Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A new screen will pop up whenever I click to view something more on a page.


  • This topic is locked This topic is locked
16 replies to this topic

#1 givemekiss

givemekiss

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 29 December 2013 - 07:53 PM

I have recently been having an issue where whenever I go to click on a page to view more information, my computer will pop up with a new page/tab. I would click the tab with original web site I was looking at and noticed that the pop up had nothing to do with what I was looking at. I quickly clicked the "X" to get out of it, not really paying attention to what the pop up was for. I thought it was a fluke of some kind, but because it kept happening every time I surfed the web, I thought my computer had a virus. So I scanned my computer with a full scan several times and tried to find the bug. No luck. Today at church I consulted with a friend of mine who told me to go to this site for the combofix to get rid of any hiding bug that might have attached itself to my computer.  He also indicated that there might be rootkit issue, and that they are difficult to get rid of. I did complete the combofix and received a log report which is attached. Please review the log and let me know if there is anything else I need to do. Thank you! :)

 

Also, how often would you reccommend me running the combofix?

 

Thank you for your help!

 

~Givemekiss

Attached Files

  • Attached File  DDS.txt   32.53KB   3 downloads


BC AdBot (Login to Remove)

 


#2 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 29 December 2013 - 08:25 PM

Oh! I just remembered...not sure if this'll help. But every time I got onto Mozilla Firefox for the internet, I kept getting this message about how I needed to update Mozilla. Instead of clicking on the link, I typed in the webpage in my URL to go directly to Mozilla's site. I was informed by the site itself that I was up to date, yet I would keep getting this message along with a new window popping up every time I got online. Having an ADHD mind makes it difficult to really remember every detail at once. I will post more, if I remember something else I think might be related to this issue. Thanks again for your help!



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 31 December 2013 - 03:46 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#4 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 01 January 2014 - 10:58 PM

Hello Georgi!

 

First off, I want to say thank you for helping me out. Sencondly, I wanted you to be aware that I am in the process of doing each step that you have told me to do, and hope you understand that it may take some time for me to complete all the tasks. Once I am done, I will then attach all of the documents you requested so that you may then review them. Thanks again for your support!

 

Sincerely,

Alysa



#5 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 02 January 2014 - 12:12 AM

Okay, so I pasted the AdwCleaner log report at pastebin.com, and I hope that you are able to access it with the following link:  http://pastebin.com/yBPxc3fG

 

Also, per your instructions, I have run the Junkware Removal Tool as well as the Farbar Recovery Scan Tool.  The log reports are as follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alysa on Wed 01/01/2014 at 20:29:43.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3217471567-2868924228-119885190-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3217471567-2868924228-119885190-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A6EBD0C6-6DAA-4253-AC93-89FDABA73744}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\amiupdxp.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Alysa\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Alysa\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Alysa\appdata\local\swvupdater"
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{00B6448A-E0C8-4781-B1DD-E96C6000AE65}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{092DD45F-D5EC-4CF8-A211-46D3153995D1}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{0AD103C6-B4B0-410D-9BD5-67BD4690C6DF}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{0C1A460E-DBD2-46C6-A0D4-C03DFC783644}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{27463CEE-17A7-4929-B4ED-5521BBD32744}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{3C66D0DA-081F-4029-95C7-CE57AB7E3F76}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{76118529-D7D9-4F36-97A0-F2B0C25318D8}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{C6D36C89-BAB8-42E5-888A-D7FF9B136C0A}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{D2BBE4AE-AE51-4994-844D-042236193FF8}
Successfully deleted: [Empty Folder] C:\Users\Alysa\appdata\local\{D9033187-A85E-49AD-B7C4-ED3EBBFA7369}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Emptied folder: C:\Users\Alysa\AppData\Roaming\mozilla\firefox\profiles\pb2nv0do.default-1378188013787\minidumps [19 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/01/2014 at 20:44:56.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Here is the Farbar Recovery Scan Tool log reports:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
Ran by Alysa (administrator) on ALYSA-PC on 01-01-2014 20:54:54
Running from C:\Users\Alysa\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\InternetDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Users\Alysa\Downloads\AdwCleaner.exe
(Thisisu) C:\Users\Alysa\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] - C:\Windows\System32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\Hot Tamale\...\Policies\system: [LogonHoursAction] 2
HKU\Hot Tamale\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-01-01] (CACE Technologies, Inc.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-12] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 20:54 - 2014-01-01 20:55 - 00011467 _____ C:\Users\Alysa\Downloads\FRST.txt
2014-01-01 20:54 - 2014-01-01 20:54 - 01931426 _____ (Farbar) C:\Users\Alysa\Downloads\FRST64.exe
2014-01-01 20:54 - 2014-01-01 20:54 - 00000000 ____D C:\FRST
2014-01-01 20:44 - 2014-01-01 20:44 - 00005419 _____ C:\Users\Alysa\Desktop\JRT.txt
2014-01-01 20:29 - 2014-01-01 20:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 20:28 - 2014-01-01 20:28 - 01036305 _____ (Thisisu) C:\Users\Alysa\Downloads\JRT.exe
2014-01-01 20:00 - 2014-01-01 20:03 - 00000000 ____D C:\AdwCleaner
2014-01-01 19:59 - 2014-01-01 20:00 - 01233962 _____ C:\Users\Alysa\Downloads\AdwCleaner.exe
2014-01-01 17:59 - 2014-01-01 17:59 - 00448736 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\Netgear Live Parental Controls
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Program Files (x86)\NETGEAR Live Parental Controls Management Utility
2014-01-01 17:56 - 2014-01-01 17:56 - 00432554 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility.zip
2014-01-01 17:45 - 2014-01-01 17:46 - 00000000 ____D C:\Users\Alysa\AppData\Local\NETGEARGenie
2014-01-01 17:45 - 2014-01-01 17:45 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00002059 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2014-01-01 17:44 - 2014-01-01 17:45 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2014-01-01 17:43 - 2014-01-01 17:44 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install.exe
2014-01-01 17:43 - 2014-01-01 17:44 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install(1).exe
2013-12-29 16:13 - 2013-12-29 16:13 - 00033315 _____ C:\Users\Alysa\Desktop\DDS.txt
2013-12-29 14:15 - 2013-12-29 14:15 - 00033315 _____ C:\ComboFix.txt
2013-12-29 13:09 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-29 13:09 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-29 13:09 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-29 12:58 - 2013-12-29 14:15 - 00000000 ____D C:\Qoobox
2013-12-29 12:58 - 2013-12-29 14:12 - 00000000 ____D C:\Windows\erdnt
2013-12-29 12:56 - 2013-12-29 12:57 - 05159030 ____R (Swearware) C:\Users\Alysa\Downloads\ComboFix.exe
2013-12-28 19:48 - 2013-12-29 14:08 - 00001134 _____ C:\Windows\PFRO.log
2013-12-28 19:01 - 2013-12-29 14:08 - 00000414 _____ C:\Windows\setupact.log
2013-12-28 19:01 - 2013-12-28 19:01 - 00000000 _____ C:\Windows\setuperr.log
2013-12-28 18:58 - 2013-12-28 18:59 - 04954736 _____ (Microsoft Corporation) C:\Users\Alysa\Downloads\WindowsUpgradeAssistant.exe
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(2).exe
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(1).exe
2013-12-28 14:35 - 2014-01-01 17:45 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2013-12-28 14:35 - 2013-12-28 14:35 - 00000928 _____ C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
2013-12-28 14:35 - 2013-12-28 14:35 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-12-28 14:35 - 2007-01-19 18:24 - 00025312 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2013-12-28 14:33 - 2013-12-28 14:33 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\InstallShield
2013-12-24 03:01 - 2013-12-28 18:13 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-20 15:43 - 2013-12-20 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 21:00 - 2013-12-19 21:00 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-19 21:00 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-12-16 18:55 - 2013-12-16 18:55 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2013-12-13 21:41 - 2013-12-13 21:41 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 18:31 - 2013-12-12 18:32 - 01123856 _____ (Conduit) C:\Users\Alysa\Downloads\Setup_brff.exe
2013-12-12 03:05 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:05 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:02 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:02 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:02 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:02 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:02 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:02 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:02 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:02 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:02 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:02 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:02 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:02 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:02 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:02 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:02 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 03:01 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:01 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:01 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 07:35 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 07:35 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 07:35 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 07:35 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 07:35 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 07:35 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 07:35 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:35 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:35 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 07:35 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:35 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:35 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 07:35 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 07:35 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:35 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:35 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 07:35 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 07:35 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:35 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-07 21:57 - 2013-12-07 23:00 - 00000000 ____D C:\Users\Alysa\Documents\Kindle Fire Utility v0.9.9
2013-12-07 21:57 - 2013-12-07 22:03 - 00000000 ____D C:\Users\Alysa\.android
2013-12-07 21:50 - 2013-12-07 21:50 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-07 21:48 - 2013-12-07 21:48 - 00338472 _____ (Amônétízé Ltd) C:\Users\Alysa\Downloads\DownloadSetup__2299_i179876937_il2914.exe

