Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Security Pro - won't allow Safe Mode, Regedit or msconfig


  • This topic is locked This topic is locked
38 replies to this topic

#1 jsyerxa

jsyerxa

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 24 September 2013 - 01:58 PM

A friend brought me a computer because Anitvirus Security Pro would keep running on his moms laptop. I have had probably 5 different computers that have had this on them and have been able to clean them but this one is really a beast.

His system is running Win 7 and he tried a number of things before bringing it to me with no luck.

I printed off the Anitvirus Security Pro Removal instructions from this site but the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG.

Any suggestions on getting control of the system back?

 

Thanks

John

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 25 September 2013 - 04:07 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 jsyerxa

jsyerxa
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 25 September 2013 - 08:48 AM

Mariua - First off thank you for assisting me with this issue.

 

I have followed your instructions up to the place where "In the command window type e:\frst.exe "

My flashdrive is is h: so I entered h:\frst.exe and got the following message after pressing enter:

"The subsystem needed to support the image type is not present",.

I have not gone beyond that point except to verify the flash drive letter and to try the command line again.

 

Thanks

John

 

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 25 September 2013 - 10:18 AM

Try it with the 54 bit version, frst64.exe from the same download location. :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 jsyerxa

jsyerxa
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 25 September 2013 - 01:43 PM

Marius, ran frst64 and did get a .txt file:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by SYSTEM on MININT-I57I97R on 25-09-2013 09:13:52
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\nsVDgn37\nsVDgn37.exe -sm,
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [RealTray] - C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe [20480 2010-08-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM-x32\...\Run: [CenturyLinkTouchPointAgent] - C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe [46208 2011-07-12] (CenturyLink Inc)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [StartNowToolbarHelper] - "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1073744 2012-04-27] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884816 2012-04-27] (Iminent)
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKLM-x32\...\Run: [PopularScreensavers Search Scope Monitor] - C:\PROGRA~2\POPULA~2\bar\1.bin\7isrchmn.exe [42536 2013-05-02] (MindSpark)
HKLM-x32\...\Run: [PopularScreensavers_7i Browser Plugin Loader] - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe [30096 2013-05-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [OtShot] - C:\Program Files (x86)\OtShot\otshot.exe [4386816 2012-10-18] ()
HKLM-x32\...\Run: [24x7HELP] - C:\Program Files (x86)\24x7Help\App24x7Help.exe [1773648 2013-03-20] (Crawler, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SpeetItUpFree] - C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe [7953472 2013-09-10] (MicroSmarts LLC.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2314416 2013-09-17] ()
HKU\Shirl\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Shirl\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Shirl\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Shirl\...\Run: [AdobeBridge] - [x]
HKU\Shirl\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Shirl\...\Run: [SearchProtect] - C:\Users\Shirl\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Shirl\...\Run: [Free Download Manager] - C:\Program Files (x86)\Free Download Manager\fdm.exe [6148096 2011-12-28] (FreeDownloadManager.ORG)
HKU\Shirl\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
AppInit_DLLs:    [0 ] ()
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Shirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Shirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
ShortcutTarget: Severe Weather Alerts App.lnk ->  (No File)
Startup: C:\Users\Shirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
ShortcutTarget: Severe Weather Alerts.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-17] (PCRx.com, LLC)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AlotService; C:\Users\Shirl\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-05-24] (Vertro Inc.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 BasicServe Service; C:\Program Files (x86)\BasicServe\basicserve.exe [22528 2013-08-28] ()
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
S2 DefaultTabUpdate; C:\Users\Shirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-24] ()
S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
S2 lssvc; C:\Program Files (x86)\Linksicle\Service\lssvc.exe [272936 2013-09-04] (Linksicle)
S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S2 PopularScreensavers_7iService; C:\PROGRA~2\POPULA~2\bar\1.bin\7ibarsvc.exe [42504 2013-05-02] (COMPANYVERS_NAME)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 Update SaltarSmart; C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe [206624 2013-08-29] (SaltarSmart)
S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-01-24] ()
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-09-17] (AVG Secure Search)
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [825920 2013-09-14] (Wsys Co., Ltd.)

