Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I keep getting a Yahoo redirect........


  • This topic is locked This topic is locked
63 replies to this topic

#1 kennymacattack

kennymacattack

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 09 September 2013 - 06:00 AM

I already had this going. Thanks in advance for any help! http://www.bleepingcomputer.com/forums/t/506845/i-keep-getting-a-yahoo-redirect/

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:58 AM

Posted 12 September 2013 - 08:27 PM

Hello please run these..

What browser are you running.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.


  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • .
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


    Please download MiniToolBox, save it to your desktop and run it.
    Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 14 September 2013 - 06:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507219 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 14 September 2013 - 01:06 PM

Sorry for responding so late. I will be more prompt and check this every chance I get. I am using Mozilla/Firefox. I tried downloading MBAM with Mozilla and Internet Explorer, but I cannot see how I can rename the file before running it. It just prompts me to save, then run it. I ran it anyway and it didn't find anything. Again, thank you guys so much for taking the time to help me. But I did download the DDS. Here are the results-

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/10/2012 6:24:49 PM
System Uptime: 9/14/2013 5:48:07 AM (8 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | ET2410
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz | LGA 1155 | 1584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 921 GiB total, 875.976 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP220: 8/30/2013 4:00:53 AM - Windows Update
RP221: 9/1/2013 10:59:42 AM - Windows Update
RP222: 9/5/2013 3:26:37 PM - Windows Update
RP223: 9/10/2013 8:06:05 AM - Windows Update
RP224: 9/11/2013 3:08:44 AM - Windows Update
RP225: 9/14/2013 12:22:35 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 11.6
AI Suite II
Amazon Cloud Drive
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS Ai Charger
ASUS Cam
ASUS Cinema
ASUS Docking
ASUS Easy Update
ASUS Manager Suite
ASUS Memo
ASUS Paint
ASUS Touch Tech
AsusVibe2.0
Best Buy pc app
CyberLink PowerCinema Movie
D3DX10
ENE CIR Receiver Driver
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print
ESET Online Scanner v3
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 7 (64-bit)
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
JavaFX 2.1.1
JMicron Flash Media Controller Driver
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NextWindow DesktopTouch Driver Package
OOBERegBackup
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Serious Sam: The Second Encounter
swMSM
TWC Customer Controls
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Visual Studio 2008 x64 Redistributables
Windows Driver Package - ASUS Tek. Corporation hidfilter HIDClass  (05/26/2011 1.0.0.27)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/13/2013 6:18:21 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {A5B020FD-E04B-4E67-B65A-E7DEED25B2CF} as /. The error: "740" Happened while starting this command: C:\Windows\System32\wisptis.exe -Embedding
.
==== End Of File ===========================



#5 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 19 September 2013 - 12:19 AM

Hmmmmmm.....haven't received a reply. I am using Mozilla/Firefox, and one of the main sites I get re-directed to is Beesq.net.

 

I hope that helps. Not sure why my computer keeps coming up clean though when I scan for viruses. Let me know if I need to re-follow the instructions previously stated. Thanks!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:58 AM

Posted 19 September 2013 - 03:12 PM

Greetings kennymacattack and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While come up to speed on what has been posted already please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 19 September 2013 - 11:46 PM

Thanks Gary! And yes, you can call me Kenny. I did use the MalwareBytes Chameleon last night and so far, no redirection and my computer is running really fast. However, I do wanna make sure it is gone because there have been times when I don't get the redirection for a while, then all of a sudden it comes back. I really appreciate your help! I hope I did this right, lol. Here is what I got so far-

 