==================== One Month Modified Files and Folders =======

2014-01-01 20:55 - 2014-01-01 20:54 - 00011467 _____ C:\Users\Alysa\Downloads\FRST.txt
2014-01-01 20:54 - 2014-01-01 20:54 - 01931426 _____ (Farbar) C:\Users\Alysa\Downloads\FRST64.exe
2014-01-01 20:54 - 2014-01-01 20:54 - 00000000 ____D C:\FRST
2014-01-01 20:44 - 2014-01-01 20:44 - 00005419 _____ C:\Users\Alysa\Desktop\JRT.txt
2014-01-01 20:38 - 2013-03-28 13:04 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 20:38 - 2013-03-28 13:04 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 20:29 - 2014-01-01 20:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 20:28 - 2014-01-01 20:28 - 01036305 _____ (Thisisu) C:\Users\Alysa\Downloads\JRT.exe
2014-01-01 20:09 - 2012-11-03 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 20:03 - 2014-01-01 20:00 - 00000000 ____D C:\AdwCleaner
2014-01-01 20:00 - 2014-01-01 19:59 - 01233962 _____ C:\Users\Alysa\Downloads\AdwCleaner.exe
2014-01-01 18:23 - 2012-01-15 09:41 - 01513836 _____ C:\Windows\WindowsUpdate.log
2014-01-01 18:09 - 2009-07-13 21:13 - 00783400 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 18:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-01 17:59 - 2014-01-01 17:59 - 00448736 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\Netgear Live Parental Controls
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Program Files (x86)\NETGEAR Live Parental Controls Management Utility
2014-01-01 17:56 - 2014-01-01 17:56 - 00432554 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility.zip
2014-01-01 17:46 - 2014-01-01 17:45 - 00000000 ____D C:\Users\Alysa\AppData\Local\NETGEARGenie
2014-01-01 17:45 - 2014-01-01 17:45 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00002059 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2014-01-01 17:45 - 2014-01-01 17:44 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2014-01-01 17:45 - 2013-12-28 14:35 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-01-01 17:44 - 2014-01-01 17:43 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install.exe
2014-01-01 17:44 - 2014-01-01 17:43 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install(1).exe
2013-12-29 16:13 - 2013-12-29 16:13 - 00033315 _____ C:\Users\Alysa\Desktop\DDS.txt
2013-12-29 14:16 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-29 14:16 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-29 14:15 - 2013-12-29 14:15 - 00033315 _____ C:\ComboFix.txt
2013-12-29 14:15 - 2013-12-29 12:58 - 00000000 ____D C:\Qoobox
2013-12-29 14:15 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2013-12-29 14:12 - 2013-12-29 12:58 - 00000000 ____D C:\Windows\erdnt
2013-12-29 14:09 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-29 14:08 - 2013-12-28 19:48 - 00001134 _____ C:\Windows\PFRO.log
2013-12-29 14:08 - 2013-12-28 19:01 - 00000414 _____ C:\Windows\setupact.log
2013-12-29 14:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-29 14:08 - 2009-07-13 18:34 - 67371008 _____ C:\Windows\system32\config\software.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 20185088 _____ C:\Windows\system32\config\system.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-12-29 12:57 - 2013-12-29 12:56 - 05159030 ____R (Swearware) C:\Users\Alysa\Downloads\ComboFix.exe
2013-12-28 19:01 - 2013-12-28 19:01 - 00000000 _____ C:\Windows\setuperr.log
2013-12-28 18:59 - 2013-12-28 18:58 - 04954736 _____ (Microsoft Corporation) C:\Users\Alysa\Downloads\WindowsUpgradeAssistant.exe
2013-12-28 18:23 - 2012-03-28 22:42 - 00000000 ____D C:\Users\Alysa\AppData\Local\CrashDumps
2013-12-28 18:23 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-12-28 18:15 - 2013-05-19 16:47 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\Foxit Software
2013-12-28 18:13 - 2013-12-24 03:01 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(2).exe
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(1).exe
2013-12-28 14:35 - 2013-12-28 14:35 - 00000928 _____ C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
2013-12-28 14:35 - 2013-12-28 14:35 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-12-28 14:35 - 2011-08-10 03:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-28 14:33 - 2013-12-28 14:33 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\InstallShield
2013-12-28 00:54 - 2012-03-18 23:16 - 00771978 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-27 15:05 - 2013-04-13 14:51 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\.technic
2013-12-26 14:52 - 2012-05-06 23:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-26 14:51 - 2012-03-25 00:30 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\SoftGrid Client
2013-12-24 13:17 - 2013-04-13 15:02 - 02304092 _____ () C:\Users\Alysa\Downloads\TechnicLauncher(1).exe
2013-12-23 20:16 - 2013-02-26 16:29 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\.minecraft
2013-12-23 18:22 - 2013-11-15 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-20 15:44 - 2013-12-20 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 21:00 - 2013-12-19 21:00 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-17 02:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 18:55 - 2013-12-16 18:55 - 00000000 ____D C:\Windows\SysWOW64\SearchProtect
2013-12-14 03:07 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 03:01 - 2012-03-19 22:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 21:41 - 2013-12-13 21:41 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-13 21:41 - 2013-03-28 13:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 18:32 - 2013-12-12 18:31 - 01123856 _____ (Conduit) C:\Users\Alysa\Downloads\Setup_brff.exe
2013-12-12 03:24 - 2009-07-13 20:45 - 00285536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 07:32 - 2012-11-03 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 07:32 - 2012-11-03 21:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 07:32 - 2011-08-10 04:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-07 23:00 - 2013-12-07 21:57 - 00000000 ____D C:\Users\Alysa\Documents\Kindle Fire Utility v0.9.9
2013-12-07 22:44 - 2013-05-30 14:17 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\vlc
2013-12-07 22:03 - 2013-12-07 21:57 - 00000000 ____D C:\Users\Alysa\.android
2013-12-07 21:57 - 2012-03-18 22:27 - 00000000 ____D C:\Users\Alysa
2013-12-07 21:50 - 2013-12-07 21:50 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-07 21:48 - 2013-12-07 21:48 - 00338472 _____ (Amônétízé Ltd) C:\Users\Alysa\Downloads\DownloadSetup__2299_i179876937_il2914.exe
2013-12-06 20:33 - 2013-03-28 13:04 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 20:33 - 2013-03-28 13:04 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 17:44 - 2013-07-01 10:00 - 00001422 _____ C:\Users\Hot Tamale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-02 08:38 - 2012-03-18 22:28 - 00066408 _____ C:\Users\Alysa\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:55