==================== Drivers (Whitelisted) ====================

S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-09-17] (AVG Technologies)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
S1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1309000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-25] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-25] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-01] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130201.001\IDSvia64.sys [513184 2012-10-05] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130201.001\IDSvia64.sys [513184 2012-10-05] (Symantec Corporation)
S1 lsnfd; C:\Windows\System32\drivers\lsnfd.sys [58192 2013-09-04] (Linksicle)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130202.007\ENG64.SYS [126192 2013-01-19] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130202.007\ENG64.SYS [126192 2013-01-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130202.007\EX64.SYS [2087664 2013-01-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130202.007\EX64.SYS [2087664 2013-01-19] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1309000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1309000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NAVx64\1309000.009\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NAVx64\1309000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NAVx64\1309000.009\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1309000.009\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
S0 AFS; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 wanatw; system32\DRIVERS\wanatw64.sys [x]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-25 09:10 - 2013-09-25 09:10 - 00000000 ___DC C:\FRST
2013-09-23 10:29 - 2013-09-23 10:29 - 00001350 _____ C:\Users\Shirl\Desktop\Clean Registry for Free!.lnk
2013-09-23 06:01 - 2013-09-23 06:01 - 00000000 ____D C:\Users\Shirl\Desktop\RKill
2013-09-23 05:21 - 2013-09-23 05:24 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-09-23 05:20 - 2013-08-14 12:23 - 04429440 _____ (Piriform Ltd) C:\Users\Shirl\Desktop\ccsetup404.exe
2013-09-23 05:20 - 2013-05-13 08:50 - 25598792 _____ (SUPERAntiSpyware.com) C:\Users\Shirl\Desktop\SUPERAntiSpyware.exe
2013-09-21 05:29 - 2013-09-21 05:29 - 00000000 ___DC C:\!stuff from ken
2013-09-21 05:27 - 2013-09-21 05:28 - 41957333 ____C C:\!stuff from ken.zip
2013-09-20 14:55 - 2013-09-25 04:43 - 00002712 _____ C:\Windows\setupact.log
2013-09-20 14:55 - 2013-09-20 14:55 - 00000000 _____ C:\Windows\setuperr.log
2013-09-20 09:44 - 2013-09-20 09:44 - 00000000 ____D C:\Users\Shirl\AppData\Local\Atheros
2013-09-19 15:05 - 2013-09-19 15:05 - 00003044 _____ C:\Windows\System32\Tasks\{934AC92B-DCFE-484F-A72C-F78ACA955A84}
2013-09-19 13:43 - 2013-09-24 05:52 - 00000000 ____D C:\ProgramData\nsVDgn37
2013-09-19 05:46 - 2013-09-19 05:46 - 00000000 ____D C:\Users\Shirl\AppData\Local\{17A9C80E-3747-4961-B0A4-2B35517A41EB}
2013-09-18 12:15 - 2013-09-18 12:15 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.7608.dll
2013-09-18 04:24 - 2013-09-18 04:24 - 22710720 _____ (Mozilla) C:\Users\Shirl\Downloads\Firefox_Setup_24.0.exe
2013-09-18 04:13 - 2013-09-18 04:13 - 00000000 ____D C:\Users\Shirl\AppData\Local\{69B44FA9-96BC-4256-8E30-680138DDCE9B}
2013-09-17 04:05 - 2013-09-17 04:05 - 00000000 ____D C:\Users\Shirl\AppData\Local\{A2BD3CB9-2D11-4CFC-9F39-6D10A5F5B6B4}
2013-09-16 10:07 - 2013-09-23 10:07 - 00000292 _____ C:\Windows\Tasks\UpdaterEX.job
2013-09-16 10:07 - 2013-09-16 10:07 - 22404568 _____ (Mozilla) C:\Users\Shirl\Downloads\Firefox_Setup [1].exe
2013-09-16 10:07 - 2013-09-16 10:07 - 00003232 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-16 10:07 - 2013-09-16 10:07 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\UpdaterEX
2013-09-16 10:06 - 2013-09-18 12:18 - 00000000 ____D C:\Users\Shirl\AppData\Local\AVG SafeGuard toolbar
2013-09-16 10:05 - 2013-09-17 12:23 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-09-16 10:05 - 2013-09-17 12:23 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-09-16 10:05 - 2013-09-16 10:06 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-09-16 10:04 - 2013-09-16 10:04 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-09-16 10:04 - 2013-09-16 10:04 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-09-16 04:49 - 2013-09-16 04:49 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9873E24A-B147-4DF3-8306-522DB69782C0}
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9581AEC4-DA5D-4257-808D-4AAB717F6261}
2013-09-15 06:07 - 2013-09-15 06:07 - 00000000 ____D C:\Program Files (x86)\Linksicle
2013-09-15 06:05 - 2013-09-19 13:48 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Free Download Manager
2013-09-15 06:05 - 2013-09-15 06:05 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Yahoo!
2013-09-15 06:05 - 2013-09-15 06:05 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-09-15 06:04 - 2013-09-15 06:05 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2013-09-15 04:29 - 2013-09-15 04:29 - 00000000 ____D C:\Users\Shirl\AppData\Local\{78F96650-E099-4C70-9093-ED1DFD5E097C}
2013-09-14 15:13 - 2013-09-25 04:43 - 00000000 ____D C:\ProgramData\eSafe
2013-09-14 15:13 - 2013-09-15 09:11 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-09-14 15:13 - 2013-09-15 07:39 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Desk 365
2013-09-14 15:12 - 2013-09-14 15:12 - 00000000 ____D C:\Program Files (x86)\Vafmusic8
2013-09-14 14:23 - 2013-09-14 14:52 - 00000000 ____D C:\ProgramData\PCFixSpeed
2013-09-14 14:23 - 2013-09-14 14:52 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
2013-09-14 14:23 - 2013-09-14 14:25 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\PCFixSpeed
2013-09-14 14:22 - 2013-09-14 14:53 - 00000000 ____D C:\Program Files (x86)\WunderWeb
2013-09-14 05:05 - 2013-09-14 05:05 - 00000000 ____D C:\Users\Shirl\AppData\Local\{BB315816-DAB9-42EF-8DD8-9FA32E6EE042}
2013-09-13 13:43 - 2013-09-24 05:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-13 13:43 - 2013-09-19 10:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 04:39 - 2013-09-13 04:39 - 00000000 ____D C:\Users\Shirl\AppData\Local\{ECC414BA-BE60-4377-8F14-916FA9E4C372}
2013-09-12 11:03 - 2013-09-12 11:03 - 00000000 ____D C:\Users\Shirl\Software.com
2013-09-12 08:22 - 2013-09-19 14:22 - 00000000 ____D C:\Users\Shirl\AppData\Local\SevereWeatherAlerts
2013-09-12 08:22 - 2013-09-12 08:22 - 00000000 ____D C:\Users\Shirl\AppData\Local\Weather_Notifications,_LL
2013-09-12 08:21 - 2013-09-12 08:38 - 00000000 ____D C:\Program Files (x86)\InternetHelper3.1
2013-09-12 08:16 - 2013-09-12 08:16 - 00000000 ____D C:\ProgramData\Conduit
2013-09-12 08:16 - 2013-09-12 08:16 - 00000000 ____D C:\Program Files (x86)\KeyBar_2.2
2013-09-12 04:59 - 2013-09-12 05:00 - 00000000 ____D C:\Users\Shirl\AppData\Local\{62600142-0A8D-487B-8A8C-01D124DC9664}
2013-09-11 13:03 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-11 13:03 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 13:02 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-11 13:02 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-11 13:02 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-11 13:02 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-11 13:02 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-11 13:02 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-11 13:02 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-11 13:02 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 13:02 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 13:02 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 13:02 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-11 13:02 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 12:48 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 12:48 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-11 12:48 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-11 12:48 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-11 12:48 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-11 12:48 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-11 12:48 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-11 12:48 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 12:48 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-11 12:48 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 12:48 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 12:48 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 12:48 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 12:48 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 12:48 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 12:48 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 12:48 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-11 12:48 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 12:48 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 12:48 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 12:48 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 12:48 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 12:48 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 12:48 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 12:48 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-11 12:48 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 12:48 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 08:49 - 2013-09-11 08:49 - 00000000 ____D C:\Users\Shirl\AppData\Local\{7455B52E-A6DB-46C4-A532-9CB153C2BB2E}
2013-09-10 20:52 - 2013-09-11 05:04 - 00000000 ____D C:\Program Files\PC Optimizer Pro
2013-09-10 20:48 - 2013-09-10 20:48 - 00000000 ____D C:\Users\Shirl\AppData\Local\{1D610940-94CD-4BFC-82F9-B50E3891844F}
2013-09-10 04:45 - 2013-09-10 04:46 - 00000000 ____D C:\Users\Shirl\AppData\Local\{BE1E4759-14BB-4D10-B552-3EDADF68202C}
2013-09-09 10:08 - 2013-09-09 10:10 - 13813944 _____ (Microsoft Corporation) C:\Users\Shirl\Downloads\mseinstall.exe
2013-09-09 10:05 - 2013-09-10 20:52 - 00000000 ____D C:\Program Files (x86)\SpeedItup Free
2013-09-09 10:05 - 2013-09-09 10:05 - 00000000 ____D C:\Windows\SpeedItup Free
2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-09 10:03 - 2013-09-09 10:04 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-09 10:03 - 2013-09-09 10:03 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\BabSolution
2013-09-09 10:03 - 2013-09-09 10:03 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-09 10:01 - 2013-09-09 10:01 - 01239536 _____ (Microsoft Corporation) C:\Users\Shirl\Downloads\wlsetup-web(1).exe
2013-09-09 10:00 - 2013-09-09 10:00 - 01239536 _____ (Microsoft Corporation) C:\Users\Shirl\Downloads\wlsetup-web.exe
2013-09-08 05:12 - 2013-09-09 05:43 - 00000000 ____D C:\Users\Shirl\AppData\Local\{EE635FB2-BBC0-4076-8659-BC5BE58F2A46}
2013-09-07 16:32 - 2013-09-07 16:32 - 00000000 ____D C:\Users\Shirl\AppData\Local\{C17F752E-B67B-44FD-9F6C-8554632611B8}
2013-09-07 03:26 - 2013-09-07 03:26 - 00000000 ____D C:\Users\Shirl\AppData\Local\{A8DA72D7-754F-4313-BBAA-F1546D2F1977}
2013-09-06 10:47 - 2013-09-06 10:47 - 00000000 ____D C:\Users\Shirl\AppData\Local\{2071E31E-D003-4E55-B7CC-81871BC2A329}
2013-09-06 05:38 - 2013-09-06 05:38 - 00000000 ____D C:\Users\Shirl\AppData\Local\{F912DAE4-0BFE-4F34-A18C-0237B6F917E4}
2013-09-05 03:42 - 2013-09-05 03:42 - 00000000 ____D C:\Users\Shirl\AppData\Local\{B35D20EE-9C85-4511-BA4D-6AEE245392A2}
2013-09-04 12:41 - 2013-09-04 12:41 - 00058192 _____ (Linksicle) C:\Windows\System32\Drivers\lsnfd.sys
2013-09-04 12:38 - 2013-09-06 10:44 - 00000000 ____D C:\Program Files (x86)\Web Protect
2013-09-04 12:38 - 2013-09-06 10:44 - 00000000 ____D C:\Program Files (x86)\privoxy
2013-09-04 04:55 - 2013-09-04 04:55 - 00004018 _____ C:\Windows\System32\Tasks\Scheduled Task Name
2013-09-03 03:13 - 2013-09-04 04:49 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9DBCD3C4-4C92-4B8E-9E55-864BC76DE9EF}
2013-09-02 05:02 - 2013-09-02 05:03 - 00000000 ____D C:\Users\Shirl\AppData\Local\{E3522683-7DF1-42F1-BE61-A81EDFC6BBDC}
2013-09-01 04:01 - 2013-09-01 04:01 - 00000000 ____D C:\Users\Shirl\AppData\Local\{6B9E1DD5-5A73-4582-B651-CCD9E179989F}
2013-08-30 04:44 - 2013-08-31 10:01 - 00000000 ____D C:\Users\Shirl\AppData\Local\{BEC8A514-3104-4057-A4E2-C0D8F26AE8FA}
2013-08-29 04:57 - 2013-08-29 04:57 - 00000000 ____D C:\Users\Shirl\AppData\Local\{AD1ED612-F699-40DE-88CA-808F6B77F328}
2013-08-28 05:21 - 2013-08-28 05:21 - 00000000 ____D C:\Users\Shirl\AppData\Local\{494559D4-EC13-40E6-9B92-20A995A43C8F}
2013-08-27 04:11 - 2013-08-27 04:11 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9CE4B448-5837-4A9C-A3B2-3642F51F6EDE}
2013-08-26 03:29 - 2013-08-26 03:29 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9D5ABD0D-7C0F-4B26-B436-C583868A99FA}

