Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All browsers are acting in irratic way


  • This topic is locked This topic is locked
32 replies to this topic

#1 billdoc

billdoc

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 18 December 2013 - 06:25 PM

Hi to the experts at bleepingcomputer.com

 

All browers i.e. Firefox, AOl and IE have just in the past week or so started acting in most unpredictable and irractic fashion. Estimated wait time on IE for page loads is approx 20 - 30 seconds. A white screen appears frequently after clicking a page and will remain like this for some time until the page loads then text and graphics will slowly fill in . Most annoying given the almost instant access to pages just a week or so ago.

 

I am running the following programs:

 

CCleaner .......all temp files and history files have been regularly deleted

Malwarebytes ........no malicious files found on scan

Avast ..........same as above

 

 

Can somebody jump in and maybe give me some instrustions on how to track down the reason for this browser slowdown. Ping is 30ms.......download speed is 49mbps ....upload speed is 11mbps.........

 

I can provide any other information as required.

 

Thanks again ,

B


Edited by billdoc, 18 December 2013 - 07:16 PM.


BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:16 AM

Posted 18 December 2013 - 07:18 PM

Hi, billdoc! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:
 

  • Please don't make any changes to your computer until I'm done helping you without asking me first! This will make it practically impossible for me to assist you.
  • Please don't run things without asking me first, this will also make it impossible for me to help you.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I'm a human just like you, so I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

 

 

I am going to have you run a scan with a tool called FRST, which will give me more information to work with to start fixing your PC. :)

 

Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.
 

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Say Yes on the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 18 December 2013 - 08:10 PM

Thank you so much for assisting with this pesky little pc matter. Now , at your request , I have gone ahead and run FRST.txt with the log provided below. Beneath the first log will be the Additions.txt log for you to review .

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 05
Ran by Win7 (administrator) on WIN7-HP on 18-12-2013 17:02:35
Running from C:\Users\Win7\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
() C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1346455731\ee\aolsoftware.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2828072 2011-09-16] (Synaptics Incorporated)
HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [548936 2013-09-05] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [BackgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Win7\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKCU\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [72760 2013-09-07] (AOL Inc.)
HKCU\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [455744 2013-12-09] (BillP Studios)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1346455731\ee\aolsoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2007-09-04] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-21] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\3b5de7f0-5b18-49ab-a8f9-3b24da404f5f.exe [180184 2013-11-23] (AVAST Software)
HKU\Sabrina\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKU\Sabrina\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKU\Sabrina\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-01] (Google Inc.)
HKU\Sabrina\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\Sabrina\...\Run: [SearchProtect] - C:\Users\Sabrina\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\Sabrina\...\Run: [Amazon Cloud Player] - C:\Users\Sabrina\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Win7\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^man000^YYA^&ptb=755EE55B-0F0D-4E7F-90F4-3E3E58D79E5B&ind=2013090610&n=77fd5332&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={D792C20A-5E61-4804-B0F7-8FD9B3044960}
SearchScopes: HKCU - DefaultScope {027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN59898506423329192&UM=2
SearchScopes: HKCU - {027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN59898506423329192&UM=2
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^man000^YYA^&ptb=755EE55B-0F0D-4E7F-90F4-3E3E58D79E5B&ind=2013090518&n=77fd52d6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={D792C20A-5E61-4804-B0F7-8FD9B3044960}&crg=3.5000006.10045&st=23
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default
FF user.js: detected! => C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\user.js
FF DefaultSearchEngine: Connect DLC 5 Customized Web Search
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Win7\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\searchplugins\conduit.xml
FF Extension: AOL Toolbar - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF Extension: Connect DLC 5  - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (avast! WebRep) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Gmail) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Win7\AppData\Local\Wajam\Chrome\wajam.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-20] (AVAST Software)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464440 2011-05-09] (Hewlett-Packard Company)
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-09-05] (COMPANYVERS_NAME)
S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
S3 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-10] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-10] (ArcSoft, Inc.)
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-10-20] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-29] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-10-20] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-20] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-10-20] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-12-16] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-10-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-20] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [1385632 2012-10-05] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-30] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121027.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121029.002\ENG64.SYS [126112 2012-10-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121029.002\EX64.SYS [2084000 2012-10-16] (Symantec Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-11] (Sunplus Technology)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-18 17:02 - 2013-12-18 17:03 - 00030971 _____ C:\Users\Win7\Downloads\FRST.txt
2013-12-18 17:02 - 2013-12-18 17:02 - 00000000 ____D C:\FRST
2013-12-18 17:01 - 2013-12-18 17:01 - 02192805 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2013-12-18 14:43 - 2013-12-18 14:43 - 00040974 _____ C:\ComboFix.txt
2013-12-18 14:19 - 2011-06-25 22:45 - 00256000 _____ C:\windows\PEV.exe
2013-12-18 14:19 - 2010-11-07 09:20 - 00208896 _____ C:\windows\MBR.exe
2013-12-18 14:19 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00098816 _____ C:\windows\sed.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00080412 _____ C:\windows\grep.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00068096 _____ C:\windows\zip.exe
2013-12-18 14:15 - 2013-12-18 14:43 - 00000000 ____D C:\Qoobox
2013-12-18 14:15 - 2013-12-18 14:41 - 00000000 ____D C:\windows\erdnt
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Users\Win7\AppData\Roaming\WinPatrol
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-12-18 13:36 - 2013-12-18 13:36 - 00000115 _____ C:\windows\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}.ini
2013-12-17 23:37 - 2013-12-17 23:37 - 00000000 _____ C:\windows\SysWOW64\sho81EA.tmp
2013-12-17 23:36 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-17 23:36 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-17 23:36 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-17 23:36 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-17 23:36 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-17 23:36 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-17 23:36 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-17 23:36 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-17 23:36 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-17 23:36 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-17 23:36 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-17 23:36 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-17 23:36 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-17 23:36 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-17 23:36 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-17 23:36 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-17 23:36 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-17 23:36 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-17 23:36 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-17 23:36 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-17 23:36 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-17 23:36 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-17 23:36 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-17 23:36 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-17 23:36 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-17 23:36 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-17 23:36 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-17 23:36 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-17 23:36 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-17 23:36 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-17 23:36 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-17 13:09 - 2013-12-17 13:09 - 00000407 _____ C:\Users\Win7\Downloads\fcmi-letters-pg-1-9.csv
2013-12-17 08:26 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-12-17 08:26 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-17 08:26 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-17 08:26 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-17 08:26 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-12-17 03:06 - 2013-12-17 08:26 - 00013667 _____ C:\windows\IE11_main.log
2013-12-17 00:56 - 2013-12-17 00:56 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-17 00:54 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-17 00:54 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-17 00:09 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-17 00:09 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-16 23:58 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-16 23:58 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-16 23:58 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-16 23:58 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-16 23:58 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-16 23:58 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-16 23:58 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-16 23:58 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-16 23:54 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-16 23:54 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-16 23:52 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-16 23:52 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-16 23:50 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-16 23:50 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 16:40 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-06 11:32 - 2013-12-18 14:35 - 00003364 _____ C:\windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-05 20:49 - 2013-12-05 20:49 - 00000000 _____ C:\windows\SysWOW64\shoD594.tmp
2013-12-05 20:36 - 2013-12-05 20:42 - 00000000 ____D C:\Users\Sabrina\Downloads\Golden Gate Yacht Club Performance
2013-12-04 15:58 - 2013-12-18 14:35 - 00000616 _____ C:\windows\setupact.log
2013-12-04 15:58 - 2013-12-18 14:34 - 00001696 _____ C:\windows\PFRO.log
2013-12-04 15:58 - 2013-12-04 15:58 - 00000000 _____ C:\windows\setuperr.log
2013-12-02 07:54 - 2013-12-02 07:54 - 00055808 _____ C:\Users\Win7\Desktop\timesheet wci.xls
2013-12-02 07:45 - 2013-12-02 07:45 - 00055296 _____ C:\Users\Win7\Documents\Copyof11_18_13_timesheet.xls
2013-11-24 11:21 - 2013-11-28 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-23 18:41 - 2013-11-23 18:41 - 00000000 ____D C:\Users\Win7\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat