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by Alysa at 2014-01-01 20:56:30
Running from C:\Users\Alysa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bullzip PDF Printer 9.8.0.1599 (Version: 9.8.0.1599 - Bullzip)
Canon Inkjet Printer Driver Add-On Module (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eMachines Games (x32 Version: 1.0.2.5 - WildTangent)
eMachines Recovery Management (x32 Version: 5.00.3502 - Acer Incorporated)
eMachines Registration (x32 Version: 1.04.3503 - Acer Incorporated)
eMachines ScreenSaver (x32 Version: 1.1.0221.2011 - Acer Incorporated)
eMachines Updater (x32 Version: 1.02.3500 - Acer Incorporated)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451 - Evernote Corp.)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (x32 Version: 6.1.1.1031 - Foxit Corporation)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (x32 Version: 2.05.3505 - Acer Incorporated)
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Internet TV for Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 17 (64-bit) (Version: 7.0.170 - Oracle)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java 7 Update 7 (x32 Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LG USB Modem driver (x32 Version:  - )
Logitech Unifying Software 2.00 (Version: 2.00.43 - Logitech)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Motorola Device Manager (x32 Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.0018 - Nero AG)
Netflix in Windows Media Center (x32 Version: 3.3.101.0 - Microsoft Corporation)
NETGEAR Genie (x32 Version: 2.3.1.16 - NETGEAR Inc.)
NETGEAR Live Parental Controls Management Utility 2.1.6 (x32 Version: 2.1.6 - )
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (x32 Version: 1.03.000 - NETGEAR)
NOOK for PC (x32 Version: 2.5.6.9575 - Barnesandnoble.com)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
ScorpionSaver (x32 Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.6 (x32 Version: 2.0.6 - VideoLAN)
Welcome Center (x32 Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
Zune (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

26-12-2013 06:35:09 Windows Update
28-12-2013 07:38:57 Windows Update
28-12-2013 21:56:10 Removed NETGEAR USB Control Center  
28-12-2013 21:58:09 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
28-12-2013 22:01:27 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
28-12-2013 22:34:43 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
28-12-2013 22:36:28 Device Driver Package Install: NETGEAR Inc. Network Protocol
29-12-2013 03:00:32 Windows Update
30-12-2013 02:05:34 Windows Backup

==================== Hosts content: ==========================

2009-07-13 18:34 - 2013-12-29 14:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12A411D1-20D4-44EC-93BA-2819499A75B8} - System32\Tasks\{C2ABE1B2-EC78-4023-B191-FF8E8E4161CA} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {187FACC0-7018-4652-84F0-B22761FDFB37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {1C0C20F2-37F1-4535-B2EB-B85AB0E28F2E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {26D5202F-A037-4CC4-9AAD-8BEAC6416D66} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {36CD25AF-6530-4ADF-8FCB-E3FC8C33881A} - System32\Tasks\{8A602076-3AE5-4294-9D9C-511DCACC8033} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {383761C9-B287-4F11-ABBB-2F4D949B8D0D} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {5D37BF0F-16F5-442C-AD22-D2E24562DB7B} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\eMachines\eMachines Recovery Management\NotificationCenter\Notification.exe [2011-06-17] (Acer)
Task: {661FB481-22BC-4F0E-BB8C-6B1F80A60893} - System32\Tasks\{07466AC8-F44F-46BF-8367-1AF05D70AA8D} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {66F76CF9-9AA6-4D2E-9EE0-519BAAEDE8FD} - System32\Tasks\{F075D5ED-B73B-4FAE-AA1E-770F4510C398} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {77B3E700-9323-4475-95A3-2B50F442D979} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {7F6D0E45-51D7-4D0C-835C-B27A7DD11C69} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {855BBF58-7C73-428A-A748-6ADDCF6EE10E} - System32\Tasks\{3B12F186-51C9-4242-BE80-E2A41F4CC50F} => C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-09-16] ()
Task: {9F7C3958-0129-44FE-B96D-DF09F5123557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B6BAAD1F-5BCD-4237-9FE3-B6BEEC14A6F1} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {B6E68B96-5F8B-4F69-B650-C8D84C902593} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {BBC1E05B-9CBE-4908-9AC7-6CBF0BC3C2E1} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {C0DE5B9B-836C-4A46-B99B-430BF55CA8EE} - System32\Tasks\{896E655D-2F77-459A-86A9-2A757F7D1FD3} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {C1329988-B844-4545-9BF0-94D213768724} - System32\Tasks\{BBA70DCE-9DA9-4BEA-AF16-1D63750640FD} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {C9ACECE1-3F02-401D-B89D-968BAC42D44D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {E1B85FA6-C84B-4F59-8125-D7BBCFFEEE4C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F226664D-BBCA-47CD-83E3-9AAE1D06E9EA} - System32\Tasks\{E1BE1672-4430-49D2-80B3-8F43973791C9} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-28 17:14 - 2013-09-28 17:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 00:04 - 2013-12-06 00:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-12-05 03:36 - 2013-12-05 03:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 17:59 - 2013-11-10 17:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 03:37 - 2013-12-05 03:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-05 21:55 - 2013-12-05 21:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 01:05 - 2013-11-13 01:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 17:58 - 2013-11-10 17:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 18:09 - 2013-11-10 18:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 03:31 - 2013-12-05 03:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 03:34 - 2013-12-05 03:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 17:59 - 2013-11-10 17:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-12-05 23:57 - 2013-12-05 23:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 03:43 - 2013-12-05 03:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 18:21 - 2013-11-10 18:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-11-10 17:58 - 2013-11-10 17:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 00:56 - 2013-11-14 00:56 - 00267756 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 03:43 - 2013-12-05 03:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 18:24 - 2013-11-10 18:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 18:23 - 2013-11-10 18:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2013-12-20 15:43 - 2013-12-20 15:43 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 07:32 - 2013-12-11 07:32 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-29 14:05:54.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-29 14:05:54.249
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3576.26 MB
Available physical RAM: 1955.31 MB
Total Pagefile: 7150.7 MB
Available Pagefile: 5376.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:446.13 GB) (Free:386.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B25EC62F)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

I have only run the programs, received the logs and and attached them to this reply.  I have not yet clicked the "clean" or "fix" buttons on them since you did not ask me to do so.