==================== One Month Modified Files and Folders =======

2013-09-25 09:10 - 2013-09-25 09:10 - 00000000 ___DC C:\FRST
2013-09-25 04:43 - 2013-09-20 14:55 - 00002712 _____ C:\Windows\setupact.log
2013-09-25 04:43 - 2013-09-14 15:13 - 00000000 ____D C:\ProgramData\eSafe
2013-09-25 04:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-24 05:52 - 2013-09-19 13:43 - 00000000 ____D C:\ProgramData\nsVDgn37
2013-09-24 05:52 - 2010-03-20 20:17 - 00196608 _____ C:\Windows\System32\Ikeext.etl
2013-09-24 05:51 - 2012-10-17 05:45 - 07775277 ____C C:\alotserviceruntime.log
2013-09-24 05:48 - 2013-09-13 13:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 05:46 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 05:46 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 05:45 - 2013-08-19 17:16 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-24 05:45 - 2013-06-08 11:52 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-09-24 05:45 - 2013-06-04 12:56 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-09-24 05:45 - 2013-05-02 17:30 - 00000356 _____ C:\Windows\Tasks\AmiUpdXp.job
2013-09-24 05:45 - 2012-04-18 07:20 - 00000414 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-09-23 11:24 - 2010-04-01 05:05 - 00000000 ____D C:\ProgramData\Recovery
2013-09-23 10:31 - 2013-08-19 17:16 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-23 10:31 - 2009-12-18 00:24 - 01331691 _____ C:\Windows\WindowsUpdate.log
2013-09-23 10:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-09-23 10:29 - 2013-09-23 10:29 - 00001350 _____ C:\Users\Shirl\Desktop\Clean Registry for Free!.lnk
2013-09-23 10:07 - 2013-09-16 10:07 - 00000292 _____ C:\Windows\Tasks\UpdaterEX.job
2013-09-23 06:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-09-23 06:25 - 2012-07-22 17:52 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForShirl.job
2013-09-23 06:01 - 2013-09-23 06:01 - 00000000 ____D C:\Users\Shirl\Desktop\RKill
2013-09-23 05:40 - 2013-05-02 17:36 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-09-23 05:32 - 2009-07-13 21:13 - 00779306 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-23 05:24 - 2013-09-23 05:21 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-09-21 05:29 - 2013-09-21 05:29 - 00000000 ___DC C:\!stuff from ken
2013-09-21 05:28 - 2013-09-21 05:27 - 41957333 ____C C:\!stuff from ken.zip
2013-09-20 14:55 - 2013-09-20 14:55 - 00000000 _____ C:\Windows\setuperr.log
2013-09-20 14:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-09-20 14:31 - 2009-12-18 00:26 - 292041152 _____ C:\Windows\PFRO.log
2013-09-20 09:44 - 2013-09-20 09:44 - 00000000 ____D C:\Users\Shirl\AppData\Local\Atheros
2013-09-19 15:05 - 2013-09-19 15:05 - 00003044 _____ C:\Windows\System32\Tasks\{934AC92B-DCFE-484F-A72C-F78ACA955A84}
2013-09-19 14:22 - 2013-09-12 08:22 - 00000000 ____D C:\Users\Shirl\AppData\Local\SevereWeatherAlerts
2013-09-19 14:22 - 2013-08-20 11:36 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-09-19 13:48 - 2013-09-15 06:05 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Free Download Manager
2013-09-19 13:42 - 2011-05-29 14:39 - 00026804 _____ C:\Windows\IE9_main.log
2013-09-19 10:06 - 2013-09-13 13:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 10:06 - 2012-06-04 06:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 10:06 - 2011-08-16 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 10:06 - 2010-03-26 02:11 - 00000000 ____D C:\Users\Shirl\AppData\Local\CrashDumps
2013-09-19 06:47 - 2013-04-13 14:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-19 06:47 - 2010-04-07 15:25 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Mozilla
2013-09-19 05:46 - 2013-09-19 05:46 - 00000000 ____D C:\Users\Shirl\AppData\Local\{17A9C80E-3747-4961-B0A4-2B35517A41EB}
2013-09-19 05:44 - 2010-04-28 17:09 - 00000000 ____D C:\Users\Shirl\Tracing
2013-09-18 12:18 - 2013-09-16 10:06 - 00000000 ____D C:\Users\Shirl\AppData\Local\AVG SafeGuard toolbar
2013-09-18 12:15 - 2013-09-18 12:15 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.7608.dll
2013-09-18 11:36 - 2013-08-20 11:36 - 00000284 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-09-18 04:24 - 2013-09-18 04:24 - 22710720 _____ (Mozilla) C:\Users\Shirl\Downloads\Firefox_Setup_24.0.exe
2013-09-18 04:13 - 2013-09-18 04:13 - 00000000 ____D C:\Users\Shirl\AppData\Local\{69B44FA9-96BC-4256-8E30-680138DDCE9B}
2013-09-17 12:23 - 2013-09-16 10:05 - 00045856 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-09-17 12:23 - 2013-09-16 10:05 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-09-17 12:23 - 2012-07-09 04:45 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-09-17 04:05 - 2013-09-17 04:05 - 00000000 ____D C:\Users\Shirl\AppData\Local\{A2BD3CB9-2D11-4CFC-9F39-6D10A5F5B6B4}
2013-09-16 12:25 - 2012-07-22 17:52 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForShirl
2013-09-16 10:07 - 2013-09-16 10:07 - 22404568 _____ (Mozilla) C:\Users\Shirl\Downloads\Firefox_Setup [1].exe
2013-09-16 10:07 - 2013-09-16 10:07 - 00003232 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-09-16 10:07 - 2013-09-16 10:07 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\UpdaterEX
2013-09-16 10:06 - 2013-09-16 10:05 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-09-16 10:04 - 2013-09-16 10:04 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-09-16 10:04 - 2013-09-16 10:04 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-09-16 10:04 - 2013-08-19 05:07 - 00000002 ____C C:\END
2013-09-16 04:49 - 2013-09-16 04:49 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9873E24A-B147-4DF3-8306-522DB69782C0}
2013-09-15 16:29 - 2013-09-15 16:29 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9581AEC4-DA5D-4257-808D-4AAB717F6261}
2013-09-15 09:14 - 2013-08-20 11:36 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Systweak
2013-09-15 09:11 - 2013-09-14 15:13 - 00000000 ____D C:\Program Files (x86)\Desk 365
2013-09-15 07:41 - 2013-08-21 14:30 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-15 07:39 - 2013-09-14 15:13 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Desk 365
2013-09-15 06:24 - 2010-03-19 01:59 - 00011822 _____ C:\Users\Shirl\AppData\Roaming\wklnhst.dat
2013-09-15 06:23 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-09-15 06:07 - 2013-09-15 06:07 - 00000000 ____D C:\Program Files (x86)\Linksicle
2013-09-15 06:05 - 2013-09-15 06:05 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\Yahoo!
2013-09-15 06:05 - 2013-09-15 06:05 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-09-15 06:05 - 2013-09-15 06:04 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2013-09-15 06:05 - 2012-04-17 06:49 - 00000000 ____D C:\ProgramData\Yahoo!
