 09:53:08 AM) (Source: Google Update) (User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/13/2014 08:48:15 AM) (Source: Google Update) (User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/12/2014 07:22:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/12/2014 03:21:08 AM) (Source: Google Update) (User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/11/2014 01:29:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004e4e4
Faulting process id: 0x11e8
Faulting application start time: 0xwmprph.exe0
Faulting application path: wmprph.exe1
Faulting module path: wmprph.exe2
Report Id: wmprph.exe3

Error: (04/11/2014 11:57:26 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

System errors:
=============
Error: (04/15/2014 04:04:14 PM) (Source: Service Control Manager) (User: )
Description: The Skype Click to Call PNR Service service failed to start due to the following error:
%%1053

Error: (04/15/2014 04:04:13 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Skype Click to Call PNR Service service to connect.

Error: (04/15/2014 04:03:25 PM) (Source: Service Control Manager) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error:
%%1053

Error: (04/15/2014 04:03:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Skype Click to Call Updater service to connect.

Error: (04/15/2014 04:00:39 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (04/13/2014 01:21:16 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR9.

Error: (04/13/2014 01:00:08 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{04E4A289-3A94-464F-823A-6AA1EE501E29}.
The master browser is stopping or an election is being forced.

Error: (04/11/2014 05:23:02 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (04/11/2014 05:23:01 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (04/11/2014 05:23:01 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Microsoft Office Sessions:
=========================
Error: (04/16/2014 00:24:03 PM) (Source: Google Update)(User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x

Error: (04/16/2014 03:35:07 AM) (Source: Google Update)(User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/15/2014 04:04:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 11:10:33 AM) (Source: Google Update)(User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (04/14/2014 09:53:08 AM) (Source: Google Update)(User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/13/2014 08:48:15 AM) (Source: Google Update)(User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/12/2014 07:22:40 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (04/12/2014 03:21:08 AM) (Source: Google Update)(User: Stephnie-PC)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/11/2014 01:29:00 PM) (Source: Application Error)(User: )
Description: wmprph.exe12.0.7600.163854a5bd018ntdll.dll6.1.7601.18247521eaf24c0000005000000000004e4e411e801cf5577510b5d18C:\Program Files\Windows Media Player\wmprph.exeC:\windows\SYSTEM32\ntdll.dll79d8e639-c16c-11e3-9220-642737e9e6b4

Error: (04/11/2014 11:57:26 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3894.68 MB
Available physical RAM: 1876.14 MB
Total Pagefile: 7787.55 MB
Available Pagefile: 4451.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:387.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 21340B00)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Please let me know what to do next. Thanks
PS: Yes the virus actually came from a USB drive so its infected.

Cassie Br · Apr 16, 2014

starbuck said: ↑

In your next reply, please submit:
Both reports from FRST

Thanks.
Click to expand...

I have replied to your post

starbuck · Apr 16, 2014

Hi Cassie

Thanks for the reports.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista/Win7, you will not see the recovery console screens as they are Win XP related

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please submit:
Fixlog.txt
Combofix.txt

Thanks.

Cassie Br · Apr 16, 2014

Thanks for your reply!
I re-runned the FRST program and clicked FIX, the computer restarted and when it came back to the desktop it gave me the following text (Fixlog):

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 02
Ran by Stephnie at 2014-04-16 23:21:10 Run:1
Running from C:\Users\Stephnie\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2253502698-3813876070-2504264267-1000\...\Run: [safa7_22] => wscript.exe //B "C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs"
Startup: C:\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\safa7_22.vbs ()
2014-04-11 17:22 - 2013-07-02 21:58 - 00031349 ____N () C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs
C:\Users\Stephnie\AppData\Local\Temp\avgnt.exe
C:\Users\Stephnie\AppData\Local\Temp\nircmd.exe
C:\Users\Stephnie\AppData\Local\Temp\pv.exe
C:\Users\Stephnie\AppData\Local\Temp\vfind.exe
C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs
C:\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\safa7_22.vbs
Reboot:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-2253502698-3813876070-2504264267-1000\Software\Microsoft\Windows\CurrentVersion\Run\\safa7_22 => Value deleted successfully.
C:\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\safa7_22.vbs => Moved successfully.
Could not move "C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs" => Scheduled to move on reboot.
C:\Users\Stephnie\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Stephnie\AppData\Local\Temp\nircmd.exe => Moved successfully.
C:\Users\Stephnie\AppData\Local\Temp\pv.exe => Moved successfully.
C:\Users\Stephnie\AppData\Local\Temp\vfind.exe => Moved successfully.
Could not move "C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs" => Scheduled to move on reboot.
"C:\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\safa7_22.vbs" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-16 23:24:17)<=

C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs => Is moved successfully.
C:\Users\Stephnie\AppData\Roaming\safa7_22.vbs => Is moved successfully.