 

Thank you for your time and patience! I look forward with your response at your convenience.  :thumbsup:

 

Sincerely,

Alysa
 



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 02 January 2014 - 06:10 AM

Hello Alysa,

 

I wish you Happy New Year from the bottom of my heart. May God give you the happiness and strength to overcome your past year failures. :)

 

Please double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Next please re-run FRST and run a new scan and post the new logs to check what's left for removal. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 02 January 2014 - 08:23 PM

Happy New Year to you too, Georgi!
So, after doing the AdwCleaner scan last night, I did not click out of it, so when I got your message today, I clicked the clean button, then re-ran the scan and cleaned it a second time. I will post both logs for your review as well as the logs for the FRST tool. I have not clicked the "fix" button on the FRST, but will be happy to click it if you deem it necessary. Here are the log reports:
 
 
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\ScorpionSaver Services
Folder Deleted : C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\4hfabhvx.default\Extensions\ScorpionSaver@jetpack
File Deleted : C:\Windows\SysWOW64\AdpeakProxy.ini
File Deleted : C:\Windows\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\Windows\System32\AdpeakProxy.ini
File Deleted : C:\Windows\System32\AdpeakProxy64.dll
File Deleted : C:\Windows\System32\AdpeakProxyOff.ini

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\94d8dce035eb49
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\prefs.js ]


[ File : C:\Users\Hot Tamale\AppData\Roaming\Mozilla\Firefox\Profiles\698regu8.default\prefs.js ]


*************************

AdwCleaner[S0].txt - [4071 octets] - [02/01/2014 15:07:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4131 octets] ##########
 
 
 
# AdwCleaner v3.016 - Report created 02/01/2014 at 15:15:18
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alysa - ALYSA-PC
# Running from : C:\Users\Alysa\Desktop\AdwCleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\prefs.js ]


[ File : C:\Users\Hot Tamale\AppData\Roaming\Mozilla\Firefox\Profiles\698regu8.default\prefs.js ]


*************************

AdwCleaner[R1].txt - [959 octets] - [02/01/2014 15:13:32]
AdwCleaner[S0].txt - [4235 octets] - [02/01/2014 15:07:38]
AdwCleaner[S1].txt - [881 octets] - [02/01/2014 15:15:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [940 octets] ##########
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
Ran by Alysa (administrator) on ALYSA-PC on 02-01-2014 15:17:48
Running from C:\Users\Alysa\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] - C:\Windows\System32\TiltWheelMouse.exe [241152 2010-11-01] (Pixart Imaging Inc)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\Hot Tamale\...\Policies\system: [LogonHoursAction] 2
HKU\Hot Tamale\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-01-01] (CACE Technologies, Inc.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-12] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-02 15:17 - 2014-01-02 15:17 - 00000000 ____D C:\FRST
2014-01-02 15:07 - 2014-01-02 15:15 - 00000000 ____D C:\AdwCleaner
2014-01-01 21:41 - 2014-01-01 21:41 - 00001154 _____ C:\Users\Alysa\Desktop\ComboFix - Shortcut.lnk
2014-01-01 20:56 - 2014-01-01 20:56 - 00028035 _____ C:\Users\Alysa\Downloads\Addition.txt
2014-01-01 20:54 - 2014-01-02 15:17 - 00000000 ____D C:\Users\Alysa\Desktop\FRST
2014-01-01 20:54 - 2014-01-01 20:56 - 00032173 _____ C:\Users\Alysa\Downloads\FRST.txt
2014-01-01 20:44 - 2014-01-01 20:44 - 00005419 _____ C:\Users\Alysa\Desktop\JRT.txt
2014-01-01 20:29 - 2014-01-01 20:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 20:28 - 2014-01-01 20:28 - 01036305 _____ (Thisisu) C:\Users\Alysa\Downloads\JRT.exe
2014-01-01 20:00 - 2014-01-01 21:46 - 00000000 ____D C:\Users\Alysa\Desktop\AdwCleaner
2014-01-01 17:59 - 2014-01-01 17:59 - 00448736 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\Netgear Live Parental Controls
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Program Files (x86)\NETGEAR Live Parental Controls Management Utility
2014-01-01 17:56 - 2014-01-01 17:56 - 00432554 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility.zip
2014-01-01 17:45 - 2014-01-01 17:46 - 00000000 ____D C:\Users\Alysa\AppData\Local\NETGEARGenie
2014-01-01 17:45 - 2014-01-01 17:45 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00002059 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2014-01-01 17:44 - 2014-01-01 17:45 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2014-01-01 17:43 - 2014-01-01 17:44 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install.exe
2014-01-01 17:43 - 2014-01-01 17:44 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install(1).exe
2013-12-29 16:13 - 2013-12-29 16:13 - 00033315 _____ C:\Users\Alysa\Desktop\DDS.txt
2013-12-29 14:15 - 2013-12-29 14:15 - 00033315 _____ C:\Users\Alysa\Desktop\ComboFix.txt
2013-12-29 13:09 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-29 13:09 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-29 13:09 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-29 13:09 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-29 12:58 - 2013-12-29 14:15 - 00000000 ____D C:\Qoobox
2013-12-29 12:58 - 2013-12-29 14:12 - 00000000 ____D C:\Windows\erdnt
2013-12-29 12:56 - 2013-12-29 12:57 - 05159030 ____R (Swearware) C:\Users\Alysa\Downloads\ComboFix.exe
2013-12-28 19:48 - 2013-12-29 14:08 - 00001134 _____ C:\Windows\PFRO.log
2013-12-28 19:01 - 2014-01-02 15:16 - 00000526 _____ C:\Windows\setupact.log
2013-12-28 19:01 - 2013-12-28 19:01 - 00000000 _____ C:\Windows\setuperr.log
2013-12-28 18:58 - 2013-12-28 18:59 - 04954736 _____ (Microsoft Corporation) C:\Users\Alysa\Downloads\WindowsUpgradeAssistant.exe
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(2).exe
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(1).exe
2013-12-28 14:35 - 2014-01-01 17:45 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2013-12-28 14:35 - 2013-12-28 14:35 - 00000928 _____ C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
2013-12-28 14:35 - 2013-12-28 14:35 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-12-28 14:35 - 2007-01-19 18:24 - 00025312 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\SCMNdisP.sys
2013-12-28 14:33 - 2013-12-28 14:33 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\InstallShield
2013-12-24 03:01 - 2013-12-28 18:13 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-20 15:43 - 2013-12-20 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 21:41 - 2013-12-13 21:41 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 18:31 - 2013-12-12 18:32 - 01123856 _____ (Conduit) C:\Users\Alysa\Downloads\Setup_brff.exe
2013-12-12 03:05 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 03:05 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 03:05 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 03:02 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:02 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:02 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:02 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:02 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:02 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:02 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:02 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:02 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:02 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:02 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:02 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:02 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:02 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:02 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:02 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:02 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:02 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:02 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:02 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:02 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:02 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:02 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:02 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:02 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 03:01 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:01 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:01 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 07:35 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 07:35 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 07:35 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 07:35 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 07:35 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 07:35 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 07:35 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 07:35 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 07:35 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 07:35 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 07:35 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 07:35 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 07:35 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 07:35 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 07:35 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 07:35 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 07:35 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 07:35 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 07:35 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-07 21:57 - 2013-12-07 23:00 - 00000000 ____D C:\Users\Alysa\Documents\Kindle Fire Utility v0.9.9
2013-12-07 21:57 - 2013-12-07 22:03 - 00000000 ____D C:\Users\Alysa\.android
2013-12-07 21:48 - 2013-12-07 21:48 - 00338472 _____ (Amônétízé Ltd) C:\Users\Alysa\Downloads\DownloadSetup__2299_i179876937_il2914.exe