2013-09-15 06:05 - 2012-04-17 06:49 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-09-15 04:29 - 2013-09-15 04:29 - 00000000 ____D C:\Users\Shirl\AppData\Local\{78F96650-E099-4C70-9093-ED1DFD5E097C}
2013-09-14 15:12 - 2013-09-14 15:12 - 00000000 ____D C:\Program Files (x86)\Vafmusic8
2013-09-14 15:12 - 2013-08-23 17:37 - 00000000 ____D C:\Program Files (x86)\SaltarSmart
2013-09-14 15:12 - 2012-02-20 16:17 - 00000000 ____D C:\Users\Shirl\AppData\Local\Conduit
2013-09-14 14:54 - 2010-03-18 22:26 - 00000000 ____D C:\users\Shirl
2013-09-14 14:53 - 2013-09-14 14:22 - 00000000 ____D C:\Program Files (x86)\WunderWeb
2013-09-14 14:53 - 2009-07-13 21:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-14 14:52 - 2013-09-14 14:23 - 00000000 ____D C:\ProgramData\PCFixSpeed
2013-09-14 14:52 - 2013-09-14 14:23 - 00000000 ____D C:\Program Files (x86)\PCFixSpeed
2013-09-14 14:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-09-14 14:25 - 2013-09-14 14:23 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\PCFixSpeed
2013-09-14 05:05 - 2013-09-14 05:05 - 00000000 ____D C:\Users\Shirl\AppData\Local\{BB315816-DAB9-42EF-8DD8-9FA32E6EE042}
2013-09-13 13:41 - 2013-08-20 11:36 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-09-13 13:41 - 2011-08-13 07:13 - 00000000 ____D C:\Users\Shirl\AppData\Local\Adobe
2013-09-13 04:39 - 2013-09-13 04:39 - 00000000 ____D C:\Users\Shirl\AppData\Local\{ECC414BA-BE60-4377-8F14-916FA9E4C372}
2013-09-12 11:03 - 2013-09-12 11:03 - 00000000 ____D C:\Users\Shirl\Software.com
2013-09-12 08:38 - 2013-09-12 08:21 - 00000000 ____D C:\Program Files (x86)\InternetHelper3.1
2013-09-12 08:23 - 2013-06-26 08:01 - 00000000 ____D C:\Program Files (x86)\24x7Help
2013-09-12 08:22 - 2013-09-12 08:22 - 00000000 ____D C:\Users\Shirl\AppData\Local\Weather_Notifications,_LL
2013-09-12 08:16 - 2013-09-12 08:16 - 00000000 ____D C:\ProgramData\Conduit
2013-09-12 08:16 - 2013-09-12 08:16 - 00000000 ____D C:\Program Files (x86)\KeyBar_2.2
2013-09-12 08:15 - 2013-03-09 15:58 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\SearchProtect
2013-09-12 05:00 - 2013-09-12 04:59 - 00000000 ____D C:\Users\Shirl\AppData\Local\{62600142-0A8D-487B-8A8C-01D124DC9664}
2013-09-11 14:52 - 2009-12-18 00:41 - 00000000 ____D C:\ProgramData\Norton
2013-09-11 14:33 - 2009-07-13 20:45 - 05004824 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-11 13:02 - 2013-08-03 16:30 - 00000000 ____D C:\Windows\System32\MRT
2013-09-11 12:59 - 2010-05-20 17:54 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-11 12:25 - 2013-02-24 10:40 - 00000258 __RSH C:\Users\Shirl\ntuser.pol
2013-09-11 08:49 - 2013-09-11 08:49 - 00000000 ____D C:\Users\Shirl\AppData\Local\{7455B52E-A6DB-46C4-A532-9CB153C2BB2E}
2013-09-11 05:04 - 2013-09-10 20:52 - 00000000 ____D C:\Program Files\PC Optimizer Pro
2013-09-10 20:52 - 2013-09-09 10:05 - 00000000 ____D C:\Program Files (x86)\SpeedItup Free
2013-09-10 20:48 - 2013-09-10 20:48 - 00000000 ____D C:\Users\Shirl\AppData\Local\{1D610940-94CD-4BFC-82F9-B50E3891844F}
2013-09-10 04:46 - 2013-09-10 04:45 - 00000000 ____D C:\Users\Shirl\AppData\Local\{BE1E4759-14BB-4D10-B552-3EDADF68202C}
2013-09-09 14:02 - 2013-08-20 11:36 - 00000276 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-09-09 10:10 - 2013-09-09 10:08 - 13813944 _____ (Microsoft Corporation) C:\Users\Shirl\Downloads\mseinstall.exe
2013-09-09 10:05 - 2013-09-09 10:05 - 00000000 ____D C:\Windows\SpeedItup Free
2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-09 10:04 - 2013-09-09 10:04 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-09 10:04 - 2013-09-09 10:03 - 00003388 _____ C:\Windows\System32\Tasks\EPUpdater
2013-09-09 10:03 - 2013-09-09 10:03 - 00000000 ____D C:\Users\Shirl\AppData\Roaming\BabSolution
2013-09-09 10:03 - 2013-09-09 10:03 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-09 10:01 - 2013-09-09 10:01 - 01239536 _____ (Microsoft Corporation) C:\Users\Shirl\Downloads\wlsetup-web(1).exe
2013-09-09 10:00 - 2013-09-09 10:00 - 01239536 _____ (Microsoft Corporation) C:\Users\Shirl\Downloads\wlsetup-web.exe
2013-09-09 05:48 - 2013-01-13 16:39 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-09 05:48 - 2010-05-01 10:45 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-09 05:43 - 2013-09-08 05:12 - 00000000 ____D C:\Users\Shirl\AppData\Local\{EE635FB2-BBC0-4076-8659-BC5BE58F2A46}
2013-09-07 16:32 - 2013-09-07 16:32 - 00000000 ____D C:\Users\Shirl\AppData\Local\{C17F752E-B67B-44FD-9F6C-8554632611B8}
2013-09-07 03:26 - 2013-09-07 03:26 - 00000000 ____D C:\Users\Shirl\AppData\Local\{A8DA72D7-754F-4313-BBAA-F1546D2F1977}
2013-09-06 10:47 - 2013-09-06 10:47 - 00000000 ____D C:\Users\Shirl\AppData\Local\{2071E31E-D003-4E55-B7CC-81871BC2A329}
2013-09-06 10:44 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Web Protect
2013-09-06 10:44 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\privoxy
2013-09-06 05:38 - 2013-09-06 05:38 - 00000000 ____D C:\Users\Shirl\AppData\Local\{F912DAE4-0BFE-4F34-A18C-0237B6F917E4}
2013-09-05 03:42 - 2013-09-05 03:42 - 00000000 ____D C:\Users\Shirl\AppData\Local\{B35D20EE-9C85-4511-BA4D-6AEE245392A2}
2013-09-04 12:41 - 2013-09-04 12:41 - 00058192 _____ (Linksicle) C:\Windows\System32\Drivers\lsnfd.sys
2013-09-04 04:55 - 2013-09-04 04:55 - 00004018 _____ C:\Windows\System32\Tasks\Scheduled Task Name
2013-09-04 04:49 - 2013-09-03 03:13 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9DBCD3C4-4C92-4B8E-9E55-864BC76DE9EF}
2013-09-02 05:03 - 2013-09-02 05:02 - 00000000 ____D C:\Users\Shirl\AppData\Local\{E3522683-7DF1-42F1-BE61-A81EDFC6BBDC}
2013-09-01 04:01 - 2013-09-01 04:01 - 00000000 ____D C:\Users\Shirl\AppData\Local\{6B9E1DD5-5A73-4582-B651-CCD9E179989F}
2013-08-31 10:01 - 2013-08-30 04:44 - 00000000 ____D C:\Users\Shirl\AppData\Local\{BEC8A514-3104-4057-A4E2-C0D8F26AE8FA}
2013-08-29 04:57 - 2013-08-29 04:57 - 00000000 ____D C:\Users\Shirl\AppData\Local\{AD1ED612-F699-40DE-88CA-808F6B77F328}
2013-08-29 04:55 - 2013-05-06 06:11 - 00000000 ____D C:\Program Files (x86)\BasicServe
2013-08-28 05:23 - 2013-05-06 06:11 - 00000000 ____D C:\ProgramData\BasicServe
2013-08-28 05:21 - 2013-08-28 05:21 - 00000000 ____D C:\Users\Shirl\AppData\Local\{494559D4-EC13-40E6-9B92-20A995A43C8F}
2013-08-27 04:11 - 2013-08-27 04:11 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9CE4B448-5837-4A9C-A3B2-3642F51F6EDE}
2013-08-26 03:29 - 2013-08-26 03:29 - 00000000 ____D C:\Users\Shirl\AppData\Local\{9D5ABD0D-7C0F-4B26-B436-C583868A99FA}