==================== One Month Modified Files and Folders =======

2013-12-18 17:03 - 2013-12-18 17:02 - 00030971 _____ C:\Users\Win7\Downloads\FRST.txt
2013-12-18 17:02 - 2013-12-18 17:02 - 00000000 ____D C:\FRST
2013-12-18 17:01 - 2013-12-18 17:01 - 02192805 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2013-12-18 16:56 - 2012-08-31 10:21 - 00000000 ____D C:\Users\Win7\AppData\Roaming\Skype
2013-12-18 16:53 - 2013-09-22 11:42 - 01054165 _____ C:\windows\WindowsUpdate.log
2013-12-18 16:46 - 2012-08-31 10:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-18 16:29 - 2012-11-01 15:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-18 15:35 - 2009-07-13 20:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-18 15:35 - 2009-07-13 20:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-18 15:30 - 2013-07-23 17:25 - 00000924 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001UA.job
2013-12-18 15:29 - 2011-01-31 21:36 - 00000000 ____D C:\SYSTEM.SAV
2013-12-18 14:43 - 2013-12-18 14:43 - 00040974 _____ C:\ComboFix.txt
2013-12-18 14:43 - 2013-12-18 14:15 - 00000000 ____D C:\Qoobox
2013-12-18 14:43 - 2009-07-13 21:13 - 00783812 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-18 14:43 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2013-12-18 14:41 - 2013-12-18 14:15 - 00000000 ____D C:\windows\erdnt
2013-12-18 14:38 - 2012-08-30 11:28 - 00000000 ____D C:\Users\Win7\AppData\Roaming\hpqLog
2013-12-18 14:36 - 2011-12-22 11:12 - 00000000 ____D C:\ProgramData\PDFC
2013-12-18 14:36 - 2009-07-13 18:34 - 00000215 _____ C:\windows\system.ini
2013-12-18 14:35 - 2013-12-06 11:32 - 00003364 _____ C:\windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-18 14:35 - 2013-12-04 15:58 - 00000616 _____ C:\windows\setupact.log
2013-12-18 14:35 - 2012-11-01 15:39 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-18 14:35 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-18 14:34 - 2013-12-04 15:58 - 00001696 _____ C:\windows\PFRO.log
2013-12-18 14:33 - 2009-07-13 18:34 - 91226112 _____ C:\windows\system32\config\SOFTWARE.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 17301504 _____ C:\windows\system32\config\SYSTEM.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 00524288 _____ C:\windows\system32\config\DEFAULT.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 00065536 _____ C:\windows\system32\config\SAM.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 00024576 _____ C:\windows\system32\config\SECURITY.bak
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Users\Win7\AppData\Roaming\WinPatrol
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-12-18 13:42 - 2012-12-26 18:41 - 00000000 ____D C:\Program Files\Smart PDF Creator
2013-12-18 13:36 - 2013-12-18 13:36 - 00000115 _____ C:\windows\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}.ini
2013-12-18 13:36 - 2013-06-19 19:02 - 00000000 ____D C:\Users\Win7\AppData\Roaming\Nuance
2013-12-18 13:36 - 2013-06-19 18:30 - 00000000 ____D C:\ProgramData\Nuance
2013-12-18 12:45 - 2012-08-30 11:36 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{BBCFB1AE-9FE5-4DC1-B144-3476438D9B75}
2013-12-18 11:00 - 2012-09-04 15:52 - 00000000 ____D C:\Users\Win7\AppData\Local\CrashDumps
2013-12-17 23:37 - 2013-12-17 23:37 - 00000000 _____ C:\windows\SysWOW64\sho81EA.tmp
2013-12-17 18:30 - 2013-07-23 17:25 - 00000902 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001Core.job
2013-12-17 13:09 - 2013-12-17 13:09 - 00000407 _____ C:\Users\Win7\Downloads\fcmi-letters-pg-1-9.csv
2013-12-17 09:52 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-17 09:20 - 2012-08-30 11:36 - 00001417 _____ C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 09:20 - 2009-07-13 21:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-17 09:17 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache
2013-12-17 08:38 - 2009-07-13 19:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-17 08:26 - 2013-12-17 03:06 - 00013667 _____ C:\windows\IE11_main.log
2013-12-17 08:24 - 2013-12-17 08:24 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-12-17 03:14 - 2011-02-10 21:14 - 00000000 ____D C:\windows\Panther
2013-12-17 03:13 - 2009-07-13 20:45 - 00438200 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-17 03:08 - 2009-07-13 18:34 - 00000499 _____ C:\windows\win.ini
2013-12-17 03:04 - 2013-08-14 23:08 - 00000000 ____D C:\windows\system32\MRT
2013-12-17 03:02 - 2012-08-30 11:56 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-17 02:12 - 2013-07-29 19:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-17 01:00 - 2012-08-30 19:28 - 00000000 ____D C:\Users\Win7
2013-12-17 00:56 - 2013-12-17 00:56 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-17 00:56 - 2012-08-31 10:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-17 00:56 - 2012-08-31 10:18 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-17 00:56 - 2012-08-31 10:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-16 23:42 - 2012-11-01 15:38 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-12-16 23:38 - 2013-10-20 19:55 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-16 23:38 - 2012-11-01 15:38 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-12-16 23:33 - 2013-10-15 17:37 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.7
2013-12-16 23:33 - 2013-09-19 10:09 - 00000000 ____D C:\Program Files\CCleaner
2013-12-16 23:33 - 2013-04-03 19:04 - 00000000 ____D C:\Users\Sabrina
2013-12-16 23:33 - 2012-12-05 12:55 - 00000000 ____D C:\windows\system32\Macromed
2013-12-16 23:33 - 2012-01-10 10:02 - 00000000 ____D C:\ProgramData\Norton
2013-12-16 23:33 - 2011-12-22 11:14 - 00000000 ____D C:\windows\SysWOW64\Macromed
2013-12-16 23:33 - 2009-07-13 19:20 - 00000000 ____D C:\windows\AppCompat
2013-12-16 23:33 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-16 23:32 - 2011-02-10 20:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-16 23:31 - 2009-07-13 19:20 - 00000000 ____D C:\windows\registration
2013-12-16 23:30 - 2012-08-31 09:56 - 00000000 ____D C:\Users\Win7\AppData\Roaming\Adobe
2013-12-16 23:28 - 2013-05-05 18:00 - 00000000 ___RD C:\Users\Sabrina\Dropbox
2013-12-16 23:28 - 2013-04-07 09:45 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Skype
2013-12-14 18:52 - 2013-04-03 19:11 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Google
2013-12-06 11:53 - 2013-07-31 22:17 - 00004966 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Win7-HP-Win7 Win7-HP
2013-12-05 20:49 - 2013-12-05 20:49 - 00000000 _____ C:\windows\SysWOW64\shoD594.tmp
2013-12-05 20:42 - 2013-12-05 20:36 - 00000000 ____D C:\Users\Sabrina\Downloads\Golden Gate Yacht Club Performance
2013-12-05 20:35 - 2013-05-05 17:43 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Dropbox
2013-12-04 15:58 - 2013-12-04 15:58 - 00000000 _____ C:\windows\setuperr.log
2013-12-04 09:46 - 2012-09-07 20:46 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForWin7
2013-12-04 09:46 - 2012-09-07 20:46 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForWin7.job
2013-12-03 14:24 - 2012-11-01 15:39 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 14:24 - 2012-11-01 15:39 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 13:38 - 2012-09-04 09:44 - 00000000 _____ C:\windows\system32\Drivers\lvuvc.hs
2013-12-02 07:54 - 2013-12-02 07:54 - 00055808 _____ C:\Users\Win7\Desktop\timesheet wci.xls
2013-12-02 07:45 - 2013-12-02 07:45 - 00055296 _____ C:\Users\Win7\Documents\Copyof11_18_13_timesheet.xls
2013-12-02 07:20 - 2013-09-29 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-28 13:47 - 2013-11-24 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-28 09:28 - 2013-05-05 18:00 - 00001022 _____ C:\Users\Sabrina\Desktop\Dropbox.lnk
2013-11-28 09:28 - 2013-05-05 17:54 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-28 09:28 - 2013-04-03 19:05 - 00000000 ___RD C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-27 18:51 - 2012-10-01 05:51 - 00003216 _____ C:\windows\System32\Tasks\HPCeeScheduleForWIN7-HP$
2013-11-27 18:51 - 2012-10-01 05:51 - 00000340 _____ C:\windows\Tasks\HPCeeScheduleForWIN7-HP$.job
2013-11-26 03:54 - 2013-12-17 23:36 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 02:19 - 2013-12-17 23:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 02:18 - 2013-12-17 23:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-17 23:36 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-17 23:36 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 01:46 - 2013-12-17 23:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-17 23:36 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 01:29 - 2013-12-17 23:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 01:27 - 2013-12-17 23:36 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 01:23 - 2013-12-17 23:36 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-17 23:36 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 01:18 - 2013-12-17 23:36 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-17 23:36 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-17 23:36 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-17 23:36 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-17 23:36 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-17 23:36 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-17 23:36 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 00:32 - 2013-12-17 23:36 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-17 23:36 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-17 23:36 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-17 23:36 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-17 23:36 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-25 23:32 - 2013-12-17 23:36 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-17 23:36 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-17 23:36 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-25 22:40 - 2013-12-17 23:36 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-25 22:34 - 2013-12-17 23:36 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-17 23:36 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-17 23:36 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-17 23:36 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-23 18:41 - 2013-11-23 18:41 - 00000000 ____D C:\Users\Win7\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-11-23 10:26 - 2013-12-17 00:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-17 00:54 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-11-21 18:54 - 2013-07-29 19:39 - 00000000 ____D C:\Program Files (x86)\FileOpenerPro