==================== One Month Modified Files and Folders =======

2014-01-02 15:17 - 2014-01-02 15:17 - 00000000 ____D C:\FRST
2014-01-02 15:17 - 2014-01-01 20:54 - 00000000 ____D C:\Users\Alysa\Desktop\FRST
2014-01-02 15:16 - 2013-12-28 19:01 - 00000526 _____ C:\Windows\setupact.log
2014-01-02 15:16 - 2013-03-28 13:04 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 15:16 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 15:15 - 2014-01-02 15:07 - 00000000 ____D C:\AdwCleaner
2014-01-02 15:15 - 2012-01-15 09:41 - 01534743 _____ C:\Windows\WindowsUpdate.log
2014-01-02 15:15 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 15:15 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 15:09 - 2012-11-03 21:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-02 14:38 - 2013-03-28 13:04 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 21:46 - 2014-01-01 20:00 - 00000000 ____D C:\Users\Alysa\Desktop\AdwCleaner
2014-01-01 21:41 - 2014-01-01 21:41 - 00001154 _____ C:\Users\Alysa\Desktop\ComboFix - Shortcut.lnk
2014-01-01 20:56 - 2014-01-01 20:56 - 00028035 _____ C:\Users\Alysa\Downloads\Addition.txt
2014-01-01 20:56 - 2014-01-01 20:54 - 00032173 _____ C:\Users\Alysa\Downloads\FRST.txt
2014-01-01 20:44 - 2014-01-01 20:44 - 00005419 _____ C:\Users\Alysa\Desktop\JRT.txt
2014-01-01 20:29 - 2014-01-01 20:29 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 20:28 - 2014-01-01 20:28 - 01036305 _____ (Thisisu) C:\Users\Alysa\Downloads\JRT.exe
2014-01-01 18:09 - 2009-07-13 21:13 - 00783400 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 18:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-01 17:59 - 2014-01-01 17:59 - 00448736 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\Netgear Live Parental Controls
2014-01-01 17:57 - 2014-01-01 17:57 - 00000000 ____D C:\Program Files (x86)\NETGEAR Live Parental Controls Management Utility
2014-01-01 17:56 - 2014-01-01 17:56 - 00432554 _____ C:\Users\Alysa\Downloads\NETGEARManagementUtility.zip
2014-01-01 17:46 - 2014-01-01 17:45 - 00000000 ____D C:\Users\Alysa\AppData\Local\NETGEARGenie
2014-01-01 17:45 - 2014-01-01 17:45 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2014-01-01 17:45 - 2014-01-01 17:45 - 00002059 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2014-01-01 17:45 - 2014-01-01 17:44 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2014-01-01 17:45 - 2013-12-28 14:35 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-01-01 17:44 - 2014-01-01 17:43 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install.exe
2014-01-01 17:44 - 2014-01-01 17:43 - 24797984 _____ (NETGEAR Inc.) C:\Users\Alysa\Downloads\NETGEARGenie-install(1).exe
2013-12-29 16:13 - 2013-12-29 16:13 - 00033315 _____ C:\Users\Alysa\Desktop\DDS.txt
2013-12-29 14:15 - 2013-12-29 14:15 - 00033315 _____ C:\Users\Alysa\Desktop\ComboFix.txt
2013-12-29 14:15 - 2013-12-29 12:58 - 00000000 ____D C:\Qoobox
2013-12-29 14:15 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2013-12-29 14:12 - 2013-12-29 12:58 - 00000000 ____D C:\Windows\erdnt
2013-12-29 14:09 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-29 14:08 - 2013-12-28 19:48 - 00001134 _____ C:\Windows\PFRO.log
2013-12-29 14:08 - 2009-07-13 18:34 - 67371008 _____ C:\Windows\system32\config\software.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 20185088 _____ C:\Windows\system32\config\system.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-12-29 14:08 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-12-29 12:57 - 2013-12-29 12:56 - 05159030 ____R (Swearware) C:\Users\Alysa\Downloads\ComboFix.exe
2013-12-28 19:01 - 2013-12-28 19:01 - 00000000 _____ C:\Windows\setuperr.log
2013-12-28 18:59 - 2013-12-28 18:58 - 04954736 _____ (Microsoft Corporation) C:\Users\Alysa\Downloads\WindowsUpgradeAssistant.exe
2013-12-28 18:23 - 2012-03-28 22:42 - 00000000 ____D C:\Users\Alysa\AppData\Local\CrashDumps
2013-12-28 18:23 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-12-28 18:15 - 2013-05-19 16:47 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\Foxit Software
2013-12-28 18:13 - 2013-12-24 03:01 - 00000000 ____D C:\Program Files (x86)\WebexpEnhancedV1
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(2).exe
2013-12-28 15:00 - 2013-12-28 15:00 - 00470032 _____ C:\Users\Alysa\Downloads\Setup(1).exe
2013-12-28 14:35 - 2013-12-28 14:35 - 00000928 _____ C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
2013-12-28 14:35 - 2013-12-28 14:35 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2013-12-28 14:35 - 2011-08-10 03:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-28 14:33 - 2013-12-28 14:33 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\InstallShield
2013-12-28 00:54 - 2012-03-18 23:16 - 00771978 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-27 15:05 - 2013-04-13 14:51 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\.technic
2013-12-26 14:52 - 2012-05-06 23:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-26 14:51 - 2012-03-25 00:30 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\SoftGrid Client
2013-12-24 13:17 - 2013-04-13 15:02 - 02304092 _____ () C:\Users\Alysa\Downloads\TechnicLauncher(1).exe
2013-12-23 20:16 - 2013-02-26 16:29 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\.minecraft
2013-12-23 18:22 - 2013-11-15 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-20 15:44 - 2013-12-20 15:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-17 02:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 03:07 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 03:01 - 2012-03-19 22:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 21:41 - 2013-12-13 21:41 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-13 21:41 - 2013-03-28 13:04 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 18:32 - 2013-12-12 18:31 - 01123856 _____ (Conduit) C:\Users\Alysa\Downloads\Setup_brff.exe
2013-12-12 03:24 - 2009-07-13 20:45 - 00285536 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 07:32 - 2012-11-03 21:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 07:32 - 2012-11-03 21:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 07:32 - 2011-08-10 04:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-07 23:00 - 2013-12-07 21:57 - 00000000 ____D C:\Users\Alysa\Documents\Kindle Fire Utility v0.9.9
2013-12-07 22:44 - 2013-05-30 14:17 - 00000000 ____D C:\Users\Alysa\AppData\Roaming\vlc
2013-12-07 22:03 - 2013-12-07 21:57 - 00000000 ____D C:\Users\Alysa\.android
2013-12-07 21:57 - 2012-03-18 22:27 - 00000000 ____D C:\Users\Alysa
2013-12-07 21:48 - 2013-12-07 21:48 - 00338472 _____ (Amônétízé Ltd) C:\Users\Alysa\Downloads\DownloadSetup__2299_i179876937_il2914.exe
2013-12-06 20:33 - 2013-03-28 13:04 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 20:33 - 2013-03-28 13:04 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-03 17:44 - 2013-07-01 10:00 - 00001422 _____ C:\Users\Hot Tamale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Some content of TEMP:
====================
C:\Users\Alysa\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 00:55