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.7608.dll

Some content of TEMP:
====================
C:\Users\Shirl\AppData\Local\Temp\air5BB7.exe
C:\Users\Shirl\AppData\Local\Temp\air78B6.exe
C:\Users\Shirl\AppData\Local\Temp\airCB08.exe
C:\Users\Shirl\AppData\Local\Temp\airD72D.exe
C:\Users\Shirl\AppData\Local\Temp\airD8F1.exe
C:\Users\Shirl\AppData\Local\Temp\airF0E2.exe
C:\Users\Shirl\AppData\Local\Temp\CB09_fdminst.exe
C:\Users\Shirl\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Shirl\AppData\Local\Temp\InboxAce.exe
C:\Users\Shirl\AppData\Local\Temp\internet-explorer.exe
C:\Users\Shirl\AppData\Local\Temp\mvpehqzq.dll
C:\Users\Shirl\AppData\Local\Temp\nse584F.exe
C:\Users\Shirl\AppData\Local\Temp\nsk8980.exe
C:\Users\Shirl\AppData\Local\Temp\oi_{6EF05001-258F-45A4-974D-7D6674553C61}.exe
C:\Users\Shirl\AppData\Local\Temp\sqlite3.exe
C:\Users\Shirl\AppData\Local\Temp\_is70EB.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

1
Restore point made on: 2013-09-23 05:49:28

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2812.2 MB
Available physical RAM: 2156.44 MB
Total Pagefile: 2810.35 MB
Available Pagefile: 2154.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.06 GB) (Free:178.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:13.53 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: () (Removable) (Total:14.9 GB) (Free:12.96 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: E48393F7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 943C943C)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

LastRegBack: 2013-09-23 06:35

==================== End Of Log ============================



#6 jsyerxa

jsyerxa
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 25 September 2013 - 02:27 PM

Marius, Is this the way you want me to send the test result files to you or do you want the .txt file attached?



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 26 September 2013 - 06:03 AM

No, thats ok!

 

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
    HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\nsVDgn37\nsVDgn37.exe -sm,
    HKLM-x32\...\Run: [StartNowToolbarHelper] - "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
    HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
    HKLM-x32\...\Run: [PopularScreensavers Search Scope Monitor] - C:\PROGRA~2\POPULA~2\bar\1.bin\7isrchmn.exe [42536 2013-05-02] (MindSpark)
    HKLM-x32\...\Run: [PopularScreensavers_7i Browser Plugin Loader] - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe [30096 2013-05-02] (VER_COMPANY_NAME)
    HKLM-x32\...\Run: [OtShot] - C:\Program Files (x86)\OtShot\otshot.exe [4386816 2012-10-18] ()
    HKLM-x32\...\Run: [24x7HELP] - C:\Program Files (x86)\24x7Help\App24x7Help.exe [1773648 2013-03-20] (Crawler, LLC)
    HKU\Shirl\...\Run: [AdobeBridge] - [x]
    HKU\Shirl\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\Shirl\...\Run: [SearchProtect] - C:\Users\Shirl\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
    HKU\Shirl\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
    AppInit_DLLs:    [0 ] ()
    AppInit_DLLs-x32:   [ ] ()
    Startup: C:\Users\Shirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    
    S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-17] (PCRx.com, LLC)    
    S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
    S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
    S2 DefaultTabUpdate; C:\Users\Shirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-24] ()
    S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
    S2 PopularScreensavers_7iService; C:\PROGRA~2\POPULA~2\bar\1.bin\7ibarsvc.exe [42504 2013-05-02] (COMPANYVERS_NAME)
    S2 Update SaltarSmart; C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe [206624 2013-08-29] (SaltarSmart)
    S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-01-24] ()
    S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [825920 2013-09-14] (Wsys Co., Ltd.)
    S3 wanatw; system32\DRIVERS\wanatw64.sys [x]
    S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]
    
