Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is infected!


  • This topic is locked This topic is locked
18 replies to this topic

#1 snelly5

snelly5

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 02 January 2014 - 10:34 AM

My internet is infected with annoying adds, popups, and home page redirections. Please help! Here is my dds log

 

 



BC AdBot (Login to Remove)

 


#2 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 02 January 2014 - 10:37 AM

it wont let me paste my dds log

 

Attached Files



#3 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 02 January 2014 - 11:27 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Snelson5 at 10:29:28 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1080 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0C3E0418-4BEB-4896-9537-3DA9066A4CDF} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0C3E0418-4BEB-4896-9537-3DA9066A4CDF}\14454573537343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4091BD3D-4A59-48F8-8FA7-C0E933889BDD} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2456C6B696E60223031323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2456C6B696E623031323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2456C6B696E653 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2456C6B696E6F523031323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2456C6B696E6F523031323F5 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2456C6B696E6F5E4F523031323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2456C6B696E6F5E4F575962756C6563737F5533343169323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 68.87.68.166 68.87.74.166 4.2.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\35E656C6C697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A56EA362-ED91-41F0-8D9D-4A41D7D69A6E}\35E656C6C69723031323 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Highlightly: {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - www.comcast.net
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-28 18:57; {f6507e24-34ad-4fcc-b8fb-a92bbbb435b8}; C:\Program Files (x86)\ViewPassword\150.xpi
FF - ExtSQL: 2014-01-01 19:32; gethighlightly@gethighlightly.com; C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R1 hlnfd;hlnfd;C:\Windows\System32\drivers\hlnfd.sys [2013-12-4 58256]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r [?]
R2 hlsvc;Highlightly Client Service;C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [2013-12-4 273000]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-2 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-2 701512]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-7-10 517632]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-2 25928]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-6 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-14 111616]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]
S3 VNA;Check Point Virtual Network Adapter;C:\Windows\System32\drivers\vna.sys [2009-11-2 161256]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-02 13:36:14 -------- d-----w- C:\Users\Snelson5\AppData\Roaming\Malwarebytes
2014-01-02 13:36:07 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-02 13:36:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-02 13:36:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 12:42:05 -------- d-----w- C:\ProgramData\Oracle
2014-01-02 12:41:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-02 00:58:12 973736 ----a-w- C:\Windows\System32\deployJava1.dll
2014-01-02 00:58:12 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll
2014-01-02 00:58:02 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-01-02 00:32:13 -------- d-----w- C:\Program Files\Highlightly
2014-01-02 00:31:50 -------- d-----w- C:\Program Files (x86)\Highlightly
2014-01-02 00:26:48 -------- d-----w- C:\ProgramData\VisualBee
2014-01-01 16:09:52 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78452DAC-2AFC-41A2-972E-24B8F4660336}\mpengine.dll
2013-12-28 23:58:47 -------- d-----w- C:\Users\Snelson5\AppData\Roaming\Digiarty
2013-12-28 23:58:47 -------- d-----w- C:\Program Files (x86)\Digiarty
2013-12-28 23:57:35 -------- d-----w- C:\Users\Snelson5\AppData\Local\SearchProtect
2013-12-28 23:57:34 -------- d-----w- C:\Program Files (x86)\ViewPassword
2013-12-14 08:04:55 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-14 08:04:55 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-14 08:04:54 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-14 08:04:53 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 11:15:23 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-04 19:46:36 58256 ----a-w- C:\Windows\System32\drivers\hlnfd.sys
.
==================== Find3M  ====================
.
2013-12-12 11:35:31 29792 ----a-w- C:\Windows\System32\drivers\klim6.sys
2013-12-12 11:35:30 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-12-11 01:13:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 01:13:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 14:46:14 138152 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2013-11-26 14:46:14 138152 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-10 11:04:29 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-10-10 11:04:28 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 10:30:53.39 ===============
 



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:10:48 PM

Posted 02 January 2014 - 12:46 PM

Hello snelly5,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Things to include in your next reply::
AdwCleaner log
Roguekiller log
Do you have a Usb Flash drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 02 January 2014 - 03:12 PM

I ran the adwcleaner. Here is the logfile. It asked me if I should clean it or scan. Should I have cleaned it? And yes, I do have a flash drive. the other website is reporting an error with its server and its offline.

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 15:02:46
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Snelson5 - SNELSON5-PC
# Running from : C:\Users\Snelson5\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default\searchplugins\conduit-search.xml
File Found : C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default\user.js
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\Program Files (x86)\ViewPassword
Folder Found C:\ProgramData\VisualBee
Folder Found C:\Users\Snelson5\AppData\Local\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\visualbee
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_doubletwist_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_doubletwist_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : HKLM\Software\visualbee
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP0476DE85-7AC0-495A-988D-C3AA0D9D2D97");
Line Found : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Found : user_pref("browser.search.selectedEngine", "Conduit Search");

*************************

AdwCleaner[R0].txt - [3828 octets] - [02/01/2014 15:02:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3888 octets] ##########



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:10:48 PM

Posted 02 January 2014 - 06:31 PM

1.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 02 January 2014 - 07:40 PM