==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by Alysa at 2014-01-02 15:20:25
Running from C:\Users\Alysa\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bullzip PDF Printer 9.8.0.1599 (Version: 9.8.0.1599 - Bullzip)
Canon Inkjet Printer Driver Add-On Module (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eMachines Games (x32 Version: 1.0.2.5 - WildTangent)
eMachines Recovery Management (x32 Version: 5.00.3502 - Acer Incorporated)
eMachines Registration (x32 Version: 1.04.3503 - Acer Incorporated)
eMachines ScreenSaver (x32 Version: 1.1.0221.2011 - Acer Incorporated)
eMachines Updater (x32 Version: 1.02.3500 - Acer Incorporated)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Evernote v. 4.5.1 (x32 Version: 4.5.1.5451 - Evernote Corp.)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (x32 Version: 6.1.1.1031 - Foxit Corporation)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU Version: 5.1.0.880 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (x32 Version: 2.05.3505 - Acer Incorporated)
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Internet TV for Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 17 (64-bit) (Version: 7.0.170 - Oracle)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java 7 Update 7 (x32 Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LG USB Modem driver (x32 Version:  - )
Logitech Unifying Software 2.00 (Version: 2.00.43 - Logitech)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Motorola Device Manager (x32 Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.2.12000.21.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.0018 - Nero AG)
Netflix in Windows Media Center (x32 Version: 3.3.101.0 - Microsoft Corporation)
NETGEAR Genie (x32 Version: 2.3.1.16 - NETGEAR Inc.)
NETGEAR Live Parental Controls Management Utility 2.1.6 (x32 Version: 2.1.6 - )
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (x32 Version: 1.03.000 - NETGEAR)
NOOK for PC (x32 Version: 2.5.6.9575 - Barnesandnoble.com)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
ScorpionSaver (x32 Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.6 (x32 Version: 2.0.6 - VideoLAN)
Welcome Center (x32 Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
Zune (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

26-12-2013 06:35:09 Windows Update
28-12-2013 07:38:57 Windows Update
28-12-2013 21:56:10 Removed NETGEAR USB Control Center  
28-12-2013 21:58:09 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
28-12-2013 22:01:27 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
28-12-2013 22:34:43 Installed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
28-12-2013 22:36:28 Device Driver Package Install: NETGEAR Inc. Network Protocol
29-12-2013 03:00:32 Windows Update
30-12-2013 02:05:34 Windows Backup

==================== Hosts content: ==========================

2009-07-13 18:34 - 2013-12-29 14:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12A411D1-20D4-44EC-93BA-2819499A75B8} - System32\Tasks\{C2ABE1B2-EC78-4023-B191-FF8E8E4161CA} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {187FACC0-7018-4652-84F0-B22761FDFB37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {1C0C20F2-37F1-4535-B2EB-B85AB0E28F2E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe
Task: {26D5202F-A037-4CC4-9AAD-8BEAC6416D66} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {36CD25AF-6530-4ADF-8FCB-E3FC8C33881A} - System32\Tasks\{8A602076-3AE5-4294-9D9C-511DCACC8033} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {383761C9-B287-4F11-ABBB-2F4D949B8D0D} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {5D37BF0F-16F5-442C-AD22-D2E24562DB7B} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\eMachines\eMachines Recovery Management\NotificationCenter\Notification.exe [2011-06-17] (Acer)
Task: {661FB481-22BC-4F0E-BB8C-6B1F80A60893} - System32\Tasks\{07466AC8-F44F-46BF-8367-1AF05D70AA8D} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {66F76CF9-9AA6-4D2E-9EE0-519BAAEDE8FD} - System32\Tasks\{F075D5ED-B73B-4FAE-AA1E-770F4510C398} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {77B3E700-9323-4475-95A3-2B50F442D979} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {7F6D0E45-51D7-4D0C-835C-B27A7DD11C69} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {855BBF58-7C73-428A-A748-6ADDCF6EE10E} - System32\Tasks\{3B12F186-51C9-4242-BE80-E2A41F4CC50F} => C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-09-16] ()
Task: {9F7C3958-0129-44FE-B96D-DF09F5123557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B6BAAD1F-5BCD-4237-9FE3-B6BEEC14A6F1} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {B6E68B96-5F8B-4F69-B650-C8D84C902593} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe
Task: {BBC1E05B-9CBE-4908-9AC7-6CBF0BC3C2E1} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {C0DE5B9B-836C-4A46-B99B-430BF55CA8EE} - System32\Tasks\{896E655D-2F77-459A-86A9-2A757F7D1FD3} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {C1329988-B844-4545-9BF0-94D213768724} - System32\Tasks\{BBA70DCE-9DA9-4BEA-AF16-1D63750640FD} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: {C9ACECE1-3F02-401D-B89D-968BAC42D44D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {E1B85FA6-C84B-4F59-8125-D7BBCFFEEE4C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F226664D-BBCA-47CD-83E3-9AAE1D06E9EA} - System32\Tasks\{E1BE1672-4430-49D2-80B3-8F43973791C9} => C:\Program Files (x86)\NETGEAR\USB Control Center\Choose_Language.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-12-28 14:35 - 2010-11-10 17:28 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 17:14 - 2013-09-28 17:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 00:04 - 2013-12-06 00:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-12-05 03:36 - 2013-12-05 03:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 17:59 - 2013-11-10 17:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 03:37 - 2013-12-05 03:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-05 21:55 - 2013-12-05 21:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 01:05 - 2013-11-13 01:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 17:58 - 2013-11-10 17:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 18:09 - 2013-11-10 18:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 03:31 - 2013-12-05 03:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 03:34 - 2013-12-05 03:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 17:59 - 2013-11-10 17:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-12-05 23:57 - 2013-12-05 23:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 03:43 - 2013-12-05 03:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 18:21 - 2013-11-10 18:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 17:58 - 2013-11-10 17:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 00:56 - 2013-11-14 00:56 - 00267756 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 03:43 - 2013-12-05 03:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 18:24 - 2013-11-10 18:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 18:23 - 2013-11-10 18:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 17:56 - 2013-11-10 17:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 17:13 - 2013-09-28 17:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2013-12-28 14:35 - 2010-07-08 11:24 - 00258048 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2014 03:17:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 03:12:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/02/2014 03:15:30 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/02/2014 03:10:28 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (01/02/2014 03:17:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2014 03:12:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-12-29 14:05:54.671
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-29 14:05:54.249
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 3576.26 MB
Available physical RAM: 2354.55 MB
Total Pagefile: 7150.7 MB
Available Pagefile: 5770.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:446.13 GB) (Free:386.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B25EC62F)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
 
Hope these logs help! :hello:
On a side note, I was curious to know if having the Minecraft game on my computer was causing some of these issues?  I hope your New Year has started out well, and look forward to your response.
 
Sincerely,
Alysa



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 02 January 2014 - 08:47 PM

Hello Alysa,

 

Thanks for the wishes. :)

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next please let me know if there are any difference with the current state of the system.

 

 

On a side note, I was curious to know if having the Minecraft game on my computer was causing some of these issues?

 

I can't be sure since I don't play Minecraft myself but as long you don't use any pirated version of any program all should be as it should with them. :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 02 January 2014 - 08:48 PM.

cXfZ4wS.png


#9 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 02 January 2014 - 09:32 PM

:o Wow, Georgi! You are amazingly fast to respond! Here is the Fixlog.txt as requested.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-01-2014
Ran by Alysa at 2014-01-02 18:00:03 Run:1
Running from C:\Users\Alysa\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
2013-12-12 18:31 - 2013-12-12 18:32 - 01123856 _____ (Conduit) C:\Users\Alysa\Downloads\Setup_brff.exe
cmd: type C:\Users\Alysa\Desktop\ComboFix.txt
C:\Users\Alysa\AppData\Local\Temp
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
catchme => Service deleted successfully.
C:\Users\Alysa\Downloads\Setup_brff.exe => Moved successfully.