    C:\ProgramData\nsVDgn37
    C:\Program Files (x86)\StartNow Toolbar
    C:\Program Files (x86)\SearchProtect
    C:\PROGRA~2\POPULA~2
    C:\Program Files (x86)\OtShot
    C:\Program Files (x86)\MyPC Backup
    C:\Program Files (x86)\24x7Help
    C:\Program Files (x86)\Free Ride Games
    C:\Users\Shirl\AppData\Roaming\SearchProtect
    C:\Users\Shirl\AppData\Roaming\DefaultTab
    C:\Program Files (x86)\Fast Free Converter
    C:\Program Files (x86)\SaltarSmart
    C:\Program Files\Updater By SweetPacks
    C:\ProgramData\eSafe
    C:\Program Files (x86)\Desk 365
    C:\Users\Shirl\AppData\Roaming\Desk 365
    C:\Program Files (x86)\Vafmusic8
    C:\ProgramData\PCFixSpeed
    C:\Program Files (x86)\PCFixSpeed
    C:\Users\Shirl\AppData\Roaming\PCFixSpeed
    C:\Program Files (x86)\WunderWeb
    C:\ProgramData\Conduit
    C:\Program Files (x86)\KeyBar_2.2
    C:\Program Files\PC Optimizer Pro
    C:\Program Files (x86)\SpeedItup Free
    C:\Windows\SpeedItup Free
    C:\ProgramData\BrowserDefender
    C:\Program Files (x86)\Delta
    C:\Windows\System32\Tasks\EPUpdater
    C:\Users\Shirl\AppData\Roaming\BabSolution
    C:\ProgramData\DSearchLink
    C:\Users\Shirl\Downloads\wlsetup-web(1).exe
    C:\Users\Shirl\Downloads\wlsetup-web.exe
    C:\Program Files (x86)\Web Protect
    C:\Program Files (x86)\privoxy
    C:\Windows\Tasks\SA.DAT
    C:\Windows\System32\Ikeext.etl
    C:\alotserviceruntime.log
    C:\Users\Public\AlexaNSISPlugin.7608.dll
    C:\Users\Shirl\AppData\Local\Temp\air5BB7.exe
    C:\Users\Shirl\AppData\Local\Temp\air78B6.exe
    C:\Users\Shirl\AppData\Local\Temp\airCB08.exe
    C:\Users\Shirl\AppData\Local\Temp\airD72D.exe
    C:\Users\Shirl\AppData\Local\Temp\airD8F1.exe
    C:\Users\Shirl\AppData\Local\Temp\airF0E2.exe
    C:\Users\Shirl\AppData\Local\Temp\CB09_fdminst.exe
    C:\Users\Shirl\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
    C:\Users\Shirl\AppData\Local\Temp\InboxAce.exe
    C:\Users\Shirl\AppData\Local\Temp\internet-explorer.exe
    C:\Users\Shirl\AppData\Local\Temp\mvpehqzq.dll
    C:\Users\Shirl\AppData\Local\Temp\nse584F.exe
    C:\Users\Shirl\AppData\Local\Temp\nsk8980.exe
    C:\Users\Shirl\AppData\Local\Temp\oi_{6EF05001-258F-45A4-974D-7D6674553C61}.exe
    C:\Users\Shirl\AppData\Local\Temp\sqlite3.exe
    C:\Users\Shirl\AppData\Local\Temp\_is70EB.exe
     
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Now boot into windows!

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 jsyerxa

jsyerxa
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 September 2013 - 08:47 AM

Here is the fixlog:
After completing this step I booted into Windows. The Antivirus Security Pro program still popped up and would not allow me to go on the internet to get Combofix. I put Combofix on a flash drive and got it on the desktop but as soon as I click on the Combofix icon to start it a Antivirus Security Pro message pops up "Warning! Infected file detected" and wont allow me to go beyond that point.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by SYSTEM at 2013-09-26 06:01:20 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
ï HKLM\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
ï HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\nsVDgn37\nsVDgn37.exe -sm,
ï HKLM-x32\...\Run: [StartNowToolbarHelper] - "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
ï HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
ï HKLM-x32\...\Run: [PopularScreensavers Search Scope Monitor] - C:\PROGRA~2\POPULA~2\bar\1.bin\7isrchmn.exe [42536 2013-05-02]
ï (MindSpark)
ï HKLM-x32\...\Run: [PopularScreensavers_7i Browser Plugin Loader] - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe [30096 2013-05-02] (VER_COMPANY_NAME)
ï HKLM-x32\...\Run: [OtShot] - C:\Program Files (x86)\OtShot\otshot.exe [4386816 2012-10-18] ()
ï HKLM-x32\...\Run: [24x7HELP] - C:\Program Files (x86)\24x7Help\App24x7Help.exe [1773648 2013-03-20] (Crawler, LLC)
ï HKU\Shirl\...\Run: [AdobeBridge] - [x]
ï HKU\Shirl\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
ï HKU\Shirl\...\Run: [SearchProtect] - C:\Users\Shirl\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
ï HKU\Shirl\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
ï AppInit_DLLs: [0 ] ()
ï AppInit_DLLs-x32: [ ] ()
ï Startup: C:\Users\Shirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ï ShortcutTarget: MyPC Backup.lnk -> C:\Program Files
ï (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ï
ï S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-17] (PCRx.com, LLC)
ï S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
ï S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
ï S2 DefaultTabUpdate; C:\Users\Shirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-24] ()
ï S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
ï S2 PopularScreensavers_7iService; C:\PROGRA~2\POPULA~2\bar\1.bin\7ibarsvc.exe [42504 2013-05-02] (COMPANYVERS_NAME)
ï S2 Update SaltarSmart; C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe [206624 2013-08-29] (SaltarSmart)
ï S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-01-24] ()
ï S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe
ï [825920 2013-09-14] (Wsys Co., Ltd.)
ï S3 wanatw; system32\DRIVERS\wanatw64.sys [x]
ï S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]
ï
ï C:\ProgramData\nsVDgn37
ï C:\Program Files (x86)\StartNow Toolbar
ï C:\Program Files (x86)\SearchProtect
ï C:\PROGRA~2\POPULA~2
ï C:\Program Files (x86)\OtShot
ï C:\Program Files (x86)\MyPC Backup
ï C:\Program Files (x86)\24x7Help
ï C:\Program Files (x86)\Free Ride Games
ï C:\Users\Shirl\AppData\Roaming\SearchProtect
ï C:\Users\Shirl\AppData\Roaming\DefaultTab
ï C:\Program Files (x86)\Fast Free Converter
ï C:\Program Files (x86)\SaltarSmart
ï C:\Program Files\Updater By SweetPacks
ï C:\ProgramData\eSafe
ï C:\Program Files (x86)\Desk 365
ï C:\Users\Shirl\AppData\Roaming\Desk 365
ï C:\Program Files (x86)\Vafmusic8
ï C:\ProgramData\PCFixSpeed
ï C:\Program Files (x86)\PCFixSpeed
ï C:\Users\Shirl\AppData\Roaming\PCFixSpeed
ï C:\Program Files (x86)\WunderWeb
ï C:\ProgramData\Conduit
ï C:\Program Files (x86)\KeyBar_2.2
ï C:\Program Files\PC Optimizer Pro
ï C:\Program Files
ï (x86)\SpeedItup Free
ï C:\Windows\SpeedItup Free
ï C:\ProgramData\BrowserDefender
ï C:\Program Files (x86)\Delta
ï C:\Windows\System32\Tasks\EPUpdater
ï C:\Users\Shirl\AppData\Roaming\BabSolution
ï C:\ProgramData\DSearchLink
ï C:\Users\Shirl\Downloads\wlsetup-web(1).exe
ï C:\Users\Shirl\Downloads\wlsetup-web.exe
ï C:\Program Files (x86)\Web Protect
ï C:\Program Files
ï (x86)\privoxy
ï C:\Windows\Tasks\SA.DAT
ï C:\Windows\System32\Ikeext.etl
ï C:\alotserviceruntime.log
ï C:\Users\Public\AlexaNSISPlugin.7608.dll
ï C:\Users\Shirl\AppData\Local\Temp\air5BB7.exe
ï C:\Users\Shirl\AppData\Local\Temp\air78B6.exe
ï C:\Users\Shirl\AppData\Local\Temp\airCB08.exe
ï C:\Users\Shirl\AppData\Local\Temp\airD72D.exe
ï C:\Users\Shirl\AppData\Local\Temp\airD8F1.exe
ï C:\Users\Shirl\AppData\Local\Temp\airF0E2.exe
ï C:\Users\Shirl\AppData\Local\Temp\CB09_fdminst.exe
ï C:\Users\Shirl\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
ï C:\Users\Shirl\AppData\Local\Temp\InboxAce.exe
ï C:\Users\Shirl\AppData\Local\Temp\internet-explorer.exe
ï C:\Users\Shirl\AppData\Local\Temp\mvpehqzq.dll
ï C:\Users\Shirl\AppData\Local\Temp\nse584F.exe
ï C:\Users\Shirl\AppData\Local\Temp\nsk8980.exe
ï C:\Users\Shirl\AppData\Local\Temp\oi_{6EF05001-258F-45A4-974D-7D6674553C61}.exe
ï C:\Users\Shirl\AppData\Local\Temp\sqlite3.exe
ï C:\Users\Shirl\AppData\Local\Temp\_is70EB.exe
ï