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 08:35

==================== End Of Log ============================

 

 

Next is the Additions.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-12-2013 05
Ran by Win7 at 2013-12-18 17:03:41
Running from C:\Users\Win7\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
Adobe Acrobat XI Pro (x32 Version: 11.0.00)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Download Assistant (x32 Version: 1.2.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
AOL Uninstaller (Choose which Products to Remove) (x32)
ArcSoft ShowBiz (x32 Version: )
ArcSoft TotalMedia (x32 Version: 1.0.48.25)
ArcSoft TotalMedia (x32 Version: 2.0.39.12)
ArcSoft TotalMedia Theatre 5 (x32 Version: 5.2.1.120)
ArcSoft Webcam Sharing Manager (x32 Version: 2.0.0.30)
avast! Free Antivirus (x32 Version: 9.0.2006)
BCL easyConverter Desktop 3 (Word Version) (x32 Version: 3.0.18)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95)
CameraHelperMsi (x32 Version: 13.50.854.0)
CCleaner (Version: 4.05)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
D3DX10 (x32 Version: 15.4.2368.0902)
Debut Video Capture Software (x32 Version: 1.82)
Device Access Manager for HP ProtectTools (Version: 6.0.0.12)
Download Updater (AOL Inc.) (x32)
Drive Encryption For HP ProtectTools (Version: 6.0.33.24411)
DriverAgent by eSupport.com (x32)
Dropbox (HKCU Version: 1.6.17)
Energy Star Digital Logo (x32 Version: 1.0.1)
erLT (x32 Version: 1.20.138.34)
Evernote v. 4.2.2 (x32 Version: 4.2.2.3979)
Express Burn (x32)
Face Recognition for HP ProtectTools (Version: 6.00.4303)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FastStone Image Viewer 4.6 (x32 Version: 4.6)
FATE (x32 Version: 2.2.0.95)
File Opener Pro (x32)
File Sanitizer For HP ProtectTools (x32 Version: 6.0.0.8)
Free PDF Solutions PDF to WORD version 1.0 (x32 Version: 1.0)
FromDocToPDF Internet Explorer Toolbar (x32)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
Google Update Helper (x32 Version: 1.3.22.3)
HP 3D DriveGuard (Version: 4.1.4.1)
HP Auto (Version: 1.0.12494.3472)
HP Connection Manager (x32 Version: 4.1.10.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP DayStarter (Version: 2.0.0.12)
HP Documentation (x32 Version: 1.3.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.11.1)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.5)
HP HD Webcam [Fixed] (x32 Version: 3.3.4.09)
HP HotKey Support (Version: 4.0.10.1)
HP Power Assistant (Version: 2.0.2.0)
HP ProtectTools Security Manager (Version: 6.00.888)
HP QuickWeb (x32 Version: 3.1.2.10229)
HP Setup (x32 Version: 8.5.4526.3645)
HP SoftPaq Download Manager (x32 Version: 3.2.0.0)
HP Software Framework (x32 Version: 4.0.112.1)
HP Software Setup (x32 Version: 8.2.1.1)
HP Support Assistant (x32 Version: 5.2.3.4)
HP System Default Settings (x32 Version: 2.2.3)
HP Wallpaper (x32 Version: 2.00)
IDT Audio (x32 Version: 1.0.6325.0)
Insaniquarium Deluxe (x32 Version: 2.2.0.95)
Intel® Identity Protection Technology 1.0.71.0 (x32 Version: 1.0.71.0)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2342)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
Internet Explorer (Enable DEP)
Jewel Quest II (x32 Version: 2.2.0.95)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2)
John Deere Drive Green (x32 Version: 2.2.0.95)
LG United Mobile Driver (x32 Version: 3.6.0.0)
Logitech Webcam Software (x32 Version: 2.31)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.50.854.0)
LWS Help_main (x32 Version: 13.50.862.0)
LWS Launcher (x32 Version: 13.50.859.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.50.861.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 365 Home Premium - en-us (Version: 15.0.4551.1011)
Microsoft Office Click-to-Run 2010 (Version: 14.0.6122.5000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.6122.5000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 - English (x32 Version: 14.0.6137.5006)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC90_CRT_x86 (x32 Version: 1.0.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
Norton Internet Security (x32 Version: 18.7.2.3)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011)
OLYMPUS Master 2 (x32 Version: 1.0.6)
OLYMPUS muvee theaterPack (x32 Version: 1.0.4)
PDF Complete Special Edition (x32 Version: 4.0.33)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Prism Video File Converter (x32)
Privacy Manager for HP ProtectTools (Version: 6.00.831)
QuickTime (x32 Version: 7.1.3.100)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0016)
REALTEK Wireless LAN Driver (x32 Version: 1.00.11.0706)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0)
SDK (x32 Version: 2.24.025)
ShowBiz (x32 Version: 5.0.1.420)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.1 (x32 Version: 6.1.129)
Slingo Deluxe (x32 Version: 2.2.0.95)
Snagit 11 (x32 Version: 11.2.0)
Synaptics Pointing Device Driver (Version: 15.3.25.0)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30)
Uninstall Helper (x32 Version: 2.0.1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Validity Fingerprint Sensor Driver (Version: 4.3.117.0)
VideoPad Video Editor (x32 Version: 3.04)
Viewpoint Media Player (x32)
VIP Access SDK x64(1.0.0.50)  (x32 Version: 1.0.0.50)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Wedding Dash (x32 Version: 2.2.0.95)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
WinPatrol (Version: 29.2.2013)
WinZip 17.0 (Version: 17.0.10283)
Xobni (x32 Version: 1.9.5.13282)
Xobni Core (x32 Version: 1.0.0)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)
谷歌拼音输入法 2.7

==================== Restore Points  =========================

11-12-2013 06:32:57 Windows Update
12-12-2013 08:05:35 Windows Update
14-12-2013 11:00:13 Windows Update
17-12-2013 07:20:51 Restore Operation
17-12-2013 07:36:37 avast! antivirus system restore point
17-12-2013 11:00:22 Windows Update
17-12-2013 16:23:04 Windows Update
18-12-2013 07:35:39 Windows Update
18-12-2013 21:34:47 Removed Nuance PDF Reader.