=========  type C:\Users\Alysa\Desktop\ComboFix.txt =========

ComboFix 13-12-29.01 - Alysa 12/29/2013  13:13:31.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3576.2538 [GMT -8:00]
Running from: c:\users\Alysa\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ScorpionSaver
c:\program files (x86)\ScorpionSaver\background.js
c:\program files (x86)\ScorpionSaver\bootstrap.js
c:\program files (x86)\ScorpionSaver\bootstrap.js.old
c:\program files (x86)\ScorpionSaver\CustomActionInstall
c:\program files (x86)\ScorpionSaver\CustomActionUninstall
c:\program files (x86)\ScorpionSaver\icon128.png
c:\program files (x86)\ScorpionSaver\icon16.png
c:\program files (x86)\ScorpionSaver\icon32.png
c:\program files (x86)\ScorpionSaver\icon48.png
c:\program files (x86)\ScorpionSaver\icon64.png
c:\program files (x86)\ScorpionSaver\icon8.png
c:\program files (x86)\ScorpionSaver\IECore.dll
c:\program files (x86)\ScorpionSaver\manifest.json
c:\program files (x86)\ScorpionSaver\marcopolo.js
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml
c:\program files (x86)\ScorpionSaver\SendJson.dll
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll_1387248926468
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll_1387248926786
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
c:\windows\SysWOW64\AdpeakProxy.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdpeakProxy
-------\Service_Level Quality Watcher
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-29  )))))))))))))))))))))))))))))))
.
.
2013-12-29 00:44 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B867FA4-0775-440A-81FF-EF7588399593}\mpengine.dll
2013-12-28 22:35 . 2007-01-20 02:24    25312    ----a-w-    c:\windows\system32\drivers\SCMNdisP.sys
2013-12-28 22:35 . 2010-02-03 19:20    47632    ----a-w-    c:\windows\system32\drivers\npf.sys
2013-12-28 22:35 . 2013-12-28 22:35    --------    d-----w-    c:\program files (x86)\NETGEAR
2013-12-28 22:33 . 2013-12-28 22:33    --------    d-----w-    c:\users\Alysa\AppData\Roaming\InstallShield
2013-12-28 08:21 . 2013-12-28 08:21    --------    d-----w-    c:\windows\Migration
2013-12-28 00:02 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-24 11:01 . 2013-12-29 02:13    --------    d-----w-    c:\program files (x86)\WebexpEnhancedV1
2013-12-20 05:00 . 2013-10-16 18:18    439296    ----a-w-    c:\windows\system32\AdpeakProxy64.dll
2013-12-20 05:00 . 2013-12-20 05:00    --------    d-----w-    c:\program files\ScorpionSaver Services
2013-12-17 02:55 . 2013-12-17 02:55    --------    d-----w-    c:\windows\SysWow64\SearchProtect
2013-12-13 02:35 . 2013-12-13 02:35    --------    d-----w-    c:\users\Alysa\AppData\Local\SearchProtect
2013-12-12 11:05 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 11:05 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 11:05 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-12 11:05 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-12 11:05 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-12 11:01 . 2013-11-26 08:35    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-12-12 11:01 . 2013-11-26 08:16    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-12-08 05:57 . 2013-12-08 06:03    --------    d-----w-    c:\users\Alysa\.android
2013-12-08 05:50 . 2013-12-08 05:50    --------    d-----w-    c:\program files\Level Quality Watcher
2013-12-08 05:50 . 2013-12-08 05:50    --------    d-----w-    c:\users\Alysa\AppData\Local\SwvUpdater
2013-12-06 07:39 . 2013-10-18 05:07    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4917B0BE-0593-4DF5-948A-4C28A777E4E0}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 11:01 . 2012-03-20 06:55    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-11 15:32 . 2012-11-04 05:27    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 15:32 . 2011-08-10 12:01    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-26 11:03 . 2013-11-26 11:03    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 11:03 . 2013-11-26 11:03    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-26 11:03 . 2013-11-26 11:03    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-26 11:03 . 2013-11-26 11:03    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-26 11:03 . 2013-11-26 11:03    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 11:03 . 2013-11-26 11:03    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-26 11:03 . 2013-11-26 11:03    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-26 11:03 . 2013-11-26 11:03    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 11:03 . 2013-11-26 11:03    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-26 11:03 . 2013-11-26 11:03    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-26 11:03 . 2013-11-26 11:03    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-26 11:03 . 2013-11-26 11:03    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-26 11:03 . 2013-11-26 11:03    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-26 11:03 . 2013-11-26 11:03    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-26 11:03 . 2013-11-26 11:03    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 11:03 . 2013-11-26 11:03    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 11:03 . 2013-11-26 11:03    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 11:03 . 2013-11-26 11:03    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-26 11:03 . 2013-11-26 11:03    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-26 11:03 . 2013-11-26 11:03    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-26 11:03 . 2013-11-26 11:03    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-26 11:03 . 2013-11-26 11:03    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 11:03 . 2013-11-26 11:03    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-26 11:03 . 2013-11-26 11:03    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 11:03 . 2013-11-26 11:03    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-26 11:03 . 2013-11-26 11:03    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 11:03 . 2013-11-26 11:03    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-26 11:03 . 2013-11-26 11:03    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 11:03 . 2013-11-26 11:03    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-26 11:03 . 2013-11-26 11:03    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-26 11:03 . 2013-11-26 11:03    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-26 11:03 . 2013-11-26 11:03    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-26 11:03 . 2013-11-26 11:03    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-26 11:03 . 2013-11-26 11:03    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-26 11:03 . 2013-11-26 11:03    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-26 11:03 . 2013-11-26 11:03    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-26 11:03 . 2013-11-26 11:03    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-26 11:03 . 2013-11-26 11:03    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-26 11:03 . 2013-11-26 11:03    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-26 11:03 . 2013-11-26 11:03    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 11:03 . 2013-11-26 11:03    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-26 11:03 . 2013-11-26 11:03    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-26 11:03 . 2013-11-26 11:03    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-26 11:03 . 2013-11-26 11:03    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-26 11:03 . 2013-11-26 11:03    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-26 11:03 . 2013-11-26 11:03    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-26 11:03 . 2013-11-26 11:03    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-26 11:03 . 2013-11-26 11:03    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-26 11:03 . 2013-11-26 11:03    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-26 11:03 . 2013-11-26 11:03    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-26 11:03 . 2013-11-26 11:03    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-26 11:03 . 2013-11-26 11:03    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-26 11:03 . 2013-11-26 11:03    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-26 11:03 . 2013-11-26 11:03    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-26 11:03 . 2013-11-26 11:03    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-26 11:03 . 2013-11-26 11:03    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-26 11:03 . 2013-11-26 11:03    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-26 11:03 . 2013-11-26 11:03    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-26 11:03 . 2013-11-26 11:03    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-18 05:07 . 2012-06-13 02:25    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 02:00 . 2013-11-26 11:08    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 01:59    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 01:59    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 01:59    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 01:59    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 01:59    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 01:59    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 01:59    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 01:59    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 01:59    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 01:59    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 01:59    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 01:59    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 01:59    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 01:59    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 01:59    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-02 05:05    222832    ----a-w-    c:\users\Alysa\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-02 05:05    222832    ----a-w-    c:\users\Alysa\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-02 05:05    222832    ----a-w-    c:\users\Alysa\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2013-12-28 4559840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 15:32]
.
2013-12-29 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Alysa\AppData\Local\SwvUpdater\Updater.exe [2013-12-08 05:49]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 21:04]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 21:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-02 05:05    261744    ----a-w-    c:\users\Alysa\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-02 05:05    261744    ----a-w-    c:\users\Alysa\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-02 05:05    261744    ----a-w-    c:\users\Alysa\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3316243&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPDA2698E1-EEC1-4538-9CB8-BD1856264D2B&SSPV=
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10AD2C61-0898-4348-8600-14A342F22AC3} - c:\program files (x86)\ScorpionSaver\IECore.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3217471567-2868924228-119885190-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3217471567-2868924228-119885190-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2013-12-29  14:15:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-29 22:15
.
Pre-Run: 414,089,199,616 bytes free
Post-Run: 413,563,330,560 bytes free
.
- - End Of File - - DBBC75FF06313CBBE238226B643923DB
A36C5E4F47E84449FF07ED3517B43A31