# AdwCleaner v3.016 - Report created 02/01/2014 at 19:30:01
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Snelson5 - SNELSON5-PC
# Running from : C:\Users\Snelson5\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files (x86)\ViewPassword
Folder Deleted : C:\Users\Snelson5\AppData\Local\Searchprotect
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_doubletwist_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_doubletwist_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\visualbee

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP0476DE85-7AC0-495A-988D-C3AA0D9D2D97");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

*************************

AdwCleaner[R0].txt - [3984 octets] - [02/01/2014 15:02:46]
AdwCleaner[R1].txt - [3823 octets] - [02/01/2014 19:29:30]
AdwCleaner[S0].txt - [3607 octets] - [02/01/2014 19:30:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3667 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by Snelson5 (administrator) on SNELSON5-PC on 02-01-2014 19:35:48
Running from C:\Users\Snelson5\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Highlightly) C:\Program Files (x86)\Highlightly\Service\hlsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2782096 2010-07-25] (CANON INC.)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [FaxCenterServer] - C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [312240 2007-05-04] ()
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
HKCU\...\Run: [HLBackupScheduler] - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7654312 2013-12-12] (SlySoft, Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: F - F:\LaunchU3.exe -a
MountPoints2: {2adf34e6-0efe-11e3-986d-e0cb4e7c7aeb} - F:\setup.exe -a
MountPoints2: {2c3aee19-b02a-11e1-90ca-8a430716cc30} - F:\VZW_Software_upgrade_assistant.exe
MountPoints2: {8fb4d8e1-6a5e-11e2-86c6-e0cb4e7c7aeb} - F:\VerizonSWUpgradeAssistantLauncher.exe
MountPoints2: {93dd500e-2e9a-11df-b615-e0cb4e7c7aeb} - F:\LaunchU3.exe -a
MountPoints2: {b5dff73b-2256-11e0-9560-e0cb4e7c7aeb} - F:\TL-Bootstrap.exe
MountPoints2: {c4205ad1-c642-11df-ab1a-e0cb4e7c7aeb} - F:\TL-Bootstrap.exe
MountPoints2: {df16d09b-aedb-11e0-9e01-e0cb4e7c7aeb} - F:\TL-Bootstrap.exe
MountPoints2: {f1ba4000-68b9-11e3-9835-e0cb4e7c7aeb} - F:\VZW_Software_upgrade_assistant.exe
MountPoints2: {f756847f-4ac2-11e3-bd7b-e0cb4e7c7aeb} - F:\VZW_Software_upgrade_assistant.exe
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Mcx1-SNELSON5-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Mcx1-SNELSON5-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1-SNELSON5-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - DefaultScope {96E44610-527E-4900-8145-49370B34A28F} URL =
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {76B331C9-BD98-47FC-984A-5720980E9E1F} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {9C91DE74-9191-4202-862D-807C47706800} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default
FF Homepage: www.comcast.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF Extension: Highlightly - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF Extension: Highlightly - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKCU\...\Firefox\Extensions: [{f6507e24-34ad-4fcc-b8fb-a92bbbb435b8}] - C:\Program Files (x86)\ViewPassword\150.xpi

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 hlsvc; C:\Program Files (x86)\Highlightly\Service\hlsvc.exe [273000 2013-12-04] (Highlightly)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R1 hlnfd; C:\Windows\System32\drivers\hlnfd.sys [58256 2013-12-04] (Highlightly)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys [43032 2009-05-25] (Smith Micro Inc.)
S3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 19:35 - 2014-01-02 19:36 - 00020499 _____ C:\Users\Snelson5\Desktop\FRST.txt
2014-01-02 19:35 - 2014-01-02 19:35 - 01931498 _____ (Farbar) C:\Users\Snelson5\Desktop\FRST64.exe
2014-01-02 19:35 - 2014-01-02 19:35 - 00000000 ____D C:\FRST
2014-01-02 19:31 - 2014-01-02 19:31 - 00003751 _____ C:\Users\Snelson5\Desktop\AdwCleaner[S0].txt
2014-01-02 15:02 - 2014-01-02 19:30 - 00000000 ____D C:\AdwCleaner
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Malwarebytes
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 07:42 - 2014-01-02 07:42 - 00000000 ____D C:\ProgramData\Oracle
2014-01-02 07:41 - 2014-01-02 07:41 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-02 07:41 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-02 07:41 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-02 07:41 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-02 07:41 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-01-01 19:58 - 2014-01-01 19:57 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-01-01 19:58 - 2014-01-01 19:57 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-01 19:57 - 2014-01-01 19:57 - 00000000 ____D C:\Program Files\Java
2014-01-01 19:41 - 2014-01-01 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-01 19:32 - 2014-01-01 19:32 - 00003342 _____ C:\Windows\System32\Tasks\VisualBeeRecovery
2014-01-01 19:32 - 2014-01-01 19:32 - 00000000 ____D C:\Program Files\Highlightly
2014-01-01 19:31 - 2014-01-01 19:32 - 00000000 ____D C:\Program Files (x86)\Highlightly
2013-12-31 10:05 - 2013-12-31 10:05 - 03899316 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-31_100548.mbf
2013-12-30 21:18 - 2013-12-31 09:47 - 00444450 ____N C:\Users\Snelson5\Documents\Anne_Melody-Submit.epub
2013-12-30 21:18 - 2013-12-30 21:03 - 00582426 ____N C:\Users\Snelson5\Documents\Melody Anne - [Surrender 04] - Scorched (mobi).mobi
2013-12-30 21:18 - 2013-12-30 21:02 - 00171232 ____N C:\Users\Snelson5\Documents\The Billionaire's Marriage Proposal (Bil - Melody Anne.epub
2013-12-30 21:17 - 2013-12-30 21:02 - 00490144 ____N C:\Users\Snelson5\Documents\Seduced - Book Three - Surrender Series by Anne, Melody  .epub
2013-12-30 13:49 - 2013-12-30 13:49 - 03759894 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-30_134922.mbf
2013-12-28 19:06 - 2013-12-28 19:06 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\dvdcss
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Digiarty
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-12-28 09:43 - 2013-12-28 09:43 - 04026540 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-28_094333.mbf
2013-12-14 03:04 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 03:04 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 03:04 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 03:04 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 03:02 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 03:02 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 03:02 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 03:02 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 03:02 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 03:02 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 03:02 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 03:02 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 03:02 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 03:02 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 03:02 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 03:02 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 03:02 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 03:02 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 03:02 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 03:02 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 03:02 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 03:02 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 03:02 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 03:02 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 03:02 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 03:02 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 03:02 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 03:02 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 03:02 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 03:02 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 03:02 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 03:02 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 03:02 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 03:02 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 03:02 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 06:15 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 06:15 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 06:15 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 06:15 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 06:15 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 06:15 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 06:15 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 06:15 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 06:15 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 06:15 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 06:15 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 06:15 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 06:15 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 06:15 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 06:15 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 06:15 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 06:15 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 06:15 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 06:15 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-04 14:46 - 2013-12-04 14:46 - 00058256 _____ (Highlightly) C:\Windows\system32\Drivers\hlnfd.sys