==================== Hosts content: ==========================

2009-07-13 18:34 - 2013-12-18 14:36 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0E9CE328-8057-4B09-8915-C7E488760243} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {1527D4AF-5AB6-45BC-A3F9-C4F7C2F560E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {1D1A7D4D-143C-43B1-9F0A-0080F84948FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17] (Adobe Systems Incorporated)
Task: {2E66E62B-C354-4F70-AADF-70DCF28E69C4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Win7-HP-Win7 Win7-HP => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-12-17] (Microsoft Corporation)
Task: {31EB1079-6D26-4ECE-B6AF-B8E0CE1AEEE5} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Win7\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
Task: {33B8ED6D-CF1F-49E0-B0FD-BC137079242E} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2013-01-05] (Google Inc.)
Task: {34A607A2-883E-4A05-97D6-E28FA0A4DB7E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-20] (AVAST Software)
Task: {3B318E35-3D31-4A4F-BE97-9F34BB6BF5CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-17] (Microsoft Corporation)
Task: {3CABC44D-2182-4229-9AE6-699DAA96A0F1} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symerr.exe [2012-06-07] (Symantec Corporation)
Task: {7DE6A2AA-2203-4067-86CA-34F80791FBCE} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
Task: {BCF18F68-3518-49CE-9CA1-9922E29C36D9} - System32\Tasks\HPCeeScheduleForWIN7-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C3C8210F-728E-4886-9870-11680D5C4711} - System32\Tasks\HPCeeScheduleForWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {CC6053CC-84B0-4AC7-A1A4-1A988AC14C17} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\symerr.exe [2012-06-07] (Symantec Corporation)
Task: {CE28D9BF-56F1-474E-8085-D87DD8148106} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001Core => C:\Users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {EE77CEC4-959D-4069-BCB1-3E6066A903C8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001UA => C:\Users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {EF0678AD-3C7C-4387-8951-E925B6CF2CE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {F142C01E-654E-4714-99C7-5142591418DA} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-09-26] (Hewlett-Packard)
Task: {F2BF764B-3AAB-4AEB-9965-7D135D78AC5F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-12-17] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001Core.job => C:\Users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001UA.job => C:\Users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForWIN7-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForWin7.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 14:13 - 2013-09-05 14:13 - 00292424 _____ () C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll
2013-09-05 14:13 - 2013-09-05 14:13 - 00442952 _____ () C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\HPG64.DLL
2013-11-12 19:48 - 2013-11-12 19:48 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-18 12:11 - 2013-12-18 10:48 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\13121802\algo.dll
2011-02-09 11:48 - 2011-02-09 11:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 11:27 - 2011-02-09 11:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 11:51 - 2011-02-09 11:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 11:29 - 2011-02-09 11:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 11:30 - 2011-02-09 11:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-09-07 09:20 - 2013-09-07 09:20 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2013-09-07 09:19 - 2013-09-07 09:19 - 21117440 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
2013-09-07 09:19 - 2013-09-07 09:19 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll
2013-09-07 09:19 - 2013-09-07 09:19 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll
2013-09-07 09:19 - 2013-09-07 09:19 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\Tier2Svc.dll
2013-09-07 09:19 - 2013-09-07 09:19 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\DataSvcs.dll
2013-12-18 14:03 - 2013-07-15 09:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-10-20 20:02 - 2013-10-20 20:02 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-07-23 14:10 - 2012-07-23 14:10 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-08-15 07:25 - 2013-08-15 07:25 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9ab0e818cb3d1b6930eba54179f89300\IsdiInterop.ni.dll
2012-01-10 09:41 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-12-17 00:56 - 2013-12-17 00:56 - 16242056 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2013-11-24 11:21 - 2013-11-24 11:21 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-31 10:17 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-08-31 10:17 - 2012-05-25 03:25 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Realtek RTL8188CE 802.11b/g/n WiFi Adapter - avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Realtek PCIe GBE Family Controller - avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: WAN Miniport (IP) - avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: WAN Miniport (Network Monitor) - avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: WAN Miniport (IPv6) - avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2013 02:36:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2013 01:47:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2013 01:36:22 PM) (Source: Microsoft-Windows-RestartManager) (User: Win7-HP)
Description: Application or service 'Acresso Software Manager' could not be shut down.

Error: (12/18/2013 00:11:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2013 11:00:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16476, time stamp: 0x52947390
Exception code: 0xc0000005
Fault offset: 0x0039ed87
Faulting process id: 0x1d24
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/18/2013 09:19:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (12/18/2013 08:50:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2013 06:03:47 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/17/2013 10:04:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2013 10:00:48 AM) (Source: Application Hang) (User: )
Description: The program waol.exe version 9.7.2.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ab4

Start Time: 01cefb51cda704c9

Termination Time: 16

Application Path: C:\Program Files (x86)\AOL Desktop 9.7\waol.exe

Report Id: 272cc8ff-6745-11e3-8e7d-00038a000015


System errors:
=============
Error: (12/18/2013 02:39:00 PM) (Source: Service Control Manager) (User: )
Description: The HP Power Assistant Service service failed to start due to the following error:
%%31

Error: (12/18/2013 02:33:09 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/18/2013 02:33:03 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/18/2013 02:32:13 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/18/2013 02:27:26 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/18/2013 02:15:25 PM) (Source: Service Control Manager) (User: )
Description: The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/17/2013 11:35:23 PM) (Source: DCOM) (User: )
Description: {548E275F-0290-40E7-B454-738B0C61DE60}

Error: (12/17/2013 03:17:36 AM) (Source: Service Control Manager) (User: )
Description: The HP Power Assistant Service service failed to start due to the following error:
%%1053

Error: (12/17/2013 03:17:36 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Power Assistant Service service to connect.

Error: (12/17/2013 03:10:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8e5e0442: Update for Windows 7 for x64-based Systems (KB2847077).


Microsoft Office Sessions:
=========================
Error: (12/18/2013 02:36:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2013 01:47:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2013 01:36:22 PM) (Source: Microsoft-Windows-RestartManager)(User: Win7-HP)
Description: 1C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeAcresso Software Manager0211739800

Error: (12/18/2013 00:11:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2013 11:00:37 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cMSHTML.dll11.0.9600.1647652947390c00000050039ed871d2401cefc220cd116deC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\system32\MSHTML.dlladf4d377-6816-11e3-8ee8-00038a000015

Error: (12/18/2013 09:19:23 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (12/18/2013 08:50:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2013 06:03:47 PM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (12/17/2013 10:04:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2013 10:00:48 AM) (Source: Application Hang)(User: )
Description: waol.exe9.7.2.11ab401cefb51cda704c916C:\Program Files (x86)\AOL Desktop 9.7\waol.exe272cc8ff-6745-11e3-8e7d-00038a000015


CodeIntegrity Errors:
===================================
  Date: 2013-12-18 14:32:13.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-18 14:32:13.170
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 4030.37 MB
Available physical RAM: 877.72 MB
Total Pagefile: 8058.91 MB
Available Pagefile: 4538.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.77 GB) (Free:352.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:16.7 GB) (Free:2.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 17E9BB97)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

==================== End Of Log ============================

 

How does it look to you ?.



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:16 AM

Posted 19 December 2013 - 02:51 PM

Hi,
 
Looks quite lively to me, haha! We've got quite a bit to do, but we'll just take it one step at a time. :)
 
I noticed in your log that you have remnants from ComboFix on your computer. You should never run this tool unless instructed to by someone trained with it, as it can be a rather harsh cleaner that can cause some problems if used by an inexperienced user without trained supervision. However, since you've already run it, I would like to see the log. Please navigate to your C:\ drive and copy and paste the contents of ComboFix.txt into your reply.
 
It also looks like you're running more than one antivirus program (avast! and Norton). Having more than one AV installed at the same time does more harm than good, often causing false alarms with malware notifications and system performance issues, such as slowing your system down drastically or even freezing from both programs trying to access the same file at the same time. To make things better and easier for the both of us, I need you to remove one of the programs using either Programs and Features or Revo Uninstaller (which does a better job cleaning up), along with some other malware and junk programs.

If you want to use Programs and Features:

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    avast! Free Antivirus or Norton Internet Security
    FromDocToPDF Internet Explorer Toolbar
    Uninstall Helper
    Viewpoint Media Player
    by clicking Change/Remove.

Note: If you have any problems uninstalling a program using Programs/Features, proceed to the below method.

If you want to use Revo Uninstaller (which cleans up a bit better):

  • Download Revo from here, and save it to your desktop.
  • Double-click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    avast! Free Antivirus or Norton Internet Security
    FromDocToPDF Internet Explorer Toolbar
    Uninstall Helper
    Viewpoint Media Player
  • Double-click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check only the bolded items. If there is a closed folder visible, click the + to expand it until you find the bolded item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too. Repeat this with the other programs to uninstall.

Now I'm going to have you run a fix with FRST, which should fix some other things.
 
Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKCU\...\Run: [BackgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Win7\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
    HKLM-x32\...\Run: [] - [x]
    HKU\Sabrina\...\Run: [SearchProtect] - C:\Users\Sabrina\AppData\Roaming\SearchProtect\bin\cltmng.exe
    URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={D792C20A-5E61-4804-B0F7-8FD9B3044960}
    SearchScopes: HKCU - DefaultScope {027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN59898506423329192&UM=2
    SearchScopes: HKCU - {027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN59898506423329192&UM=2
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={D792C20A-5E61-4804-B0F7-8FD9B3044960}&crg=3.5000006.10045&st=23
    BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
    BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
    Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} -  No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
    FF DefaultSearchEngine: Connect DLC 5 Customized Web Search
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF SearchPlugin: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\searchplugins\conduit.xml
    FF Extension: Connect DLC 5  - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
    FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    C:\windows\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}.ini
    C:\windows\SysWOW64\sho81EA.tmp
    C:\windows\SysWOW64\shoD594.tmp
    C:\windows\system32\Drivers\lvuvc.hs
    C:\Users\Win7\AppData\Local\Conduit\
    C:\Users\Sabrina\AppData\Roaming\SearchProtect\
    C:\Program Files (x86)\Connect_DLC_5\
    C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\searchplugins\conduit.xml
    C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
    C:\Program Files\Updater By SweetPacks\
  • Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

Now, run a FRST scan again, and please copy and paste the new FRST.txt into your reply. :)

Do you recognize this file in your downloads folder? fcmi-letters-pg-1-9.csv

How is your computer running now?
 
Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 19 December 2013 - 04:56 PM

Thanks for getting back to me so fast. Ok, I have followed all of your intructions as follows:

 

1. The most recent combo.fix log (that is prior to posting this thread) is pasted below.

 

ComboFix 13-12-18.01 - Win7 12/18/2013  14:22:08.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4030.2102 [GMT -8:00]
Running from: c:\users\Win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQV62X0E\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Win7\AppData\Local\assembly\tmp
c:\windows\KB9562.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-18 to 2013-12-18  )))))))))))))))))))))))))))))))
.
.
2013-12-18 22:32 . 2013-12-18 22:32    --------    d-----w-    c:\users\Sabrina\AppData\Local\temp
2013-12-18 22:32 . 2013-12-18 22:32    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-18 22:03 . 2013-12-18 22:03    --------    d-----w-    c:\users\Win7\AppData\Roaming\WinPatrol
2013-12-18 22:03 . 2013-12-18 22:03    --------    d-----w-    c:\program files (x86)\BillP Studios
2013-12-18 22:03 . 2013-12-18 22:03    --------    d-----w-    c:\programdata\InstallMate
2013-12-18 07:37 . 2013-12-18 07:37    0    ----a-w-    c:\windows\SysWow64\sho81EA.tmp
2013-12-17 16:26 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-17 16:26 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-17 16:26 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-17 16:26 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-17 16:26 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-17 16:26 . 2013-10-15 02:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-12-17 08:56 . 2013-12-17 08:56    9293192    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-17 08:54 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-17 08:54 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-17 08:09 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-17 08:09 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-12-17 07:58 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-17 07:58 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-17 07:58 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-17 07:58 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-17 07:58 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-17 07:58 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-12-17 07:58 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-17 07:58 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-17 07:54 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-17 07:54 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-17 07:52 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-17 07:52 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-12-17 07:50 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-17 07:50 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-12 00:40 . 2013-10-30 01:24    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-12-06 04:49 . 2013-12-06 04:49    0    ----a-w-    c:\windows\SysWow64\shoD594.tmp
2013-11-24 02:41 . 2013-11-24 02:41    --------    d-----w-    c:\users\Win7\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 11:02 . 2012-08-30 19:56    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-17 08:56 . 2012-08-31 18:18    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-17 08:56 . 2012-08-31 18:18    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-17 08:39 . 2013-07-30 04:11    566480    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-17 07:38 . 2012-11-01 23:38    409832    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-11-06 19:02 . 2013-11-06 19:02    21712    ----a-w-    c:\windows\SysWow64\drivers\DrvAgent64.SYS
2013-11-06 14:55 . 2012-10-13 05:31    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-11-03 07:09 . 2013-11-03 07:09    0    ----a-w-    c:\windows\SysWow64\sho7AEA.tmp
2013-10-30 06:27 . 2013-10-30 06:27    0    ----a-w-    c:\windows\SysWow64\shoD567.tmp
2013-10-27 18:11 . 2012-11-17 16:42    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-21 04:02 . 2013-10-01 03:01    205320    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-21 04:02 . 2013-10-01 03:01    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 04:02 . 2012-11-01 23:38    38984    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-10-21 04:02 . 2012-11-01 23:38    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-10-21 04:02 . 2012-11-01 23:38    65264    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-10-21 04:02 . 2012-11-01 23:38    1032416    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-10-21 04:02 . 2012-11-01 23:38    84328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-10-21 04:02 . 2012-11-01 23:38    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-10-21 04:02 . 2012-11-01 23:38    43152    ----a-w-    c:\windows\avastSS.scr
2013-10-20 06:29 . 2013-10-20 06:29    0    ----a-w-    c:\windows\SysWow64\sho3189.tmp
2013-10-17 05:37 . 2013-10-17 05:37    0    ----a-w-    c:\windows\SysWow64\shoA793.tmp
2013-10-16 04:01 . 2013-10-16 04:01    0    ----a-w-    c:\windows\SysWow64\shoB28A.tmp
2013-10-12 02:30 . 2013-11-14 03:52    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 03:52    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 03:52    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 03:52    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 03:52    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-10 01:58 . 2013-10-10 01:58    0    ----a-w-    c:\windows\SysWow64\shoA059.tmp
2013-10-08 06:40 . 2013-10-08 06:40    0    ----a-w-    c:\windows\SysWow64\shoF2B7.tmp
2013-10-07 06:40 . 2013-10-07 06:40    0    ----a-w-    c:\windows\SysWow64\sho51B7.tmp
2013-10-05 20:25 . 2013-11-14 03:53    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 03:53    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 03:52    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 03:52    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 03:52    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 03:52    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 03:52    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 03:52    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-14 03:52    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-14 03:52    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 03:53    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-27 06:58 . 2013-09-27 06:58    0    ----a-w-    c:\windows\SysWow64\sho4CA9.tmp
2013-09-25 06:23 . 2013-09-25 06:23    0    ----a-w-    c:\windows\SysWow64\sho31E9.tmp
2013-09-25 02:26 . 2013-11-14 03:52    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 03:52    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 03:52    28672    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 03:52    135680    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 03:52    28160    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-14 03:52    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-14 03:52    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-14 03:52    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-14 03:52    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-14 03:52    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-14 03:52    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-14 03:52    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-14 03:52    30720    ----a-w-    c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4c60e5ab-5c68-4c59-abaa-885010b24b32}"= "c:\program files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll" [2013-09-05 62864]
.
[HKEY_CLASSES_ROOT\clsid\{4c60e5ab-5c68-4c59-abaa-885010b24b32}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c}]
2013-09-05 22:13    712264    ----a-w-    c:\progra~2\FROMDO~2\bar\1.bin\65bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}]
2013-10-15 07:01    226592    ----a-w-    c:\program files (x86)\Connect_DLC_5\prxtbConn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}]
2013-09-05 22:13    62864    ----a-w-    c:\program files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c66a678d-5e6c-4af9-8f57-c6192f42cf74}"= "c:\program files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll" [2013-09-05 712264]
"{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}"= "c:\program files (x86)\Connect_DLC_5\prxtbConn.dll" [2013-10-15 226592]
.
[HKEY_CLASSES_ROOT\clsid\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}]
.
[HKEY_CLASSES_ROOT\clsid\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-30 05:11    222832    ----a-w-    c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-30 05:11    222832    ----a-w-    c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-30 05:11    222832    ----a-w-    c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackgroundContainer"="c:\users\Win7\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-10-15 319264]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2013-09-07 72760]
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-12-10 455744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HostManager"="c:\program files (x86)\Common Files\AOL\1346455731\ee\AOLSoftware.exe" [2010-03-08 41800]
"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-21 3567800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\3b5de7f0-5b18-49ab-a8f9-3b24da404f5f.exe" [2013-11-23 180184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43    75320    ----a-w-    c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File    REG_SZ             GOOGLEPINYIN2.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 905(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121005.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121027.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121027.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfswin7.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaywin7.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirwin7.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvolwin7.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 08:56]
.
2013-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001Core.job
- c:\users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 01:24]
.
2013-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001UA.job
- c:\users\Win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-24 01:24]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 23:38]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 23:38]
.
2013-11-28 c:\windows\Tasks\HPCeeScheduleForWIN7-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-12-04 c:\windows\Tasks\HPCeeScheduleForWin7.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-30 05:11    261744    ----a-w-    c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-30 05:11    261744    ----a-w-    c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-30 05:11    261744    ----a-w-    c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-12-17 09:40    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-12-17 09:40    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-12-17 09:40    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-21 04:02    326944    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\Win7\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-02-09 200704]
"FromDocToPDF Home Page Guard 64 bit"="c:\progra~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe" [2013-09-05 548936]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
FF - ProfilePath - c:\users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN19673245581386927&UM=2&SearchSource=3&q={searchTerms}
FF - ExtSQL: 2013-11-05 13:44; {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}; c:\users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF - ExtSQL: 2013-11-06 12:06; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\Rundll32.exe
c:\program files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
c:\program files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\AOL Desktop 9.7\waol.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\AOL Desktop 9.7\shellmon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\AOL\1346455731\ee\aolupdates.exe
.
**************************************************************************
.
Completion time: 2013-12-18  14:43:22 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-18 22:43
.
Pre-Run: 379,203,878,912 bytes free
Post-Run: 378,618,626,048 bytes free
.
- - End Of File - - 8A90C39F78BB0CB6634DEACAD4B4401C
 

 

2. All of the following programs have been uninstalled :

 

avast! Free Antivirus
FromDocToPDF Internet Explorer Toolbar
Uninstall Helper
Viewpoint Media Player

 

 