FRST Results-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by kenny (administrator) on KENNY-PC on 20-09-2013 00:39:53
Running from C:\Users\kenny\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe
(Amazon Digital Services, LLC.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(CyberLink) C:\Program Files (x86)\ASUS\ASUS Cam\YCMMirage.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager Suite\ASUSManager.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\EMOSDControl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMMessageParser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsEjectHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe
(NDS Technologies) C:\Users\kenny\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
() C:\Users\kenny\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [ASUS Docking] - C:\Program Files\ASUS\ASUS Docking\ASUS Docking.exe [443568 2011-06-28] (ASUSTek Computer Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\RunOnce: [1] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [218184 2013-04-04] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Epson Stylus NX430(Network)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\kenny\AppData\Local\Temp\E_S4D0A.tmp" /EF "HKCU"
HKCU\...\Run: [PCShowServer] - C:\Users\kenny\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1765744 2013-06-25] (NDS Technologies)
MountPoints2: {a19f0e13-26f3-11e2-b835-1c75086d158c} - F:\setup.exe -a
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [AsShellApplication] - C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsShellApplication.exe [232064 2010-08-04] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2009-12-30] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\ASUS\ASUS Cam\YCMMirage.exe [136488 2011-04-27] (CyberLink)
HKLM-x32\...\Run: [ASUS Ai Charger] - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [465536 2010-10-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [OOBESetup] - C:\Program Files (x86)\asus\OOBERegBackup\OOBEReg.ini [2234 2009-10-14] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HF_G_Jul] - "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction [x]
HKLM-x32\...\Run: [ROC_ROC_NT] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
HKU\kids\...\Run: [Best Buy pc app] - C:\Users\kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [398 2012-02-12] ()
HKU\kids\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex
AppInit_DLLs:    [0 ] ()
Startup: C:\Users\kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adbrlnt1&chnl=adbrlnt1&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyC0DtCyDzz0CyB0C0C0EtN0D0Tzu0CtCzytBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1765983691
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\8o38ad5w.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\kenny\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\kenny\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Extension: No Name - C:\Users\kenny\AppData\Roaming\Mozilla\Firefox\Profiles\8o38ad5w.default\Extensions\{60e78716-b1ea-11e2-8274-b8ac6f996f26}.xpi