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ï AS2014 => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ï StartNowToolbarHelper => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ï SearchProtectAll => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ï PopularScreensavers Search Scope Monitor => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ï PopularScreensavers_7i Browser Plugin Loader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ï OtShot => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ï 24x7HELP => Value not found.
HKU\ï Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\ï AdobeBridge => Value not found.
HKU\ï Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\ï Exetender => Value not found.
HKU\ï Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\ï SearchProtect => Value not found.
HKU\ï Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\ï AS2014 => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
ï ShortcutTarget: MyPC Backup.lnk -> C:\Program Files not found.
ï 24x7HelpSvc => Service not found.
ï BackupStack => Service not found.
ï CltMngSvc => Service not found.
ï DefaultTabUpdate => Service not found.
ï FastFreeConverterUpdt => Service not found.
ï PopularScreensavers_7iService => Service not found.
ï Update SaltarSmart => Service not found.
ï Updater By SweetPacks => Service not found.
ï WsysSvc => Service not found.
ï wanatw => Service not found.
ï X5XSEx => Service not found.

==== End of Fixlog ====

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 26 September 2013 - 09:10 AM

The problem is that you made these special characters into your fixlist.txt.

Take the attached one and repeat the procedure.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 jsyerxa

jsyerxa
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 September 2013 - 09:30 AM

Marius, at what point in redoing the procedure do you want the CFScript run? Should this replace the Fixlist.txt?



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 26 September 2013 - 04:16 PM

I made a mistake...I´ve attached the right file now! Sorry!

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 jsyerxa

jsyerxa
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 September 2013 - 04:42 PM

While I was waiting for your response I went through the whole procedure again and it worked this time so I have a new fixlog that I will post here tomorrow when I get back to the machine. After rebooting I was able to run the Combofix program. It did warn me that Norton Online was running and wanted me to shut it down. I was unable to find a way to stop it from running or to disable it so continued to run Combofix.  It warned me that I was doing it "at my own risk".

It appeared to complete okay but did not have time to get the file to post so will post that in the morning also.

 

Is it a problem that I ran Combofix anyway with out Norton stopped? Should I uninstall Norton on the system and then run Combo again?

 

Thanks



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 26 September 2013 - 04:53 PM

No, that´s no problem. post up both logs when ready and I´ll provide the next steps. :-)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 jsyerxa

jsyerxa
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 27 September 2013 - 07:43 AM

Marius, Here is the results of the FRST64 - Fix.

 

I ran the Combo fix and it appeared to run okay and is showing a message that it is "Preparing log report, Do not run any programs until Combofix has finished." Not sure how long that will take but checked for a file named Combofix.txt on the C: drive but did not see anything yet.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by SYSTEM at 2013-09-26 12:20:03 Run:2
Running from H:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\nsVDgn37\nsVDgn37.exe -sm,
HKLM-x32\...\Run: [StartNowToolbarHelper] - "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKLM-x32\...\Run: [PopularScreensavers Search Scope Monitor] - C:\PROGRA~2\POPULA~2\bar\1.bin\7isrchmn.exe [42536 2013-05-02] (MindSpark)
HKLM-x32\...\Run: [PopularScreensavers_7i Browser Plugin Loader] - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibrmon.exe [30096 2013-05-02] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [OtShot] - C:\Program Files (x86)\OtShot\otshot.exe [4386816 2012-10-18] ()
HKLM-x32\...\Run: [24x7HELP] - C:\Program Files (x86)\24x7Help\App24x7Help.exe [1773648 2013-03-20] (Crawler, LLC)
HKU\Shirl\...\Run: [AdobeBridge] - [x]
HKU\Shirl\...\Run: [Exetender] - "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\Shirl\...\Run: [SearchProtect] - C:\Users\Shirl\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Shirl\...\Run: [AS2014] - C:\ProgramData\nsVDgn37\nsVDgn37.exe [515072 2013-09-19] ()
AppInit_DLLs:    [0 ] ()
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Shirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

S2 24x7HelpSvc; C:\Program Files (x86)\24x7Help\App24x7Svc.exe [342608 2013-03-17] (PCRx.com, LLC)   
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
S2 DefaultTabUpdate; C:\Users\Shirl\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-02-24] ()
S2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
S2 PopularScreensavers_7iService; C:\PROGRA~2\POPULA~2\bar\1.bin\7ibarsvc.exe [42504 2013-05-02] (COMPANYVERS_NAME)
S2 Update SaltarSmart; C:\Program Files (x86)\SaltarSmart\updateSaltarSmart.exe [206624 2013-08-29] (SaltarSmart)
S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-01-24] ()
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [825920 2013-09-14] (Wsys Co., Ltd.)
S3 wanatw; system32\DRIVERS\wanatw64.sys [x]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [x]