3. Fixlist.txt log after pasting script from your reply and running fix in FRST :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-12-2013
Ran by Win7 at 2013-12-19 13:37:38 Run:2
Running from C:\Users\Win7\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [BackgroundContainer] - "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Win7\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKLM-x32\...\Run: [] - [x]
HKU\Sabrina\...\Run: [SearchProtect] - C:\Users\Sabrina\AppData\Roaming\SearchProtect\bin\cltmng.exe
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={D792C20A-5E61-4804-B0F7-8FD9B3044960}
SearchScopes: HKCU - DefaultScope {027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN59898506423329192&UM=2
SearchScopes: HKCU - {027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN59898506423329192&UM=2
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={D792C20A-5E61-4804-B0F7-8FD9B3044960}&crg=3.5000006.10045&st=23
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {9427041A-A8DC-4D06-9A68-93873486E957} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF DefaultSearchEngine: Connect DLC 5 Customized Web Search
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF SearchPlugin: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\searchplugins\conduit.xml
FF Extension: Connect DLC 5  - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
C:\windows\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}.ini
C:\windows\SysWOW64\sho81EA.tmp
C:\windows\SysWOW64\shoD594.tmp
C:\windows\system32\Drivers\lvuvc.hs
C:\Users\Win7\AppData\Local\Conduit\
C:\Users\Sabrina\AppData\Roaming\SearchProtect\
C:\Program Files (x86)\Connect_DLC_5\
C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\searchplugins\conduit.xml
C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
C:\Program Files\Updater By SweetPacks\
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKU\Sabrina\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} => Key not found.
HKCR\CLSID\{027DFA7B-A4A2-4664-8A02-5C7AD8628BCA} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value not found.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value not found.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value not found.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9427041A-A8DC-4D06-9A68-93873486E957} => Value not found.
HKCR\CLSID\{9427041A-A8DC-4D06-9A68-93873486E957} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key not found.
HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key not found.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
"C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\searchplugins\conduit.xml" => not found.
C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.
catchme => Service not found.
"C:\windows\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}.ini" => File/Directory not found.
"C:\windows\SysWOW64\sho81EA.tmp" => File/Directory not found.
"C:\windows\SysWOW64\shoD594.tmp" => File/Directory not found.
"C:\windows\system32\Drivers\lvuvc.hs" => File/Directory not found.
"C:\Users\Win7\AppData\Local\Conduit\" => File/Directory not found.
"C:\Users\Sabrina\AppData\Roaming\SearchProtect\" => File/Directory not found.
"C:\Program Files (x86)\Connect_DLC_5\" => File/Directory not found.
"C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\searchplugins\conduit.xml" => File/Directory not found.
"C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}" => File/Directory not found.
"C:\Program Files\Updater By SweetPacks\" => File/Directory not found.

==== End of Fixlog ====

 

 

4. New FRST.txt log after running scan again :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-12-2013
Ran by Win7 (administrator) on WIN7-HP on 19-12-2013 13:46:53
Running from C:\Users\Win7\Downloads\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1346455731\ee\aolsoftware.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
() C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2828072 2011-09-16] (Synaptics Incorporated)
HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [FromDocToPDF_65bar Uninstall] - rundll32 C:\PROGRA~2\65UNIN~1.DLL,O -3 uninstalltype="IE" [712264 2013-09-05] (MindSpark)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [72760 2013-09-07] (AOL Inc.)
HKCU\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [455744 2013-12-09] (BillP Studios)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1346455731\ee\aolsoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2007-09-04] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-21] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\3b5de7f0-5b18-49ab-a8f9-3b24da404f5f.exe [180184 2013-11-23] (AVAST Software)
HKU\Sabrina\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKU\Sabrina\...\Run: [OM2_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKU\Sabrina\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-11-01] (Google Inc.)
HKU\Sabrina\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\Sabrina\...\Run: [Amazon Cloud Player] - C:\Users\Sabrina\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-09-10] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Win7\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^man000^YYA^&ptb=755EE55B-0F0D-4E7F-90F4-3E3E58D79E5B&ind=2013090610&n=77fd5332&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^man000^YYA^&ptb=755EE55B-0F0D-4E7F-90F4-3E3E58D79E5B&ind=2013090518&n=77fd52d6&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default
FF user.js: detected! => C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Win7\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: AOL Toolbar - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\py0h176p.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (YouTube) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (avast! WebRep) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Gmail) - C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Win7\AppData\Local\Wajam\Chrome\wajam.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-20] (AVAST Software)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464440 2011-05-09] (Hewlett-Packard Company)
S3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
S3 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-10] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)
R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-10] (ArcSoft, Inc.)
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-10-20] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-29] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-10-20] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-20] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-10-20] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-12-16] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-10-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-20] ()
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-11] (Sunplus Technology)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R4 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20121027.001\IDSvia64.sys [x]
R4 SRTSPX; \SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [x]
R4 SymDS; system32\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
R4 SymEFA; system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
R4 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-19 12:53 - 2013-12-19 13:46 - 00000000 ____D C:\Users\Win7\Downloads\FRST-OlderVersion
2013-12-19 12:41 - 2013-09-05 14:13 - 00712264 _____ (MindSpark) C:\Program Files (x86)\65Uninstall FromDocToPDF.dll
2013-12-19 12:41 - 2013-09-05 14:13 - 00194944 _____ () C:\Program Files (x86)\65res.dll
2013-12-18 17:03 - 2013-12-18 17:05 - 00034337 _____ C:\Users\Win7\Downloads\Addition.txt
2013-12-18 17:02 - 2013-12-19 13:01 - 00000000 ____D C:\FRST
2013-12-18 17:02 - 2013-12-18 17:05 - 00070805 _____ C:\Users\Win7\Downloads\FRST.txt
2013-12-18 14:43 - 2013-12-18 14:43 - 00040974 _____ C:\ComboFix.txt
2013-12-18 14:19 - 2011-06-25 22:45 - 00256000 _____ C:\windows\PEV.exe
2013-12-18 14:19 - 2010-11-07 09:20 - 00208896 _____ C:\windows\MBR.exe
2013-12-18 14:19 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00098816 _____ C:\windows\sed.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00080412 _____ C:\windows\grep.exe
2013-12-18 14:19 - 2000-08-30 16:00 - 00068096 _____ C:\windows\zip.exe
2013-12-18 14:15 - 2013-12-18 14:43 - 00000000 ____D C:\Qoobox
2013-12-18 14:15 - 2013-12-18 14:41 - 00000000 ____D C:\windows\erdnt
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Users\Win7\AppData\Roaming\WinPatrol
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-12-17 23:36 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-17 23:36 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-17 23:36 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-17 23:36 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-17 23:36 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-17 23:36 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-17 23:36 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-17 23:36 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-17 23:36 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-17 23:36 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-17 23:36 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-17 23:36 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-17 23:36 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-17 23:36 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-17 23:36 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-17 23:36 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-17 23:36 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-17 23:36 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-17 23:36 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-17 23:36 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-17 23:36 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-17 23:36 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-17 23:36 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-17 23:36 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-17 23:36 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-17 23:36 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-17 23:36 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-17 23:36 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-17 23:36 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-17 23:36 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-17 23:36 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-17 13:09 - 2013-12-17 13:09 - 00000407 _____ C:\Users\Win7\Downloads\fcmi-letters-pg-1-9.csv
2013-12-17 08:26 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-12-17 08:26 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-17 08:26 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-17 08:26 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-17 08:26 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-12-17 03:06 - 2013-12-17 08:26 - 00013667 _____ C:\windows\IE11_main.log
2013-12-17 00:56 - 2013-12-17 00:56 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-17 00:54 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-17 00:54 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-17 00:09 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-17 00:09 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-16 23:58 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-16 23:58 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-16 23:58 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-16 23:58 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-16 23:58 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-16 23:58 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-16 23:58 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-16 23:58 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-16 23:54 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-16 23:54 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-16 23:52 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-16 23:52 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-16 23:50 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-16 23:50 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 16:40 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-06 11:32 - 2013-12-19 10:35 - 00003364 _____ C:\windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-05 20:36 - 2013-12-05 20:42 - 00000000 ____D C:\Users\Sabrina\Downloads\Golden Gate Yacht Club Performance
2013-12-04 15:58 - 2013-12-19 09:51 - 00000672 _____ C:\windows\setupact.log
2013-12-04 15:58 - 2013-12-18 14:34 - 00001696 _____ C:\windows\PFRO.log
2013-12-04 15:58 - 2013-12-04 15:58 - 00000000 _____ C:\windows\setuperr.log
2013-12-02 07:54 - 2013-12-02 07:54 - 00055808 _____ C:\Users\Win7\Desktop\timesheet wci.xls
2013-12-02 07:45 - 2013-12-02 07:45 - 00055296 _____ C:\Users\Win7\Documents\Copyof11_18_13_timesheet.xls
2013-11-24 11:21 - 2013-11-28 13:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-23 18:41 - 2013-11-23 18:41 - 00000000 ____D C:\Users\Win7\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat

==================== One Month Modified Files and Folders =======

2013-12-19 13:46 - 2013-12-19 12:53 - 00000000 ____D C:\Users\Win7\Downloads\FRST-OlderVersion
2013-12-19 13:46 - 2012-08-31 10:18 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-19 13:29 - 2012-11-01 15:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 13:01 - 2013-12-18 17:02 - 00000000 ____D C:\FRST
2013-12-19 12:43 - 2013-06-19 18:27 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-12-19 12:41 - 2012-01-10 10:02 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-12-19 12:30 - 2013-07-23 17:25 - 00000924 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001UA.job
2013-12-19 10:35 - 2013-12-06 11:32 - 00003364 _____ C:\windows\System32\Tasks\BackgroundContainer Startup Task
2013-12-19 10:35 - 2012-11-01 15:39 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 10:01 - 2009-07-13 20:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-19 10:01 - 2009-07-13 20:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-19 09:58 - 2013-09-22 11:42 - 01086501 _____ C:\windows\WindowsUpdate.log
2013-12-19 09:58 - 2009-07-13 21:13 - 00783812 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-19 09:53 - 2011-12-22 11:12 - 00000000 ____D C:\ProgramData\PDFC
2013-12-19 09:51 - 2013-12-04 15:58 - 00000672 _____ C:\windows\setupact.log
2013-12-19 09:51 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-18 23:29 - 2012-08-30 11:36 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{BBCFB1AE-9FE5-4DC1-B144-3476438D9B75}
2013-12-18 21:36 - 2012-08-31 10:21 - 00000000 ____D C:\Users\Win7\AppData\Roaming\Skype
2013-12-18 19:25 - 2013-10-20 19:55 - 00002010 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-18 18:30 - 2013-07-23 17:25 - 00000902 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273665599-3310714919-4068067818-1001Core.job
2013-12-18 17:05 - 2013-12-18 17:03 - 00034337 _____ C:\Users\Win7\Downloads\Addition.txt
2013-12-18 17:05 - 2013-12-18 17:02 - 00070805 _____ C:\Users\Win7\Downloads\FRST.txt
2013-12-18 15:29 - 2011-01-31 21:36 - 00000000 ____D C:\SYSTEM.SAV
2013-12-18 14:43 - 2013-12-18 14:43 - 00040974 _____ C:\ComboFix.txt
2013-12-18 14:43 - 2013-12-18 14:15 - 00000000 ____D C:\Qoobox
2013-12-18 14:43 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2013-12-18 14:41 - 2013-12-18 14:15 - 00000000 ____D C:\windows\erdnt
2013-12-18 14:38 - 2012-08-30 11:28 - 00000000 ____D C:\Users\Win7\AppData\Roaming\hpqLog
2013-12-18 14:36 - 2009-07-13 18:34 - 00000215 _____ C:\windows\system.ini
2013-12-18 14:34 - 2013-12-04 15:58 - 00001696 _____ C:\windows\PFRO.log
2013-12-18 14:33 - 2009-07-13 18:34 - 91226112 _____ C:\windows\system32\config\SOFTWARE.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 17301504 _____ C:\windows\system32\config\SYSTEM.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 00524288 _____ C:\windows\system32\config\DEFAULT.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 00065536 _____ C:\windows\system32\config\SAM.bak
2013-12-18 14:33 - 2009-07-13 18:34 - 00024576 _____ C:\windows\system32\config\SECURITY.bak
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Users\Win7\AppData\Roaming\WinPatrol
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-18 14:03 - 2013-12-18 14:03 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-12-18 13:42 - 2012-12-26 18:41 - 00000000 ____D C:\Program Files\Smart PDF Creator
2013-12-18 13:36 - 2013-06-19 19:02 - 00000000 ____D C:\Users\Win7\AppData\Roaming\Nuance
2013-12-18 13:36 - 2013-06-19 18:30 - 00000000 ____D C:\ProgramData\Nuance
2013-12-18 11:00 - 2012-09-04 15:52 - 00000000 ____D C:\Users\Win7\AppData\Local\CrashDumps
2013-12-17 13:09 - 2013-12-17 13:09 - 00000407 _____ C:\Users\Win7\Downloads\fcmi-letters-pg-1-9.csv
2013-12-17 09:52 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-17 09:20 - 2012-08-30 11:36 - 00001417 _____ C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-17 09:20 - 2009-07-13 21:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-17 09:17 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache
2013-12-17 08:38 - 2009-07-13 19:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-17 08:26 - 2013-12-17 03:06 - 00013667 _____ C:\windows\IE11_main.log
2013-12-17 08:24 - 2013-12-17 08:24 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-12-17 08:24 - 2013-12-17 08:24 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-12-17 08:24 - 2013-12-17 08:24 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-12-17 08:24 - 2013-12-17 08:24 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-12-17 08:24 - 2013-12-17 08:24 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-12-17 08:24 - 2013-12-17 08:24 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-12-17 03:14 - 2011-02-10 21:14 - 00000000 ____D C:\windows\Panther
2013-12-17 03:13 - 2009-07-13 20:45 - 00438200 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-17 03:08 - 2009-07-13 18:34 - 00000499 _____ C:\windows\win.ini
2013-12-17 03:04 - 2013-08-14 23:08 - 00000000 ____D C:\windows\system32\MRT
2013-12-17 03:02 - 2012-08-30 11:56 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-17 02:12 - 2013-07-29 19:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-17 01:00 - 2012-08-30 19:28 - 00000000 ____D C:\Users\Win7
2013-12-17 00:56 - 2013-12-17 00:56 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-17 00:56 - 2012-08-31 10:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-17 00:56 - 2012-08-31 10:18 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-17 00:56 - 2012-08-31 10:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-16 23:42 - 2012-11-01 15:38 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-12-16 23:38 - 2012-11-01 15:38 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2013-12-16 23:33 - 2013-10-15 17:37 - 00000000 ____D C:\Program Files (x86)\AOL Desktop 9.7
2013-12-16 23:33 - 2013-09-19 10:09 - 00000000 ____D C:\Program Files\CCleaner
2013-12-16 23:33 - 2013-04-03 19:04 - 00000000 ____D C:\Users\Sabrina
2013-12-16 23:33 - 2012-12-05 12:55 - 00000000 ____D C:\windows\system32\Macromed
2013-12-16 23:33 - 2012-01-10 10:02 - 00000000 ____D C:\ProgramData\Norton
2013-12-16 23:33 - 2011-12-22 11:14 - 00000000 ____D C:\windows\SysWOW64\Macromed
2013-12-16 23:33 - 2009-07-13 19:20 - 00000000 ____D C:\windows\AppCompat
2013-12-16 23:33 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-16 23:32 - 2011-02-10 20:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-16 23:31 - 2009-07-13 19:20 - 00000000 ____D C:\windows\registration
2013-12-16 23:30 - 2012-08-31 09:56 - 00000000 ____D C:\Users\Win7\AppData\Roaming\Adobe
2013-12-16 23:28 - 2013-05-05 18:00 - 00000000 ___RD C:\Users\Sabrina\Dropbox
2013-12-16 23:28 - 2013-04-07 09:45 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Skype
2013-12-14 18:52 - 2013-04-03 19:11 - 00000000 ____D C:\Users\Sabrina\AppData\Local\Google
2013-12-06 11:53 - 2013-07-31 22:17 - 00004966 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Win7-HP-Win7 Win7-HP
2013-12-05 20:42 - 2013-12-05 20:36 - 00000000 ____D C:\Users\Sabrina\Downloads\Golden Gate Yacht Club Performance
2013-12-05 20:35 - 2013-05-05 17:43 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Dropbox
2013-12-04 15:58 - 2013-12-04 15:58 - 00000000 _____ C:\windows\setuperr.log
2013-12-04 09:46 - 2012-09-07 20:46 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForWin7
2013-12-04 09:46 - 2012-09-07 20:46 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForWin7.job
2013-12-03 14:24 - 2012-11-01 15:39 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 14:24 - 2012-11-01 15:39 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 07:54 - 2013-12-02 07:54 - 00055808 _____ C:\Users\Win7\Desktop\timesheet wci.xls
2013-12-02 07:45 - 2013-12-02 07:45 - 00055296 _____ C:\Users\Win7\Documents\Copyof11_18_13_timesheet.xls
2013-12-02 07:20 - 2013-09-29 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-28 13:47 - 2013-11-24 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-28 09:28 - 2013-05-05 18:00 - 00001022 _____ C:\Users\Sabrina\Desktop\Dropbox.lnk
2013-11-28 09:28 - 2013-05-05 17:54 - 00000000 ____D C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-28 09:28 - 2013-04-03 19:05 - 00000000 ___RD C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-27 18:51 - 2012-10-01 05:51 - 00003216 _____ C:\windows\System32\Tasks\HPCeeScheduleForWIN7-HP$
2013-11-27 18:51 - 2012-10-01 05:51 - 00000340 _____ C:\windows\Tasks\HPCeeScheduleForWIN7-HP$.job
2013-11-26 03:54 - 2013-12-17 23:36 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-26 02:19 - 2013-12-17 23:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-26 02:18 - 2013-12-17 23:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-17 23:36 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-17 23:36 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-26 01:46 - 2013-12-17 23:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-17 23:36 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-26 01:29 - 2013-12-17 23:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-26 01:27 - 2013-12-17 23:36 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-26 01:23 - 2013-12-17 23:36 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-17 23:36 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-26 01:18 - 2013-12-17 23:36 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-17 23:36 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-17 23:36 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-17 23:36 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-17 23:36 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-17 23:36 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-17 23:36 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-26 00:32 - 2013-12-17 23:36 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-17 23:36 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-17 23:36 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-17 23:36 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-17 23:36 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-25 23:32 - 2013-12-17 23:36 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-17 23:36 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-17 23:36 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-25 22:40 - 2013-12-17 23:36 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-25 22:34 - 2013-12-17 23:36 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-17 23:36 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-17 23:36 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-17 23:36 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-23 18:41 - 2013-11-23 18:41 - 00000000 ____D C:\Users\Win7\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2013-11-23 10:26 - 2013-12-17 00:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-11-23 09:47 - 2013-12-17 00:54 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-11-21 18:54 - 2013-07-29 19:39 - 00000000 ____D C:\Program Files (x86)\FileOpenerPro