Chrome:
=======

==================== Services (Whitelisted) =================

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R0 hidfilter; C:\Windows\System32\DRIVERS\hidfilter.sys [23680 2011-06-13] (ASUS Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-03-08] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-03-08] (n/a)
S1 lmybonfs; \??\C:\Windows\system32\drivers\lmybonfs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-20 00:39 - 2013-09-20 00:39 - 00000000 ____D C:\FRST
2013-09-20 00:37 - 2013-09-20 00:37 - 01950622 _____ (Farbar) C:\Users\kenny\Downloads\FRST64.exe
2013-09-15 16:36 - 2013-09-15 16:36 - 00000000 ____D C:\Users\kenny\AppData\Local\DIRECTV Player
2013-09-15 16:33 - 2013-09-15 16:34 - 15522640 _____ (DIRECTV) C:\Users\kenny\Downloads\DIRECTV_Player_9.0.exe
2013-09-14 13:58 - 2013-09-14 13:58 - 00688992 ____R (Swearware) C:\Users\kenny\Downloads\dds.com
2013-09-14 13:40 - 2013-09-14 13:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\kenny\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-09-11 03:12 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 03:12 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 03:12 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 03:12 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 03:12 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 03:12 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 03:12 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 03:12 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 03:12 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 03:12 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 03:12 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 03:12 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 03:07 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 03:07 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 03:07 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 03:07 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 03:07 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 03:07 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 03:07 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 03:07 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 03:07 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 03:07 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 03:07 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 03:07 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 03:07 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 03:07 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 03:07 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 03:07 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 03:07 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 03:07 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 03:07 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 03:07 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 03:07 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 03:06 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 03:06 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 03:06 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 03:06 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 03:06 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 03:06 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 14:47 - 2013-09-07 14:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-07 14:45 - 2013-09-07 14:46 - 01028823 _____ (Thisisu) C:\Users\kenny\Downloads\JRT.exe
2013-09-07 14:37 - 2013-09-07 14:41 - 00000000 ____D C:\AdwCleaner
2013-09-07 14:37 - 2013-09-07 14:37 - 01037278 _____ C:\Users\kenny\Downloads\adwcleaner(1).exe
2013-09-05 18:00 - 2013-09-19 02:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 18:00 - 2013-09-05 18:00 - 00001113 _____ C:\Users\Public\Desktop\123abc.exe.lnk
2013-09-05 18:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-05 17:59 - 2013-09-05 17:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\kenny\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-05 17:57 - 2013-09-05 17:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\kenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-05 17:43 - 2013-09-05 17:43 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\kenny\Downloads\tdsskiller(1).exe
2013-09-01 11:03 - 2013-09-11 03:11 - 00000000 ____D C:\Windows\system32\MRT
2013-09-01 10:26 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-09-01 10:26 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-01 10:25 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-01 10:25 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-01 10:25 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-01 10:25 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-01 10:25 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-01 10:25 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-01 10:25 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-01 10:25 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-01 10:25 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-01 10:25 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-01 10:24 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-01 10:24 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-01 10:24 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-01 10:24 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-01 10:24 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-01 10:23 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-01 10:23 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-01 10:23 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-29 01:03 - 2013-08-29 01:03 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-29 01:03 - 2013-08-29 01:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 13:25 - 2013-08-29 01:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-09-20 00:39 - 2013-09-20 00:39 - 00000000 ____D C:\FRST
2013-09-20 00:37 - 2013-09-20 00:37 - 01950622 _____ (Farbar) C:\Users\kenny\Downloads\FRST64.exe
2013-09-20 00:35 - 2012-02-10 19:24 - 01779237 _____ C:\Windows\WindowsUpdate.log
2013-09-19 20:05 - 2013-07-03 03:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 03:23 - 2013-07-03 03:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 03:23 - 2013-07-03 03:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 03:23 - 2013-07-03 03:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 03:23 - 2012-02-10 20:37 - 00000000 ___HD C:\Users\kenny\AppData\Local\Adobe
2013-09-19 02:50 - 2013-09-05 18:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 03:02 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-17 03:02 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-15 16:36 - 2013-09-15 16:36 - 00000000 ____D C:\Users\kenny\AppData\Local\DIRECTV Player
2013-09-15 16:34 - 2013-09-15 16:33 - 15522640 _____ (DIRECTV) C:\Users\kenny\Downloads\DIRECTV_Player_9.0.exe
2013-09-14 13:58 - 2013-09-14 13:58 - 00688992 ____R (Swearware) C:\Users\kenny\Downloads\dds.com
2013-09-14 13:40 - 2013-09-14 13:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\kenny\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-09-13 18:22 - 2009-07-14 01:13 - 00742714 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 18:17 - 2012-02-13 11:37 - 00025097 _____ C:\Windows\setupact.log
2013-09-13 18:17 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 05:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 03:40 - 2012-02-10 19:25 - 00000000 ___RD C:\Users\kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 03:40 - 2012-02-10 19:24 - 00000000 ___RD C:\Users\kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 03:39 - 2012-03-24 01:12 - 00021546 _____ C:\Windows\PFRO.log
2013-09-11 03:39 - 2009-07-14 00:45 - 00294200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 03:11 - 2013-09-01 11:03 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 03:11 - 2012-04-06 19:14 - 00758918 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-11 03:11 - 2012-04-06 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-11 03:10 - 2012-02-13 14:13 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 03:04 - 2012-02-15 13:40 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-08 20:01 - 2012-04-06 19:15 - 00000000 ____D C:\Users\kenny\AppData\Roaming\SoftGrid Client
2013-09-07 17:49 - 2012-05-08 20:24 - 01420800 ___SH C:\Users\kenny\Downloads\Thumbs.db
2013-09-07 14:48 - 2011-08-23 23:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-07 14:48 - 2011-08-23 23:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-07 14:47 - 2013-09-07 14:47 - 00000000 ____D C:\Windows\ERUNT
2013-09-07 14:46 - 2013-09-07 14:45 - 01028823 _____ (Thisisu) C:\Users\kenny\Downloads\JRT.exe
2013-09-07 14:41 - 2013-09-07 14:37 - 00000000 ____D C:\AdwCleaner
2013-09-07 14:37 - 2013-09-07 14:37 - 01037278 _____ C:\Users\kenny\Downloads\adwcleaner(1).exe
2013-09-05 18:00 - 2013-09-05 18:00 - 00001113 _____ C:\Users\Public\Desktop\123abc.exe.lnk
2013-09-05 17:59 - 2013-09-05 17:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\kenny\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-05 17:58 - 2013-09-05 17:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\kenny\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-05 17:43 - 2013-09-05 17:43 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\kenny\Downloads\tdsskiller(1).exe
2013-09-05 17:42 - 2012-02-11 01:11 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-02 21:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-01 11:08 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-01 11:08 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-01 11:08 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-29 01:03 - 2013-08-29 01:03 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-29 01:03 - 2013-08-29 01:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-29 01:03 - 2013-08-26 13:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-27 01:20 - 2012-07-14 19:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-27 01:20 - 2012-07-14 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