==================== One Month Modified Files and Folders =======

2014-01-02 19:36 - 2014-01-02 19:35 - 00020499 _____ C:\Users\Snelson5\Desktop\FRST.txt
2014-01-02 19:35 - 2014-01-02 19:35 - 01931498 _____ (Farbar) C:\Users\Snelson5\Desktop\FRST64.exe
2014-01-02 19:35 - 2014-01-02 19:35 - 00000000 ____D C:\FRST
2014-01-02 19:35 - 2009-07-14 00:13 - 00742920 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 19:34 - 2010-02-24 13:24 - 01247891 _____ C:\Windows\WindowsUpdate.log
2014-01-02 19:31 - 2014-01-02 19:31 - 00003751 _____ C:\Users\Snelson5\Desktop\AdwCleaner[S0].txt
2014-01-02 19:31 - 2011-01-04 19:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 19:31 - 2010-03-16 17:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-02 19:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 19:31 - 2009-07-13 23:51 - 00155625 _____ C:\Windows\setupact.log
2014-01-02 19:30 - 2014-01-02 15:02 - 00000000 ____D C:\AdwCleaner
2014-01-02 19:28 - 2012-04-26 05:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 19:28 - 2011-01-04 19:49 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 15:02 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 15:02 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 10:41 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-02 10:10 - 2013-07-30 05:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 10:10 - 2010-01-07 21:11 - 00656756 _____ C:\Windows\PFRO.log
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Malwarebytes
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 07:45 - 2013-07-18 06:56 - 00000000 ____D C:\Users\Snelson5\Documents\Bankruptcy Documentation
2014-01-02 07:42 - 2014-01-02 07:42 - 00000000 ____D C:\ProgramData\Oracle
2014-01-02 07:41 - 2014-01-02 07:41 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-02 07:41 - 2013-08-20 16:54 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 19:57 - 2014-01-01 19:58 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-01-01 19:57 - 2014-01-01 19:58 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-01-01 19:57 - 2014-01-01 19:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-01 19:57 - 2014-01-01 19:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-01 19:57 - 2014-01-01 19:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-01 19:57 - 2014-01-01 19:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-01 19:57 - 2014-01-01 19:57 - 00000000 ____D C:\Program Files\Java
2014-01-01 19:41 - 2014-01-01 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-01 19:32 - 2014-01-01 19:32 - 00003342 _____ C:\Windows\System32\Tasks\VisualBeeRecovery
2014-01-01 19:32 - 2014-01-01 19:32 - 00000000 ____D C:\Program Files\Highlightly
2014-01-01 19:32 - 2014-01-01 19:31 - 00000000 ____D C:\Program Files (x86)\Highlightly
2013-12-31 12:56 - 2010-03-12 20:29 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-12-31 12:44 - 2010-03-12 20:24 - 00000083 ___SH C:\ProgramData\.zreglib
2013-12-31 10:05 - 2013-12-31 10:05 - 03899316 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-31_100548.mbf
2013-12-31 10:05 - 2010-03-12 20:18 - 15564800 _____ C:\Users\Snelson5\Documents\My Money.mny
2013-12-31 09:47 - 2013-12-30 21:18 - 00444450 ____N C:\Users\Snelson5\Documents\Anne_Melody-Submit.epub
2013-12-30 21:03 - 2013-12-30 21:18 - 00582426 ____N C:\Users\Snelson5\Documents\Melody Anne - [Surrender 04] - Scorched (mobi).mobi
2013-12-30 21:02 - 2013-12-30 21:18 - 00171232 ____N C:\Users\Snelson5\Documents\The Billionaire's Marriage Proposal (Bil - Melody Anne.epub
2013-12-30 21:02 - 2013-12-30 21:17 - 00490144 ____N C:\Users\Snelson5\Documents\Seduced - Book Three - Surrender Series by Anne, Melody  .epub
2013-12-30 13:49 - 2013-12-30 13:49 - 03759894 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-30_134922.mbf
2013-12-28 19:06 - 2013-12-28 19:06 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\dvdcss
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Digiarty
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-12-28 09:43 - 2013-12-28 09:43 - 04026540 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-28_094333.mbf
2013-12-27 09:31 - 2011-09-02 20:58 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Skype
2013-12-27 09:24 - 2013-02-26 20:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-27 09:24 - 2011-09-02 20:58 - 00000000 ____D C:\ProgramData\Skype
2013-12-22 09:28 - 2013-11-28 13:26 - 00000000 ____D C:\Users\Snelson5\Documents\Neverwinter Saga (Books 1-4)  by R. A. Salvatore
2013-12-22 09:15 - 2010-03-12 17:53 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSnelson5
2013-12-22 09:15 - 2010-03-12 17:53 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForSnelson5.job
2013-12-20 20:53 - 2010-03-12 19:40 - 00000000 ____D C:\Users\Snelson5\AppData\Local\CrashDumps
2013-12-19 09:29 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 03:03 - 2013-07-31 02:04 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2010-03-14 15:59 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 12:23 - 2011-04-04 21:23 - 00237056 ___SH C:\Users\Snelson5\Documents\Thumbs.db
2013-12-14 04:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 03:23 - 2009-07-13 23:45 - 00431624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 03:04 - 2010-03-15 15:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 06:35 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-12 06:35 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-10 20:13 - 2012-04-26 05:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 20:13 - 2012-04-26 05:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 20:13 - 2011-08-16 18:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 19:45 - 2011-01-04 19:49 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-04 19:45 - 2011-01-04 19:49 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-04 14:46 - 2013-12-04 14:46 - 00058256 _____ (Highlightly) C:\Windows\system32\Drivers\hlnfd.sys