C:\ProgramData\nsVDgn37
C:\Program Files (x86)\StartNow Toolbar
C:\Program Files (x86)\SearchProtect
C:\PROGRA~2\POPULA~2
C:\Program Files (x86)\OtShot
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\24x7Help
C:\Program Files (x86)\Free Ride Games
C:\Users\Shirl\AppData\Roaming\SearchProtect
C:\Users\Shirl\AppData\Roaming\DefaultTab
C:\Program Files (x86)\Fast Free Converter
C:\Program Files (x86)\SaltarSmart
C:\Program Files\Updater By SweetPacks
C:\ProgramData\eSafe
C:\Program Files (x86)\Desk 365
C:\Users\Shirl\AppData\Roaming\Desk 365
C:\Program Files (x86)\Vafmusic8
C:\ProgramData\PCFixSpeed
C:\Program Files (x86)\PCFixSpeed
C:\Users\Shirl\AppData\Roaming\PCFixSpeed
C:\Program Files (x86)\WunderWeb
C:\ProgramData\Conduit
C:\Program Files (x86)\KeyBar_2.2
C:\Program Files\PC Optimizer Pro
C:\Program Files (x86)\SpeedItup Free
C:\Windows\SpeedItup Free
C:\ProgramData\BrowserDefender
C:\Program Files (x86)\Delta
C:\Windows\System32\Tasks\EPUpdater
C:\Users\Shirl\AppData\Roaming\BabSolution
C:\ProgramData\DSearchLink
C:\Users\Shirl\Downloads\wlsetup-web(1).exe
C:\Users\Shirl\Downloads\wlsetup-web.exe
C:\Program Files (x86)\Web Protect
C:\Program Files (x86)\privoxy
C:\Windows\Tasks\SA.DAT
C:\Windows\System32\Ikeext.etl
C:\alotserviceruntime.log
C:\Users\Public\AlexaNSISPlugin.7608.dll
C:\Users\Shirl\AppData\Local\Temp\air5BB7.exe
C:\Users\Shirl\AppData\Local\Temp\air78B6.exe
C:\Users\Shirl\AppData\Local\Temp\airCB08.exe
C:\Users\Shirl\AppData\Local\Temp\airD72D.exe
C:\Users\Shirl\AppData\Local\Temp\airD8F1.exe
C:\Users\Shirl\AppData\Local\Temp\airF0E2.exe
C:\Users\Shirl\AppData\Local\Temp\CB09_fdminst.exe
C:\Users\Shirl\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Shirl\AppData\Local\Temp\InboxAce.exe
C:\Users\Shirl\AppData\Local\Temp\internet-explorer.exe
C:\Users\Shirl\AppData\Local\Temp\mvpehqzq.dll
C:\Users\Shirl\AppData\Local\Temp\nse584F.exe
C:\Users\Shirl\AppData\Local\Temp\nsk8980.exe
C:\Users\Shirl\AppData\Local\Temp\oi_{6EF05001-258F-45A4-974D-7D6674553C61}.exe
C:\Users\Shirl\AppData\Local\Temp\sqlite3.exe
C:\Users\Shirl\AppData\Local\Temp\_is70EB.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PopularScreensavers Search Scope Monitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PopularScreensavers_7i Browser Plugin Loader => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OtShot => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\24x7HELP => Value deleted successfully.
HKU\Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value deleted successfully.
HKU\Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
HKU\Shirl\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\Shirl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Moved successfully.
24x7HelpSvc => Service deleted successfully.
BackupStack => Service deleted successfully.
CltMngSvc => Service deleted successfully.
DefaultTabUpdate => Service deleted successfully.
FastFreeConverterUpdt => Service deleted successfully.
PopularScreensavers_7iService => Service deleted successfully.
Update SaltarSmart => Service deleted successfully.
Updater By SweetPacks => Service deleted successfully.
WsysSvc => Service deleted successfully.
wanatw => Service deleted successfully.
X5XSEx => Service deleted successfully.
C:\ProgramData\nsVDgn37 => Moved successfully.
C:\Program Files (x86)\StartNow Toolbar => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\PROGRA~2\POPULA~2 => Moved successfully.
C:\Program Files (x86)\OtShot => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\Program Files (x86)\24x7Help => Moved successfully.
C:\Program Files (x86)\Free Ride Games => Moved successfully.
C:\Users\Shirl\AppData\Roaming\SearchProtect => Moved successfully.
C:\Users\Shirl\AppData\Roaming\DefaultTab => Moved successfully.
C:\Program Files (x86)\Fast Free Converter => Moved successfully.
C:\Program Files (x86)\SaltarSmart => Moved successfully.
C:\Program Files\Updater By SweetPacks => Moved successfully.
C:\ProgramData\eSafe => Moved successfully.
C:\Program Files (x86)\Desk 365 => Moved successfully.
C:\Users\Shirl\AppData\Roaming\Desk 365 => Moved successfully.
C:\Program Files (x86)\Vafmusic8 => Moved successfully.
C:\ProgramData\PCFixSpeed => Moved successfully.
C:\Program Files (x86)\PCFixSpeed => Moved successfully.
C:\Users\Shirl\AppData\Roaming\PCFixSpeed => Moved successfully.
C:\Program Files (x86)\WunderWeb => Moved successfully.
C:\ProgramData\Conduit => Moved successfully.
C:\Program Files (x86)\KeyBar_2.2 => Moved successfully.
C:\Program Files\PC Optimizer Pro => Moved successfully.
C:\Program Files (x86)\SpeedItup Free => Moved successfully.
C:\Windows\SpeedItup Free => Moved successfully.
C:\ProgramData\BrowserDefender => Moved successfully.
C:\Program Files (x86)\Delta => Moved successfully.
C:\Windows\System32\Tasks\EPUpdater => Moved successfully.
C:\Users\Shirl\AppData\Roaming\BabSolution => Moved successfully.
C:\ProgramData\DSearchLink => Moved successfully.
C:\Users\Shirl\Downloads\wlsetup-web(1).exe => Moved successfully.
C:\Users\Shirl\Downloads\wlsetup-web.exe => Moved successfully.
C:\Program Files (x86)\Web Protect => Moved successfully.
C:\Program Files (x86)\privoxy => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.
C:\Windows\System32\Ikeext.etl => Moved successfully.
C:\alotserviceruntime.log => Moved successfully.
C:\Users\Public\AlexaNSISPlugin.7608.dll => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\air5BB7.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\air78B6.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\airCB08.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\airD72D.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\airD8F1.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\airF0E2.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\CB09_fdminst.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\InboxAce.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\internet-explorer.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\mvpehqzq.dll => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\nse584F.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\nsk8980.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\oi_{6EF05001-258F-45A4-974D-7D6674553C61}.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Shirl\AppData\Local\Temp\_is70EB.exe => Moved successfully.

==== End of Fixlog ====



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 27 September 2013 - 08:34 AM

Wait for combofix to complete. If it will not finish, reboot into safe mode and try again.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users