Some content of TEMP:
====================
C:\Users\kenny\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\kenny\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\kenny\AppData\Local\Temp\Quarantine.exe
C:\Users\kenny\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\kenny\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\kenny\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 00:49

 

 

And then the Addition Log-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2013 01
Ran by kenny at 2013-09-20 00:40:49
Running from C:\Users\kenny\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

64 Bit HP CIO Components Installer (Version: 1.2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
AI Suite II (x32 Version: 1.01.30)
Amazon Cloud Drive (HKCU Version: 2.1.2013.1340)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.9.0)
ASUS Ai Charger (x32 Version: 1.00.09)
ASUS Cam (x32 Version: 3.1.4022)
ASUS Cinema (x32 Version: 7.1.5417)
ASUS Docking (Version: 3.11.0)
ASUS Easy Update (x32 Version: 2.00.18)
ASUS Manager Suite (x32 Version: 3.00.02)
ASUS Memo (x32 Version: 1.19.12)
ASUS Paint (x32 Version: 1.2.3013)
ASUS Touch Tech (x32 Version: 1.0.6)
AsusVibe2.0 (x32 Version: 2.0.9.157)
Best Buy pc app (Version: 3.2.2.0)
Best Buy pc app (x32 Version: 3.2.2.0)
CyberLink PowerCinema Movie (x32 Version: 9.0.7515)
D3DX10 (x32 Version: 15.4.2368.0902)
DIRECTV Player (x32 Version: 9.0)
ENE CIR Receiver Driver (Version: 2.7.4.3)
Epson Connect (x32)
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (x32 Version: 1.0.1)
Epson Event Manager (x32 Version: 2.50.0000)
EPSON NX430 Series Printer Uninstall
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.4j)
ESET Online Scanner v3 (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2372)
Intel® Rapid Storage Technology (x32 Version: 10.1.5.1001)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 9 (x32 Version: 7.0.90)
Java Auto Updater (x32 Version: 2.0.6.1)
Java™ 6 Update 22 (x32 Version: 6.0.220)
Java™ 6 Update 29 (x32 Version: 6.0.290)
JavaFX 2.1.1 (x32 Version: 2.1.1)
JMicron Flash Media Controller Driver (x32 Version: 1.0.59.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
NextWindow DesktopTouch Driver Package (Version: 1.1.010)
OOBERegBackup (x32)
Realtek Ethernet Controller Driver (x32 Version: 7.40.126.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Serious Sam: The Second Encounter (x32)
swMSM (x32 Version: 12.0.0.1)
TWC Customer Controls (x32 Version: 11)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Windows Driver Package - ASUS Tek. Corporation hidfilter HIDClass  (05/26/2011 1.0.0.27) (Version: 05/26/2011 1.0.0.27)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