==== End of Fixlog ====

Cassie Br · Apr 16, 2014

Regarding CombFix, I just entered the file and it did everything on its own. Here is the log file.

ComboFix 14-04-12.01 - Stephnie 04/16/2014 23:49:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1725 [GMT 2:00]
Running from: c:\users\Stephnie\Desktop\Combo-Fix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\32c9d170-59a5-4003-94c6-80a6c9dd3953.dll
c:\programdata\PCDr\6426\AddOnDownloaded\39e74b65-3eda-422b-bbb4-2b208419be67.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a4d2a9e-ce47-421d-bbd6-98fd72255fed.dll
c:\users\Stephnie\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-03-16 to 2014-04-16 )))))))))))))))))))))))))))))))
.
.
2014-04-16 21:58 . 2014-04-16 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-16 12:18 . 2014-04-16 12:18 -------- d-----w- c:\program files\CCleaner
2014-04-15 15:43 . 2014-04-16 21:24 -------- d-----w- C:\FRST
2014-04-14 14:09 . 2014-04-14 14:09 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-04-13 11:31 . 2014-04-13 11:31 -------- d-----w- c:\users\Stephnie\AppData\Roaming\Avira
2014-04-13 11:28 . 2014-02-25 09:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-13 11:28 . 2014-02-25 09:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-13 11:28 . 2014-02-25 09:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-13 11:23 . 2014-04-16 14:45 -------- d-----w- c:\program files (x86)\Avira
2014-04-13 11:23 . 2014-04-13 11:28 -------- d-----w- c:\programdata\Avira
2014-04-13 11:23 . 2014-04-16 14:45 -------- d-----w- c:\programdata\Package Cache
2014-04-11 09:57 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AE35423-E82D-4F62-8F57-6451D2AF1ADC}\mpengine.dll
2014-04-11 01:02 . 2014-03-06 09:19 8011776 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2014-04-09 08:53 . 2014-02-04 02:37 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 01:00 . 2012-08-16 09:17 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 18:55 . 2012-08-16 09:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 18:55 . 2012-08-16 09:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:17 . 2014-04-09 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-13 09:35 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 09:33 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 09:33 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 09:33 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 09:33 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 09:35 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 09:35 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-13 09:35 228864 ----a-w- c:\windows\system32\wwansvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-02-28 6563608]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2012-05-09 577536]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-04-15 180304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 18:55]
.
2014-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000Core.job
- c:\users\Stephnie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09 18:25]
.
2014-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253502698-3813876070-2504264267-1000UA.job
- c:\users\Stephnie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09 18:25]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-28 18:15]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-28 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Stephnie\AppData\Roaming\Mozilla\Firefox\Profiles\alxzs099.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Microsoft\BingBar\7.3.132.0oemBingBarSetup-Partner.EXE
c:\windows\TEMP\IXP000.TMP\BBSetup.exe
c:\windows\syswow64\MsiExec.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-04-17 00:12:02 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-16 22:11
.
Pre-Run: 415,929,286,656 bytes free
Post-Run: 415,816,736,768 bytes free
.
- - End Of File - - 4DDAE266526835B81F2B4A14B66B3DBC

Thanks for the help, will wait for further instructions!

starbuck · Apr 17, 2014

Hi

I am at work at the moment, so won't be able to go through the combofix report properly until this evening.
How is the system running in general?

Thanks

Cassie Br · Apr 17, 2014

starbuck said: ↑

Hi

I am at work at the moment, so won't be able to go through the combofix report properly until this evening.
How is the system running in general?

Thanks
Click to expand...

Hi,

Thank you for letting me know.
The PC is usually very fast so it's slightly slower than usual but not too bad either, so in general it's running just fine.
I'm not using anything on it though (exp: emails etc...)

starbuck · Apr 17, 2014

Hi Cassie

Let's clean up the usb stick and then we'll run another scan on the system.... just to be sure that everything has been removed.