Some content of TEMP:
====================
C:\Users\Snelson5\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Snelson5\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Snelson5\AppData\Local\Temp\Quarantine.exe
C:\Users\Snelson5\AppData\Local\Temp\SendMsg.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 17:45

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2014
Ran by Snelson5 at 2014-01-02 19:36:52
Running from C:\Users\Snelson5\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1990.41618 - ABBYY Software House)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112 - Adobe Systems, Inc.)
AnyDVD (x32 Version: 7.3.8.0 - SlySoft)
CameraHelperMsi (x32 Version: 13.25.1010.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (x32 Version:  - )
Canon Easy-WebPrint EX (x32 Version:  - )
Canon IJ Network Scanner Selector EX (x32 Version:  - )
Canon IJ Network Tool (x32 Version:  - )
Canon MP Navigator EX 4.1 (x32 Version:  - )
Canon MX410 series MP Drivers (Version:  - )
Canon MX410 series User Registration (x32 Version:  - )
Canon My Printer (x32 Version:  - )
Canon Solution Menu EX (x32 Version:  - )
Canon Speed Dial Utility (x32 Version:  - )
CloneDVD2 (x32 Version: 2.9.3.0 - Elaborate Bytes)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (x32 Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0 - )
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hardware Diagnostic Tools (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Highlightly (x32 Version: 1.9.0.0 - Highlightly)
HP Advisor (x32 Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (x32 Version: 1.0.0.71 - WildTangent)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (x32 Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (x32 Version: 4.3.1.2 - Hewlett-Packard) Hidden
HP Support Information (x32 Version: 10.1.0002 - Hewlett-Packard)
HP Update (x32 Version: 5.001.000.014 - Hewlett-Packard)
HTC BMP USB Driver (x32 Version: 1.0.5375 - HTC)
HTC Driver Installer (x32 Version: 3.0.0.005 - HTC Corporation)
Java 7 Update 40 (64-bit) (Version: 7.0.400 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
Lexmark Fax Solutions (Version:  - )
LightScribe System Software (x32 Version: 1.18.8.1 - LightScribe)
Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (Version: 2.2.100 - LSI Corporation)
LWS Facebook (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.10.1218.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.20.1166.0 - Logitech) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Money Plus (x32 Version: 17 - Microsoft)
Microsoft Money Shared Libraries (x32 Version: 17.0.0.724 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Nexon Game Manager (x32 Version:  - )
Norton Online Backup (x32 Version: 1.2.20.0 - Symantec)
NVIDIA Display Control Panel (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.10.58.36 - NVIDIA Corporation)
Pando Media Booster (x32 Version: 2.3.5.6 - Pando Networks Inc.)
PictureMover (x32 Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
ViewPassword (x32 Version:  - ViewPassword Software)
VZAccess Manager (x32 Version: 7.2.11.1 - Smith Micro Software Inc.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.21 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinX DVD Ripper 5.5.5 (x32 Version:  - Digiarty Software, Inc.)
WModem Driver Installer (x32 Version:  - HTC)
Yahoo! Detect (x32 Version:  - )