01-09-2013 14:59:42 Windows Update
05-09-2013 19:26:37 Windows Update
10-09-2013 12:06:05 Windows Update
11-09-2013 07:08:44 Windows Update
14-09-2013 16:22:35 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2011-12-22 16:11 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {04C6E7C4-BBB8-4644-B994-6A9A250E5B0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {182D7B69-EB86-4F37-83CF-C1D8CD0F0DDE} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {1D2CB103-F439-4E92-A449-5DD815A39D3C} - System32\Tasks\ASUS Magnifier => C:\Program Files (x86)\ASUS\ASUS Touch Tech\AsusMagnifier3D.exe [2011-06-13] (AsusTek)
Task: {2FF0D6DB-E589-45AE-B4DD-DB239B3C8067} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {493F21D9-D189-494A-8D42-B6A8D6E58C4A} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x86\QuickGesture.exe [2011-06-13] (AsusTek)
Task: {4B098C1D-4C32-4099-9922-E7DA281FFA65} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {77D99772-4C98-4656-9F3B-9B5D04E746BA} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Touch Tech\QuickGesture\x64\QuickGesture64.exe [2011-06-13] (AsusTek)
Task: {87E989F2-FACA-4643-8A44-E9453842EB0D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {AEFE4105-AB4F-4559-BA27-5B42BF292293} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-27] (ASUSTeK Computer Inc.)
Task: {BC05DFF1-4648-4D61-9409-5FCB9BF69453} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {E57BDAA2-F2A8-4733-85EA-F1808CE4FA8D} - System32\Tasks\ASUS\ASUSManagerSuiteHelper => C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsEMRunHelper.exe [2011-06-22] (ASUSTeK Computer Inc.)
Task: {F0C31310-1098-4132-91EB-7D38A5EB1415} - System32\Tasks\ASUS\AsMessageController => C:\Program Files (x86)\ASUS\Message Controller\AsMessageController.exe [2009-12-22] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-08-23 23:02 - 2010-11-03 14:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2011-08-23 23:02 - 2011-08-16 10:43 - 03200104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2012-03-19 22:16 - 2012-03-19 22:16 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2011-08-23 06:38 - 2011-04-15 14:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00025088 ____N (Organization) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\ADriveDesktopCommon.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00294912 _____ (The Apache Software Foundation) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\log4net.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00049152 ____N ( ) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\Interop.IWshRuntimeLibrary.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00366592 _____ (Newtonsoft) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\Newtonsoft.Json.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2013-09-01 12:50 - 2013-09-01 12:50 - 00475648 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\aabbed019df19cbda3b3dfb80fa98bf0\IAStorUtil.ni.dll
2013-09-01 12:50 - 2013-09-01 12:50 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 00291328 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2010-10-12 10:58 - 2010-10-12 10:58 - 00136704 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
2010-10-12 10:54 - 2010-10-12 10:54 - 00055808 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
2010-11-19 12:06 - 2010-11-19 12:06 - 00112640 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2005-01-13 11:47 - 2005-01-13 11:47 - 00049152 _____ (SEIKO EPSON CORP.) C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2011-08-23 23:06 - 2009-09-16 05:17 - 00098304 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsKeyboardHooker.dll
2011-08-23 23:06 - 2008-11-04 15:23 - 00077824 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsRemoteControlHooker.dll
2011-08-23 23:06 - 2009-05-22 10:56 - 00053248 _____ () C:\Program Files (x86)\ASUS\Message Controller\AsACPINotify.dll
2011-08-23 23:06 - 2007-10-31 21:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\ASUS Manager Suite\AsMultiLang.dll
2011-08-23 23:06 - 2008-10-29 00:52 - 00176128 _____ () C:\Program Files (x86)\ASUS\ASUS Manager Suite\ImageMgr.dll
2011-08-23 23:07 - 2011-02-24 14:19 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2011-08-23 23:07 - 2010-06-21 19:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2011-08-23 23:07 - 2009-08-13 00:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2011-08-23 23:07 - 2011-05-19 15:44 - 01036800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2011-08-23 23:07 - 2011-03-23 19:05 - 00964608 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2011-08-23 23:07 - 2011-06-13 17:28 - 01266176 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2011-08-23 23:07 - 2011-01-07 20:39 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2011-08-23 23:07 - 2010-08-06 22:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2011-08-23 23:07 - 2010-08-06 22:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2011-08-23 23:06 - 2007-10-31 21:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\ASUS Manager Suite\EMOSDControl\MultiLang\AsMultiLang.dll
2011-08-23 23:06 - 2007-10-31 21:51 - 00061440 _____ () C:\Program Files (x86)\ASUS\ASUS Manager Suite\MessageParser\AsMultiLang.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00348160 _____ (Microsoft Corporation) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\msvcr71.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 02742256 _____ (Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\client\jvm.dll
2013-07-18 15:27 - 2013-07-18 15:25 - 00037872 _____ (Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\verify.dll
2013-07-18 15:27 - 2013-07-18 15:26 - 00133104 _____ (Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\java.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00052720 _____ (Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\zip.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00083952 _____ (Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\net.dll
2013-07-18 15:27 - 2013-07-18 15:27 - 00026608 _____ (Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\nio.dll
2013-07-18 15:27 - 2013-07-18 15:26 - 00022512 _____ (Sun Microsystems, Inc.) C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\sunmscapi.dll
2013-07-18 15:28 - 2013-09-13 18:23 - 00046080 _____ () C:\Users\kenny\AppData\Local\Apps\2.0\JPZGWLQB.8DX\OGD1RJPE.5DM\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\NativeOperations.dll
2013-07-18 15:28 - 2013-07-18 15:28 - 00541696 _____ () C:\Users\kenny\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00332128 _____ () C:\Users\kenny\AppData\Local\DIRECTV Player\ndsLogStore.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 03175264 _____ () C:\Users\kenny\AppData\Local\DIRECTV Player\DrmSingleton.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 02237288 _____ () C:\Users\kenny\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 07554400 _____ () C:\Users\kenny\AppData\Local\DIRECTV Player\gsttspplugin.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00689000 _____ () C:\Users\kenny\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 01020768 _____ (The GLib developer community) C:\Users\kenny\AppData\Local\DIRECTV Player\libglib-2.0-0.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00277352 _____ (The GLib developer community) C:\Users\kenny\AppData\Local\DIRECTV Player\libgobject-2.0-0.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00029544 _____ (The GLib developer community) C:\Users\kenny\AppData\Local\DIRECTV Player\libgthread-2.0-0.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00024424 _____ (The GLib developer community) C:\Users\kenny\AppData\Local\DIRECTV Player\libgmodule-2.0-0.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 01403224 _____ () C:\Users\kenny\AppData\Local\DIRECTV Player\libxml2-2.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00965976 _____ (Free Software Foundation) C:\Users\kenny\AppData\Local\DIRECTV Player\libiconv-2.dll
2013-06-25 15:12 - 2013-06-25 15:12 - 00091976 _____ () C:\Users\kenny\AppData\Local\DIRECTV Player\z.dll
2013-08-29 01:03 - 2013-08-14 13:55 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:32C264A1