Step 1
Recommendation.
If your running the 'free' version of SuperAntiSpyware it doesn't need to start when Windows starts.
You can start it manually when you need to do a scan.

To change this:
Restart SuperAntiSpyware...
Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
Then click Close. and then Close on the next screen to exit the program.

Step 2

Download Malwarebytes Anti-Malware Free and save it to your desktop

Double click the desktop icon, click Run, then OK

Click Next

Select I accept the agreement then continue to click Next then finally click Install

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program ... i recommend that you UNtick this option.

Click Finish

If you are notified the Database is out of date click Update Now

Once the program has been updated, click the Settings tab

Make sure that Explorer Context Menu Entry is set to Yes.

Now you can close the program.
.

Hold down the Shift key on your keyboard and while you hold the key down.... insert the infected Usb stick.

Wait a few seconds and then release the Shift key.
This will prevent any malware from Auto-running on the Usb stick

Click Start >> Computer.

Right click on the Usb icon and select Scan with MalwareBytes AntiMalware

A threat scan will now start to scan the Usb stick.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

.

(Copy to clipboard for pasting into forum replies)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab >> Application Logs.

Double click on the scan log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Step 3
Now we'll get MBAM to scan your whole system for any leftovers.

Restart MBAM

Click Scan Now >>

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

.

(Copy to clipboard for pasting into forum replies)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab >> Application Logs.

Double click on the scan log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

In your next reply, please submit
both scan reports from MBAM.

Thanks

Cassie Br · Apr 18, 2014

I'm not sure this is a good thing or bad but MBAM didn't find anything on either USB (which I have two) nor the whole PC. I'll Post the reports in case you still need them...

UBS 1
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/18/2014
Scan Time: 11:28:43 AM
Logfile: usb 1.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stephnie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 1 min, 9 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

USB 2
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/18/2014
Scan Time: 11:31:52 AM
Logfile: usb 2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stephnie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 29
Time Elapsed: 1 min, 51 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

PC SCAN
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/18/2014
Scan Time: 11:52:46 AM
Logfile: pc.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stephnie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 257401
Time Elapsed: 11 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

starbuck · Apr 18, 2014

Hi Cassie,

I see that you downloaded Flash Disinfector..... Did you by any chance run this on the Usb stick?
If so, that may well account for nothing being shown.
We have removed the infection from the main computer, so i'm not really surprised that MBAM found nothing when scanning it.
But a double check was always the safe way to go.

If you want to set your mind at rest, you can plug in the Usb stick and then run another Combofix scan. (still best to use the 'Shift' key when plugging in the flash drive just for safety)
Flash Disinfector and Combofix are both written by sUBs.
If any usb sticks are plugged in, then Combofix will also check these when a scan is run.

Cassie Br · Apr 18, 2014

Hi starbuck,

I did another scan with Combofix and with all honesty, I have no idea what it did.
I later thought it was a good idea to scan with Avira since it seems to be the only one who it tracking it and can't remove it. Avira states that the virus is still here. It lists two of them actually in different places:

Object: safa_22.vbs.xBAD - Detection: VBS/Dinihou.G.2 - Action: Move to quarantine
Object: safa_22.vbs.xBAD - Detection: VBS/Dinihou.G.2 - Action: Move to quarantine

I haven't moved anything anywhere, I'm starting to think that maybe Avira is the problem, could this be?
I'm sorry if this is confusing you.

starbuck · Apr 18, 2014

It's a pity that Avira didn't give us the file path .... that would have told us if in fact those files were still present ( which i doubt actually)
When we remove anything with FRST, Combofix etc the program actually moves the deletions to it's own quarantine folder. ( this then makes the infection safe)
Sometimes other programs like AV's will actually scan these quarantine folders as part of its scan and throw up anything that may be in them.
So Avira may have picked up the files that were already in quarantine.

Let's make sure that there's nothing else in the temp files by removing them all.
There is something else i'd like to check as well.

Step 1
Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).

It will close all programs when run, so make sure you have saved all your work before you begin.

Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.

Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2
With this scan you can plug in any usb drives and they will be checked along with your system.