==================== Restore Points  =========================

12-12-2013 11:11:40 Windows Update
14-12-2013 08:00:39 Windows Update
15-12-2013 08:00:27 Windows Update
18-12-2013 11:01:15 Windows Update
24-12-2013 20:22:22 Windows Update
31-12-2013 08:00:25 Windows Update
02-01-2014 00:27:52 Installed Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
02-01-2014 00:57:23 Installed Java 7 Update 40 (64-bit)
02-01-2014 12:40:12 Installed Java 7 Update 45
02-01-2014 15:39:03 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2DB7A808-733A-4546-A284-B2812C312C71} - System32\Tasks\VisualBeeRecovery => C:\Users\Snelson5\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe
Task: {43C367EE-5870-4133-9BD3-6C48D4E14A9E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {4D96CC78-A27A-4941-8A60-D6B37FC3B77D} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {5E912309-BAC2-4752-9E2A-9514C843FD8B} - System32\Tasks\HPCeeScheduleForSnelson5 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {73AC4A92-29A2-4E3E-987D-E169041001E2} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {891011F2-BA4B-46A4-9D13-F77FF4AC9ABA} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {A195EF50-697D-42CC-83AD-B61A227D1A97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-04] (Google Inc.)
Task: {A8C92207-133F-4A24-81C2-36F702C048F9} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SNELSON5-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {B536068C-F71E-413F-B8F7-6FF503687ABC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {CD6155E0-9C63-4003-B437-BEDEF857B015} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-04] (Google Inc.)
Task: {F91FDC77-6000-459A-B5FF-630F93567008} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSnelson5.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2012-08-17 21:39 - 2012-12-23 09:09 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2011-03-30 17:25 - 2011-03-30 17:25 - 00331608 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80828478.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80828478.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2013 05:27:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (12/30/2013 02:03:03 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (12/30/2013 02:03:03 PM) (Source: Outlook) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (12/30/2013 02:03:03 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (12/30/2013 02:03:03 PM) (Source: Outlook) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (12/20/2013 08:53:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204
Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e
Exception code: 0xc0000005
Fault offset: 0x00118f87
Faulting process id: 0x19d4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/20/2013 03:09:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16476, time stamp: 0x52947390
Exception code: 0xc0000005
Fault offset: 0x006b9868
Faulting process id: 0xf64
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/16/2013 10:10:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: AcroRd32.exe, version: 11.0.4.63, time stamp: 0x522888c1
Faulting module name: IA32.api_unloaded, version: 0.0.0.0, time stamp: 0x52288758
Exception code: 0xc0000005
Fault offset: 0x6a066d52
Faulting process id: 0x1554
Faulting application start time: 0xAcroRd32.exe0
Faulting application path: AcroRd32.exe1
Faulting module path: AcroRd32.exe2
Report Id: AcroRd32.exe3

Error: (11/14/2013 04:49:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 584

Start Time: 01cee18258a24270

Termination Time: 9

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (11/13/2013 04:55:57 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14f4

Start Time: 01cee0bb1430c610

Termination Time: 126

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (01/02/2014 02:54:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:54:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:54:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:54:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:54:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:54:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:52:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:52:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:52:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/02/2014 02:49:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/14/2013 07:28:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/04/2013 04:12:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/15/2012 08:01:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 92 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 07:05:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 56 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 06:56:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 06:56:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 06:55:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 126 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 06:53:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 06:53:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 73 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/13/2012 06:17:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-01-02 11:47:42.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 11:47:42.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 11:47:42.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 11:38:49.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 11:38:49.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 11:38:49.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 09:02:37.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 09:02:37.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 09:02:37.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-01-02 08:49:13.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 2815.3 MB
Available physical RAM: 1631.16 MB
Total Pagefile: 5628.79 MB
Available Pagefile: 4136.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:394.53 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:10:48 PM

Posted 02 January 2014 - 09:04 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   1.48KB   2 downloads

 

 

How is the machine running now?