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2013 04:57:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2013 00:54:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/16/2013 11:11:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 23.0.1.4974, time stamp: 0x520bc252
Faulting module name: xul.dll, version: 23.0.1.4974, time stamp: 0x520bc166
Exception code: 0xc0000005
Fault offset: 0x0017af08
Faulting process id: 0x2f8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/16/2013 02:35:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/14/2013 03:22:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/14/2013 02:34:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/13/2013 06:19:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2013 06:11:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 23.0.1.4974, time stamp: 0x520bc252
Faulting module name: xul.dll, version: 23.0.1.4974, time stamp: 0x520bc166
Exception code: 0xc0000005
Fault offset: 0x0017af08
Faulting process id: 0xad4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (09/13/2013 01:28:06 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The certificate authority is invalid or incorrect

Error: (09/12/2013 04:48:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/19/2013 00:17:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (09/13/2013 06:18:21 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\wisptis.exe -Embedding740{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (09/11/2013 03:00:02 AM) (Source: DCOM) (User: )
Description: C:\Windows\System32\wisptis.exe -Embedding740{A5B020FD-E04B-4E67-B65A-E7DEED25B2CF}

Error: (09/10/2013 10:04:23 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/09/2013 09:43:06 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/08/2013 09:31:52 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/07/2013 08:49:06 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/19/2013 04:57:16 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2013 00:54:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/16/2013 11:11:14 AM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af082f801ceb2ec3e8a5a4dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll39c5b306-1ee2-11e3-8d32-1c75086d158c

Error: (09/16/2013 02:35:42 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/14/2013 03:22:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/14/2013 02:34:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/13/2013 06:19:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2013 06:11:13 PM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af08ad401ceb0cb319d32a4C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll666bda0f-1cc1-11e3-a1a8-1c75086d158c

Error: (09/13/2013 01:28:06 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The certificate authority is invalid or incorrect

Error: (09/12/2013 04:48:59 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2013-09-13 18:18:01.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-11 03:39:36.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-11 02:59:51.154
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-07 14:42:27.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-05 17:41:09.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-01 11:09:58.540
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-27 01:20:52.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 13:12:29.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 22:47:19.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-03 16:19:22.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 4007.34 MB
Available physical RAM: 2792.11 MB
Total Pagefile: 8012.86 MB
Available Pagefile: 5926.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:921.47 GB) (Free:875.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A05719CC)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 2: (Active) - (Size=921 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=39 MB) - (Type=EF)

========================================================
Disk: 1 (Size: 963 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:58 AM

Posted 20 September 2013 - 01:36 PM

Hi Kenny.