I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

You may find it beneficial to close your resident AV program before running the scan.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the activex control to install

Click Start

Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic,

Note:
You will need to use Internet explorer for this scan

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

Please post the report if anything is found.

Thanks

Cassie Br · Apr 18, 2014

I will do as you said in your last post but I wanted to let you know that yes there actually is a location on where the threats are. I will post them when I rescan!

Cassie Br · Apr 18, 2014

These are the locations of the virus I found through the history report. Anything can be done?

Begin scan in 'C:\' <OS>
C:\FRST\Quarantine\C\Users\Stephnie\AppData\Roaming\safa7_22.vbs.xBAD
[DETECTION] Contains recognition pattern of the VBS/Dinihou.G.2 VBS script virus

C:\FRST\Quarantine\C\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\safa7_22.vbs.xBAD
[DETECTION] Contains recognition pattern of the VBS/Dinihou.G.2 VBS script virus

starbuck · Apr 18, 2014

Hi Cassie,

C:\FRST\Quarantine\C\Users\Stephnie\AppData\Roaming\safa7_22.vbs.xBAD
Click to expand...

Just as i thought.... Avira detected the files that had already been removed by FRST.
Those files were actually safe in the FRST quarantine folder.
Nothing to worry about there.

Let me know if Eset finds anything.

Thanks.

Cassie Br · Apr 18, 2014

I scanned the PC with Eset and it found the same two viruses. I'm not sure what happened when the scan was finished, I think it ''remove'' them. This is the report from Eset scan...

Scan Log
Version of virus signature database: 8944 (20131021)
Date: 4/18/2014 Time: 8:28:19 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\FRST\Quarantine\C\Users\Stephnie\AppData\Roaming\safa7_22.vbs.xBAD - VBS/Kryptik.J trojan - cleaned by deleting - quarantined [1]
C:\FRST\Quarantine\C\Users\Stephnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\safa7_22.vbs.xBAD - VBS/Kryptik.J trojan - cleaned by deleting - quarantined [1]
C:\Program Files\Dell Support Center\uninstaller.exe » NSIS » sDir - archive damaged - the file could not be extracted.
C:\Program Files\Dell Support Center\uninstaller.exe » NSIS » ilesDir - archive damaged - the file could not be extracted.
C:\Program Files\My Dell\uninstaller.exe » NSIS » sDir - archive damaged - the file could not be extracted.
C:\Program Files\My Dell\uninstaller.exe » NSIS » ilesDir - archive damaged - the file could not be extracted.
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProj.dat - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProjDT.dat - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » DataSafe_Green.ico - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG1.JPG - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG2.JPG - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » Wow64.lmd - error - password-protected file
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » VideoStage.ico - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » MsiZap.exe.manifest - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » PostBuild.exe.manifest - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1028.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1030.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1031.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1033.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1034.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1036.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1040.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1041.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1042.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_1043.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_2052.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_4100.TXT - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_nor.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_ptb.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_rus.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » lic_sve.txt - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » MUI_Lang.ini - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » Compress.log - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » MsiZap.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » PostBuild.exe - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » CLScan.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » GetDXVer.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » GetSTime.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » Helper.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » HwCtrlMgr.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » RegKey64Bit.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » Rpc2.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z » 7ZIP » UNO.dll - Incorrect file checksum (CRC); the file is probably password protected.
C:\ProgramData\Avira\AntiVir Desktop\TEMP\scaninfo(1712).tmp - error opening [4]
C:\ProgramData\Avira\My Avira\Temp\antivirus.exe » RAR » avsdklist.zip » ZIP » output.xml - error - password-protected file
C:\ProgramData\Avira\My Avira\Temp\antivirus.exe » RAR » manualuninstallconfig.zip » ZIP » out.xml - error - password-protected file
C:\ProgramData\Avira\My Avira\Temp\antivirus.exe » RAR » productreleasenotes.zip » ZIP » ProductReleaseNotes.xml - error - password-protected file
C:\ProgramData\Avira\My Avira\Temp\antivirus.exe » RAR » qatestedproducts.zip » ZIP » QATestedProducts.xml - error - password-protected file
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\System Volume Information\Syscache.hve - error opening [4]
C:\System Volume Information\Syscache.hve.LOG1 - error opening [4]
C:\System Volume Information\Syscache.hve.LOG2 - error opening [4]
C:\Users\All Users\Avira\AntiVir Desktop\TEMP\scaninfo(1712).tmp - error opening [4]
C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe » RAR » avsdklist.zip » ZIP » output.xml - error - password-protected file
C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe » RAR » manualuninstallconfig.zip » ZIP » out.xml - error - password-protected file
C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe » RAR » productreleasenotes.zip » ZIP » ProductReleaseNotes.xml - error - password-protected file
C:\Users\All Users\Avira\My Avira\Temp\antivirus.exe » RAR » qatestedproducts.zip » ZIP » QATestedProducts.xml - error - password-protected file
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\Stephnie\NTUSER.DAT - error opening [4]
C:\Users\Stephnie\ntuser.dat.LOG1 - error opening [4]
C:\Users\Stephnie\ntuser.dat.LOG2 - error opening [4]
C:\Users\Stephnie\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Users\Stephnie\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Stephnie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Stephnie\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Stephnie\AppData\Local\Microsoft\Windows\WebCacheLock.dat - error opening [4]
C:\Users\Stephnie\AppData\Local\Microsoft\Windows\WebCache\V01.log - error opening [4]
C:\Users\Stephnie\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - error opening [4]
C:\Users\Stephnie\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - error opening [4]
C:\Users\Stephnie\AppData\Roaming\Mozilla\Firefox\Profiles\alxzs099.default\parent.lock - error opening [4]
C:\Users\Stephnie\AppData\Roaming\Skype\DataRv\offline-storage.data - error opening [4]
C:\Users\Stephnie\AppData\Roaming\Skype\shared_dynco\dc.lock - error opening [4]
C:\Users\Stephnie\AppData\Roaming\Skype\shared_httpfe\queue.lock - error opening [4]
C:\WINDOWS\Installer\45b37497.msi » MSI » required.cab » CAB - error reading archive
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\2936a3c049cab6c5f0c5b10c40c56d714259546d.HomeGroupClassifier\643dffb2347618ee777ae2755271982b\grouping\db.mdb - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\2936a3c049cab6c5f0c5b10c40c56d714259546d.HomeGroupClassifier\643dffb2347618ee777ae2755271982b\grouping\edb.log - error opening [4]
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\2936a3c049cab6c5f0c5b10c40c56d714259546d.HomeGroupClassifier\643dffb2347618ee777ae2755271982b\grouping\tmp.edb - error opening [4]
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\WINDOWS\System32\log.txt - error opening [4]
C:\WINDOWS\System32\catroot2\edb.log - error opening [4]
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\WINDOWS\SysWOW64\log.txt - error opening [4]
Number of scanned objects: 352141
Number of threats found: 2
Number of cleaned objects: 2
Time of completion: 10:09:22 PM Total scanning time: 6063 sec (01:41:03)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