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 02 January 2014 - 09:17 PM

I have tested my internet...no popups right now. Here is the log...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014
Ran by Snelson5 (administrator) on SNELSON5-PC on 02-01-2014 21:13:40
Running from C:\Users\Snelson5\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2782096 2010-07-25] (CANON INC.)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [FaxCenterServer] - C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [312240 2007-05-04] ()
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
HKCU\...\Run: [HLBackupScheduler] - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
HKCU\...\Run: [AnyDVD] - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [7654312 2013-12-12] (SlySoft, Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: F - F:\LaunchU3.exe -a
MountPoints2: {2adf34e6-0efe-11e3-986d-e0cb4e7c7aeb} - F:\setup.exe -a
MountPoints2: {2c3aee19-b02a-11e1-90ca-8a430716cc30} - F:\VZW_Software_upgrade_assistant.exe
MountPoints2: {8fb4d8e1-6a5e-11e2-86c6-e0cb4e7c7aeb} - F:\VerizonSWUpgradeAssistantLauncher.exe
MountPoints2: {93dd500e-2e9a-11df-b615-e0cb4e7c7aeb} - F:\LaunchU3.exe -a
MountPoints2: {b5dff73b-2256-11e0-9560-e0cb4e7c7aeb} - F:\TL-Bootstrap.exe
MountPoints2: {c4205ad1-c642-11df-ab1a-e0cb4e7c7aeb} - F:\TL-Bootstrap.exe
MountPoints2: {df16d09b-aedb-11e0-9e01-e0cb4e7c7aeb} - F:\TL-Bootstrap.exe
MountPoints2: {f1ba4000-68b9-11e3-9835-e0cb4e7c7aeb} - F:\VZW_Software_upgrade_assistant.exe
MountPoints2: {f756847f-4ac2-11e3-bd7b-e0cb4e7c7aeb} - F:\VZW_Software_upgrade_assistant.exe
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Mcx1-SNELSON5-PC\...\Policies\system: [LogonHoursAction] 2
HKU\Mcx1-SNELSON5-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1-SNELSON5-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - DefaultScope {96E44610-527E-4900-8145-49370B34A28F} URL =
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {76B331C9-BD98-47FC-984A-5720980E9E1F} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {9C91DE74-9191-4202-862D-807C47706800} URL =
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Snelson5\AppData\Roaming\Mozilla\Firefox\Profiles\0286fh5m.default
FF Homepage: www.comcast.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKCU\...\Firefox\Extensions: [{f6507e24-34ad-4fcc-b8fb-a92bbbb435b8}] - C:\Program Files (x86)\ViewPassword\150.xpi