Glad we are finally able to take a look at your computer.

I notice you ran TDSSKiller on or about 9-5-13. Was anything found at that time?

Please run these for me. We are going to run AdwCleaner and Junkware Remover again.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
MountPoints2: {a19f0e13-26f3-11e2-b835-1c75086d158c} - F:\setup.exe -a
AppInit_DLLs:    [0 ] ()
S1 lmybonfs; \??\C:\Windows\system32\drivers\lmybonfs.sys [x]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:32C264A1
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adbrlnt1&chnl=adbrlnt1&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyC0DtCyDzz0CyB0C0C0EtN0D0Tzu0CtCzytBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1765983691
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller information
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Any change in computer behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 September 2013 - 01:19 PM

I did run TDSS Killer, and it found nothing. Kind of baffling. But I appreciate your time and effort! I still haven't had a re-direction since I ran the Malware Chameleon, but I haven't done many searches. I usually use Yahoo search instead of Google because Yahoo is my homepage and it is convenient for me.

 

FRST log-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2013
Ran by kenny at 2013-09-21 14:16:13 Run:1
Running from C:\Users\kenny\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
MountPoints2: {a19f0e13-26f3-11e2-b835-1c75086d158c} - F:\setup.exe -a
AppInit_DLLs:    [0 ] ()
S1 lmybonfs; \??\C:\Windows\system32\drivers\lmybonfs.sys [x]
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:32C264A1
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adbrlnt1&chnl=adbrlnt1&cd=2XzuyEtN2Y1L1QzutC0CyByDtDzzyC0DtCyDzz0CyB0C0C0EtN0D0Tzu0CtCzytBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1765983691
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}
SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
*****************

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19f0e13-26f3-11e2-b835-1c75086d158c} => Key deleted successfully.
HKCR\CLSID\{a19f0e13-26f3-11e2-b835-1c75086d158c} => Key not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
lmybonfs => Service deleted successfully.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\ProgramData\Temp => ":32C264A1" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.

 

 

Gonna run the adware cleaner and will reply again because it will reboot my computer..........

 

 



#10 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 September 2013 - 01:43 PM

JRT log-

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by kenny on Sat 09/21/2013 at 14:28:50.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\kenny\AppData\Roaming\mozilla\firefox\profiles\8o38ad5w.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/21/2013 at 14:32:39.66
End of JRT log

 

 

TDSS Killer log-

 

Nothing came up. No threats found.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:58 AM

Posted 21 September 2013 - 01:46 PM

TDSS Killer log-

Nothing came up. No threats found.

Did you mean AdwCleaner or are you still running that?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 September 2013 - 02:52 PM

 

TDSS Killer log-

Nothing came up. No threats found.

Did you mean AdwCleaner or are you still running that?

 

 

I meant AdwCleaner. My bad, lol! Nothing came up. But I rebooted anyway just in case.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:58 AM

Posted 21 September 2013 - 03:03 PM

Excellent, please run this.

===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Security Check log
  • Any issues with your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 kennymacattack

kennymacattack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 21 September 2013 - 03:22 PM

Excellent, please run this.

===================================================

screen317's Security Check

--------------------

  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Security Check log
  • Any issues with your computer?

 

 

Hmmmm....I tried to run it, and I got this-

 

 UNSUPPORTED OPERATING SYSTEM! ABORTED!



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,800 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:58 AM

Posted 21 September 2013 - 03:26 PM

Hi Kenny,

Sorry, doesn't work on Windows 7.

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck Install the Ask Toolbar and make Ask my default search provider
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:
  • Click Start, Control Panel, Java, then Advanced
  • Scroll down to Miscellaneous then uncheck the box for Java Quick Starter.
  • Click OK and reboot your computer.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users