Let me know what you think... also, should I keep Avira Anti-Virus or would you recommend something else?
Thanks a lot of your time, patience and help!!

starbuck · Apr 18, 2014

Hi Cassie,

should I keep Avira Anti-Virus or would you recommend something else?
Click to expand...

At the moment there are only 3 'free' AV's that i recommend.... and Avira is one of them.
So by all means keep it.
At the end of the day, it did it's job.
It found the infection and notified you of it........ it also found it again after we had put the infected files into quarantine.

The Eset report looks a lot worse than it is.
It won't touch legit system files ( so it seems to throws up errors that are not exactly there).
The main part we needed to see was this:

Number of threats found: 2
Number of cleaned objects: 2
Click to expand...

We already know that files in that location are safe/neutralised.
So basically the report is nothing to worry about.

How is the system in general, any noticeable problems?

Cassie Br · Apr 18, 2014

The system is working very well actually, there isn't really anything unusual.
I will be keeping Avira, SUPERAntiSpyware (if necessary) and CCleaner.
Is there anything else you would recommend me doing?

Your help is greatly appreciated!

Log in or Sign up

[Solved] Dinihou.G.2. Virus - Need Help please

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Attached Files:

fixlist.txt

Cassie Br Registered Members

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

Share This Page

Log in or Sign up

[Solved] Dinihou.G.2. Virus - Need Help please

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Attached Files:

fixlist.txt

Cassie Br Registered Members

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

starbuck Rest In Peace Pete Administrator

Cassie Br Registered Members

Share This Page

Useful Searches