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138152 2013-11-26] (SlySoft, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-12] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys [43032 2009-05-25] (Smith Micro Inc.)
S3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
R1 hlnfd; system32\drivers\hlnfd.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-02 21:13 - 2014-01-02 21:13 - 00019868 _____ C:\Users\Snelson5\Desktop\FRST.txt
2014-01-02 21:13 - 2014-01-02 21:13 - 00000000 ____D C:\Users\Snelson5\Desktop\FRST-OlderVersion
2014-01-02 21:12 - 2014-01-02 21:12 - 00001511 _____ C:\Users\Snelson5\Desktop\fixlist.txt
2014-01-02 19:35 - 2014-01-02 21:13 - 01931750 _____ (Farbar) C:\Users\Snelson5\Desktop\FRST64.exe
2014-01-02 19:35 - 2014-01-02 21:13 - 00000000 ____D C:\FRST
2014-01-02 15:02 - 2014-01-02 19:30 - 00000000 ____D C:\AdwCleaner
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Malwarebytes
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 07:42 - 2014-01-02 07:42 - 00000000 ____D C:\ProgramData\Oracle
2014-01-02 07:41 - 2014-01-02 07:41 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-02 07:41 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-02 07:41 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-02 07:41 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-02 07:41 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-01-01 19:58 - 2014-01-01 19:57 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-01-01 19:58 - 2014-01-01 19:57 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-01 19:58 - 2014-01-01 19:57 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-01 19:57 - 2014-01-01 19:57 - 00000000 ____D C:\Program Files\Java
2014-01-01 19:41 - 2014-01-02 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-01 19:32 - 2014-01-01 19:32 - 00003342 _____ C:\Windows\System32\Tasks\VisualBeeRecovery
2013-12-31 10:05 - 2013-12-31 10:05 - 03899316 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-31_100548.mbf
2013-12-30 21:18 - 2013-12-31 09:47 - 00444450 ____N C:\Users\Snelson5\Documents\Anne_Melody-Submit.epub
2013-12-30 21:18 - 2013-12-30 21:03 - 00582426 ____N C:\Users\Snelson5\Documents\Melody Anne - [Surrender 04] - Scorched (mobi).mobi
2013-12-30 21:18 - 2013-12-30 21:02 - 00171232 ____N C:\Users\Snelson5\Documents\The Billionaire's Marriage Proposal (Bil - Melody Anne.epub
2013-12-30 21:17 - 2013-12-30 21:02 - 00490144 ____N C:\Users\Snelson5\Documents\Seduced - Book Three - Surrender Series by Anne, Melody  .epub
2013-12-30 13:49 - 2013-12-30 13:49 - 03759894 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-30_134922.mbf
2013-12-28 19:06 - 2013-12-28 19:06 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\dvdcss
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Digiarty
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-12-28 09:43 - 2013-12-28 09:43 - 04026540 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-28_094333.mbf
2013-12-14 03:04 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-14 03:04 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-14 03:04 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-14 03:04 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-14 03:02 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-14 03:02 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-14 03:02 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-14 03:02 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-14 03:02 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-14 03:02 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-14 03:02 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-14 03:02 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-14 03:02 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-14 03:02 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-14 03:02 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-14 03:02 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-14 03:02 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-14 03:02 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-14 03:02 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-14 03:02 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-14 03:02 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-14 03:02 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-14 03:02 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-14 03:02 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-14 03:02 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-14 03:02 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-14 03:02 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-14 03:02 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-14 03:02 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-14 03:02 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-14 03:02 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-14 03:02 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-14 03:02 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-14 03:02 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-14 03:02 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 06:15 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 06:15 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 06:15 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 06:15 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 06:15 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 06:15 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 06:15 - 2013-10-29 20:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 06:15 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 06:15 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 06:15 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 06:15 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 06:15 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 06:15 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 06:15 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 06:15 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 06:15 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 06:15 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 06:15 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 06:15 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-02 21:13 - 2014-01-02 21:13 - 00019868 _____ C:\Users\Snelson5\Desktop\FRST.txt
2014-01-02 21:13 - 2014-01-02 21:13 - 00000000 ____D C:\Users\Snelson5\Desktop\FRST-OlderVersion
2014-01-02 21:13 - 2014-01-02 19:35 - 01931750 _____ (Farbar) C:\Users\Snelson5\Desktop\FRST64.exe
2014-01-02 21:13 - 2014-01-02 19:35 - 00000000 ____D C:\FRST
2014-01-02 21:13 - 2012-04-26 05:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 21:12 - 2014-01-02 21:12 - 00001511 _____ C:\Users\Snelson5\Desktop\fixlist.txt
2014-01-02 21:11 - 2011-01-04 19:49 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 19:50 - 2011-01-04 19:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 19:48 - 2010-03-16 17:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-02 19:41 - 2014-01-01 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-02 19:38 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 19:38 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 19:35 - 2009-07-14 00:13 - 00742920 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 19:34 - 2010-02-24 13:24 - 01250559 _____ C:\Windows\WindowsUpdate.log
2014-01-02 19:31 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 19:31 - 2009-07-13 23:51 - 00155625 _____ C:\Windows\setupact.log
2014-01-02 19:30 - 2014-01-02 15:02 - 00000000 ____D C:\AdwCleaner
2014-01-02 10:41 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-02 10:10 - 2013-07-30 05:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-02 10:10 - 2010-01-07 21:11 - 00656756 _____ C:\Windows\PFRO.log
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Malwarebytes
2014-01-02 08:36 - 2014-01-02 08:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 07:45 - 2013-07-18 06:56 - 00000000 ____D C:\Users\Snelson5\Documents\Bankruptcy Documentation
2014-01-02 07:42 - 2014-01-02 07:42 - 00000000 ____D C:\ProgramData\Oracle
2014-01-02 07:41 - 2014-01-02 07:41 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2014-01-02 07:41 - 2013-08-20 16:54 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 19:57 - 2014-01-01 19:58 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-01-01 19:57 - 2014-01-01 19:58 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-01-01 19:57 - 2014-01-01 19:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-01 19:57 - 2014-01-01 19:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-01 19:57 - 2014-01-01 19:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-01 19:57 - 2014-01-01 19:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-01 19:57 - 2014-01-01 19:57 - 00000000 ____D C:\Program Files\Java
2014-01-01 19:32 - 2014-01-01 19:32 - 00003342 _____ C:\Windows\System32\Tasks\VisualBeeRecovery
2013-12-31 12:56 - 2010-03-12 20:29 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-12-31 12:44 - 2010-03-12 20:24 - 00000083 ___SH C:\ProgramData\.zreglib
2013-12-31 10:05 - 2013-12-31 10:05 - 03899316 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-31_100548.mbf
2013-12-31 10:05 - 2010-03-12 20:18 - 15564800 _____ C:\Users\Snelson5\Documents\My Money.mny
2013-12-31 09:47 - 2013-12-30 21:18 - 00444450 ____N C:\Users\Snelson5\Documents\Anne_Melody-Submit.epub
2013-12-30 21:03 - 2013-12-30 21:18 - 00582426 ____N C:\Users\Snelson5\Documents\Melody Anne - [Surrender 04] - Scorched (mobi).mobi
2013-12-30 21:02 - 2013-12-30 21:18 - 00171232 ____N C:\Users\Snelson5\Documents\The Billionaire's Marriage Proposal (Bil - Melody Anne.epub
2013-12-30 21:02 - 2013-12-30 21:17 - 00490144 ____N C:\Users\Snelson5\Documents\Seduced - Book Three - Surrender Series by Anne, Melody  .epub
2013-12-30 13:49 - 2013-12-30 13:49 - 03759894 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-30_134922.mbf
2013-12-28 19:06 - 2013-12-28 19:06 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\dvdcss
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Digiarty
2013-12-28 18:58 - 2013-12-28 18:58 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-12-28 09:43 - 2013-12-28 09:43 - 04026540 ____R C:\Users\Snelson5\Documents\My Money Backup_2013-12-28_094333.mbf
2013-12-27 09:31 - 2011-09-02 20:58 - 00000000 ____D C:\Users\Snelson5\AppData\Roaming\Skype
2013-12-27 09:24 - 2013-02-26 20:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-27 09:24 - 2011-09-02 20:58 - 00000000 ____D C:\ProgramData\Skype
2013-12-22 09:28 - 2013-11-28 13:26 - 00000000 ____D C:\Users\Snelson5\Documents\Neverwinter Saga (Books 1-4)  by R. A. Salvatore
2013-12-22 09:15 - 2010-03-12 17:53 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSnelson5
2013-12-22 09:15 - 2010-03-12 17:53 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForSnelson5.job
2013-12-20 20:53 - 2010-03-12 19:40 - 00000000 ____D C:\Users\Snelson5\AppData\Local\CrashDumps
2013-12-19 09:29 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 03:03 - 2013-07-31 02:04 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2010-03-14 15:59 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 12:23 - 2011-04-04 21:23 - 00237056 ___SH C:\Users\Snelson5\Documents\Thumbs.db
2013-12-14 04:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 03:23 - 2009-07-13 23:45 - 00431624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-14 03:04 - 2010-03-15 15:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-12 06:35 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-12-12 06:35 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-12-10 20:13 - 2012-04-26 05:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 20:13 - 2012-04-26 05:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 20:13 - 2011-08-16 18:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 19:45 - 2011-01-04 19:49 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-04 19:45 - 2011-01-04 19:49 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Snelson5\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Snelson5\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Snelson5\AppData\Local\Temp\Quarantine.exe
C:\Users\Snelson5\AppData\Local\Temp\SendMsg.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-30 17:45