Some content of TEMP:
====================
C:\Users\Win7\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Win7\AppData\Local\Temp\vmpremov.exe
C:\Users\Win7\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_14813.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 08:35

==================== End Of Log ============================

 

 

5. I did find the fcmi-letters-pg-1-9.csv file in the downloads folder. I believe I created it from before.

 

 

Lets give this pc a new test run and see if it is working better now . I will report back very soon .



#6 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 19 December 2013 - 05:23 PM

Did some testing on all of my browsers. Very noticeable improvement in speed throughout each one. Also, I have to add you provide very clear easy to follow instructions on how to fix the issue.

 

How did the final FRST scan log look to you?



#7 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 19 December 2013 - 11:32 PM

Hi Gunto,

 

Just a little update for you on the performance of my laptop. All browsers performed very well for maybe several hours. Now , I do notice that on many sites a white screen appears before the actual page appears. Sometimes this white screen will last for 10 seconds or more. If I look at bottom left hand corner of my screen I see a series of waiting and transferring various sites going on. It can be twitter, facebook etc. or some other unknown sites as well. This was never there before . Is this normal ?.



#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:16 AM

Posted 20 December 2013 - 06:46 PM

Hi,

 

Firstly, thank you very much for the compliment. It feels great to know I'm doing a good job with my instructions. :thumbsup:

 

Secondly, it's excellent that your browsers are working better! We still have more work to do, but with your performance improvement, things should be much easier from here on out. :)

 

Good work on uninstalling those programs, however, are you sure that you uninstalled avast! and not Norton? I'm asking this because your logs show a lot more elements of avast! being on your system than Norton.

 

There are a few more things I see in your new FRST log that should be taken care of. After that, I'm going to have you run a precautionary scan with MBAM to make sure nothing is left hiding.

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.
 

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
  • HKLM-x32\...\RunOnce: [FromDocToPDF_65bar Uninstall] - rundll32 C:\PROGRA~2\65UNIN~1.DLL,O -3 uninstalltype="IE" [712264 2013-09-05] (MindSpark)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
    C:\Program Files (x86)\65Uninstall FromDocToPDF.dll
    C:\Program Files (x86)\65res.dll
    C:\Users\Win7\AppData\Local\Temp\SEVINST64x86.EXE
    C:\Users\Win7\AppData\Local\Temp\vmpremov.exe
    C:\Users\Win7\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_14813.exe
    C:\Windows\System32\Drivers\MfeEpePc.sys
  • Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

 

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.
 

  • Double-click the MBAM shortcut on your desktop to open MBAM.
  • Click the Update tab, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, select the Perform full scan option on the main interface. Then click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

 

Let me know if the computer is still running well.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 21 December 2013 - 02:38 AM

Hi Gunto,

 

Thank you again for all your help fixing my system issues. I checked and found that Avast is running, while it appears Norton is not present anymore.

 

I ran the new fix and the log is provided below;

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2013 02
Ran by Win7 at 2013-12-20 21:54:24 Run:3
Running from C:\Users\Win7\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\RunOnce: [FromDocToPDF_65bar Uninstall] - rundll32 C:\PROGRA~2\65UNIN~1.DLL,O -3 uninstalltype="IE" [712264 2013-09-05] (MindSpark)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
C:\Program Files (x86)\65Uninstall FromDocToPDF.dll
C:\Program Files (x86)\65res.dll
C:\Users\Win7\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Win7\AppData\Local\Temp\vmpremov.exe
C:\Users\Win7\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_14813.exe
C:\Windows\System32\Drivers\MfeEpePc.sys
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\FromDocToPDF_65bar Uninstall => Value not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
MfeEpePc => Service deleted successfully.
"C:\Program Files (x86)\65Uninstall FromDocToPDF.dll" => File/Directory not found.
"C:\Program Files (x86)\65res.dll" => File/Directory not found.
"C:\Users\Win7\AppData\Local\Temp\SEVINST64x86.EXE" => File/Directory not found.
C:\Users\Win7\AppData\Local\Temp\vmpremov.exe => Moved successfully.
"C:\Users\Win7\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_14813.exe" => File/Directory not found.
C:\Windows\System32\Drivers\MfeEpePc.sys => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====

 

 

Last but not least is the log from MBAM full scan :

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Win7 :: WIN7-HP [administrator]

12/20/2013 10:20:59 PM
MBAM-log-2013-12-20 (23-35-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 497701
Time elapsed: 1 hour(s), 14 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Connect_DLC_5 (PUP.Optional.Conduit) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Backup_Data\Documents and Settings\Gerard\Desktop\installer_yahoo_multi_messenger.exe (Trojan.Dropped.NS) -> No action taken.
C:\FRST\Quarantine\Connect_DLC_5\Connect_DLC_5ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.

(end)
 

 

Have a goodnight and see you soon again.

 

Bill



#10 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 21 December 2013 - 03:10 PM

double post


Edited by billdoc, 21 December 2013 - 03:10 PM.


#11 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:16 AM

Posted 22 December 2013 - 05:32 AM

Hi,

 

I received an email notification that you replied to this thread saying the following:

 

Wow , it seems like my previous reply got lost somewhere . How weird . Anyways after doing all of the above, I restarted to find error box with "windows will now auto restore to a previous point". I let it run for some hours and final error msg read "windows can not create restore point ". I clicked ok and computer shut down . Then I went back and restarted ...........oh boy or girl in this case ........slow and lags quite a bit .

 

Would the fact I cant see my post from last night on here suggest all posts after the system restore point was tried are now present anymore?

 

Though now your post is edited to say "double post". Is your PC in the state as quoted above or is it still running ok?

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#12 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 22 December 2013 - 06:33 PM

I edited the second post (the one that now reads double post) for a number of reasons. Mostly prompted by the unpredictable state of the pc when completing the list of instructions prior to that post. In effect what happened was the computer , possibly in the repair process, would not save info ....period ...or as in this case would save that info and then after restart lose the data. Weird eh. All that was pretty mild compared to the restart after the final instructions. There I received an "auto restore point screen " the computer spent about an hour working on that .......then another error msg to say " unable to apply auto restore point". I got really worried at that point. The computer shut down on its own devices. I then turned it on again and things looked ok. I breathed a sigh of relief. 

 

Ok, so as of now , slower than before . I mean really slow. Like a minute to load a page or more in some cases. For what it's worth, all the really bad stuff started to happen before your very last set of instructions . Before that the system was getting faster and faster with each phase of repair..........



#13 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:16 AM

Posted 24 December 2013 - 07:52 AM

Hi,

 

That is definitely quite strange. I'm not entirely sure what's going on, so I would like you to run another FRST scan for me, and post the resulting log.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:05:16 AM

Posted 28 December 2013 - 09:00 AM

Hi,

 

It's been four days since you posted your last reply, so I am bumping the topic just in case you missed my previous post. If you need more time to get back to me, please let me know, because I don't know otherwise.

 

If I still haven't heard from you in two days, this topic will be locked, so please get back to me within two days.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#15 billdoc

billdoc
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 30 December 2013 - 02:33 PM

Wow.........system is now really sluggish ............internet is taking forever and acts for the most part irratic with clicking links etc.

 

Are you still there Gunto?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users