==================== End Of Log ============================



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:10:48 PM

Posted 02 January 2014 - 11:44 PM

Please follow the direction in POST #8 again. and post the log. It should be named fixlog.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 03 January 2014 - 09:44 AM

Sorry about that. I posted the wrong log. Here is the original one from yesterday after the initial run...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by Snelson5 at 2014-01-02 21:14:13 Run:1
Running from C:\Users\Snelson5\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Mcx1-SNELSON5-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()
SearchScopes: HKLM - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - DefaultScope {96E44610-527E-4900-8145-49370B34A28F} URL =
SearchScopes: HKCU - {76B331C9-BD98-47FC-984A-5720980E9E1F} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {9C91DE74-9191-4202-862D-807C47706800} URL =
BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
BHO-x32: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
FF Extension: Highlightly - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
C:\Users\Snelson5\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Snelson5\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Snelson5\AppData\Local\Temp\Quarantine.exe
C:\Users\Snelson5\AppData\Local\Temp\SendMsg.dll
*****************

HKU\Mcx1-SNELSON5-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800} => Key deleted successfully.
HKCR\CLSID\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76B331C9-BD98-47FC-984A-5720980E9E1F} => Key deleted successfully.
HKCR\CLSID\{76B331C9-BD98-47FC-984A-5720980E9E1F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800} => Key deleted successfully.
HKCR\CLSID\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
HKCR\Wow6432Node\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\gethighlightly@gethighlightly.com => Value deleted successfully.
C:\Users\Snelson5\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Snelson5\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Snelson5\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Snelson5\AppData\Local\Temp\SendMsg.dll => Moved successfully.

==== End of Fixlog ====


Here is the one from the second run...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by Snelson5 at 2014-01-03 09:41:56 Run:2
Running from C:\Users\Snelson5\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\Mcx1-SNELSON5-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [ ] ()
SearchScopes: HKLM - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {9C91DE74-9191-4202-862D-807C47706800} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - DefaultScope {96E44610-527E-4900-8145-49370B34A28F} URL =
SearchScopes: HKCU - {76B331C9-BD98-47FC-984A-5720980E9E1F} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {9C91DE74-9191-4202-862D-807C47706800} URL =
BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
BHO-x32: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
FF Extension: Highlightly - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
C:\Users\Snelson5\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Snelson5\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Snelson5\AppData\Local\Temp\Quarantine.exe
C:\Users\Snelson5\AppData\Local\Temp\SendMsg.dll
*****************

HKU\Mcx1-SNELSON5-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKCR\CLSID\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKCR\Wow6432Node\CLSID\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76B331C9-BD98-47FC-984A-5720980E9E1F} => Key not found.
HKCR\CLSID\{76B331C9-BD98-47FC-984A-5720980E9E1F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKCR\CLSID\{9C91DE74-9191-4202-862D-807C47706800} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
HKCR\Wow6432Node\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\gethighlightly@gethighlightly.com => Value not found.
"C:\Users\Snelson5\AppData\Local\Temp\fp_pl_pfs_installer.exe" => File/Directory not found.
"C:\Users\Snelson5\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Snelson5\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Snelson5\AppData\Local\Temp\SendMsg.dll" => File/Directory not found.

==== End of Fixlog ====



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:10:48 PM

Posted 03 January 2014 - 02:15 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 03 January 2014 - 08:56 PM

No more popups and redirections. Is it all clear now?



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 12,260 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bement, ILL
  • Local time:10:48 PM

Posted 04 January 2014 - 11:12 AM

 

No more popups and redirections. Is it all clear now?

Glad to hear this. Let's run a couple other scans to make sure no leftovers.

 

 

1.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

2.

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


un03.png

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 snelly5

snelly5
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 04 January 2014 - 12:34 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Snelson5 :: SNELSON5-PC [administrator]

Protection: Disabled

1/4/2014 12:28:53 PM
mbam-log-2014-01-04 (12-28-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272018
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users