========= End of CMD: =========


"C:\Users\Alysa\AppData\Local\Temp" directory move:

C:\Users\Alysa\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\C9934B05-57E2-4A4D-8D2C-5FDF64C26A1B.Repair.Admin.4.etl => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\FAA37CBD-2AD0-406F-A28B-5FBFAE6BD98E.Diagnose.Admin.0.etl => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\FAA37CBD-2AD0-406F-A28B-5FBFAE6BD98E.Repair.Admin.1.etl => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\FAA37CBD-2AD0-406F-A28B-5FBFAE6BD98E.Verify.Admin.2.etl => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\fixlist.txt => Moved successfully.
Could not move "C:\Users\Alysa\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Alysa\AppData\Local\Temp\JRT.txt => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\WMZuneComm.etl.004 => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\WMZuneComm.etl.005 => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\APPID_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\APPID_files.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\APPPATHS.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CHR_open_x64.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CHR_open_x86.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CLSID_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\delorphans.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\ELEVATIONPOLICY_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\EXT.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FF_open_x64.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FF_open_x86.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FWCLSID.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\FWPolicy.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\IE_open_x64.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\IE_open_x86.reg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\INTERFACE_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\JRT.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\MENUEXT.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\modules.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\modules.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\moduleservices.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\NOTIFY.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\PREAPPROVED_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\PRODUCTS.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\REGhcr.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\REGhkcu_and_hklm_allow.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\REGhkcu_software_appdatalow.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\REGhklm_software_classes.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\REGISTRYUSERSID.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\S1518COMPONENTS.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\SETTINGS_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\STATS_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\TRACING.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\TYPELIB_clsid.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\UNINSTALL.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\UpgradeCodes.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\WOW6432NODE.dat => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\erunt\ERDNT.E_E => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\erunt\ERUNT.LOC => Moved successfully.
C:\Users\Alysa\AppData\Local\Temp\jrt\erunt\README.TXT => Moved successfully.
Could not move "C:\Users\Alysa\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-02 18:01:43)<=

"C:\Users\Alysa\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
"C:\Users\Alysa\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====

 

I've had to install a new wireless router yesterday since ours died and and it seems that between the fixes you told me to do and the new wireless router, things seem to be running A LOT smoother on my computer.  I am not getting new windows randomly popping up anymore (yay!).  Actually, the internet seems to running faster too!  Is there anything else I should do to help keep my computer happy?

 

Sincerely,

Alysa



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 02 January 2014 - 10:19 PM

Hello Alysa,

 

 

I am glad to hear there is an improvement. :)

I went through the logs and I saw that adwcleaner missed the following folder so please go ahead and delete it manually (if still there)

 

c:\program files (x86)\WebexpEnhancedV1 <= this folder

 

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.

 

 

 

STEP 4

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 5

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 03 January 2014 - 01:46 AM

Phew!  Got it all done!  I'm sorry that it took some time to get all the scans done.  But here are the links to all of the log reports:

 

http://pastebin.com/Nzw1ac1g -> RogueKiller

http://pastebin.com/e4ci1ash -> TDSSKiller (first log)

http://pastebin.com/iFruSyGA -> TDSSKiller (second log)...not sure if it's the same report as the first, but I wanted you to have a copy of it just in case.

http://pastebin.com/j0g3ehVm -> Malewarebytes'

http://pastebin.com/7RSpr7Qs -> HitmanPro

 

 

And lastly, below is the log report from Security Check:

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 7  
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 11.9.900.170  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

I can only imagine how much time it takes you to sift through this stuff, and I want to re-iterate how appreciative I am to have your help.  Thank you!

 

Sincerely,

Alysa
 



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 03 January 2014 - 06:01 AM

Hello Alysa, :)

 

We are almost done here.

 

 

STEP 1

 

 

The following key is pretty tricky so we will use HitmanPro to deal with him (instead of using more complex steps like regdelnull or regkeyfixer etc).

 

1. Please rerun HitManPro and then click on the Settings button.

 

2. Go to the License tab and click on the Activate free license button to begin the free 30 days trial.

 

3. Make a new scan and from the drop-down menu change to delete for the following entry: (you can leave hitmanpro to delete the cookies as well).

 

HKU\S-1-5-21-3217471567-2868924228-119885190-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}

 

4. Next post the log in your next reply.

 

 

 

STEP 2

 

 

UPDATING TASKS

 

 

Upgrading Java:


javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

  • Download the latest version of Java SE 7.
  • Click the Java™ 7 Update 45 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:

    Java 7 Update 7  
    Java 7 Update 21
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u45-windows-i586.exe and select "Run as an Administrator.")

 

 

Or you can simple uninstall JAVA and try avoid installing Java unless absolutely required by your applications: (it's your call)...
 
http://www.techsupportforum.com/5494-java-time-to-wake-up-and-smell-the-coffee/
 
 
Next please run JavaRa.

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and from the drop-down menu select any Java version (if listed) and press Run Uninstaller. (If Java is not listed please click on Next).
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.  
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

I'll give you my final recommendations in the next post. :)

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 04 January 2014 - 02:28 AM

I apologize for the delay.  With my children out of school (they go back on Monday - YAY! :bananas: ), life gets a little hectic around here.  However, here are the requested logs from HitManPro and JavaRA:

 

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : ALYSA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Alysa-PC\Alysa
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)

   Scan date . . . . . . : 2014-01-03 19:53:09
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 7s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 19

   Objects scanned . . . : 1,448,867
   Files scanned . . . . : 46,190
   Remnants scanned  . . : 442,757 files / 959,920 keys

Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-3217471567-2868924228-119885190-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:adfarm.mediaplex.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:ads.pointroll.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:ads.pubmatic.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:ads.yahoo.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:advertising.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:burstnet.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:casalemedia.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:chitika.net
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:doubleclick.net
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:fastclick.net
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:interclick.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:network.realmedia.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:questionmarket.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:realmedia.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:serving-sys.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:smartadserver.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:tribalfusion.com
   C:\Users\Alysa\AppData\Roaming\Mozilla\Firefox\Profiles\pb2nv0do.default-1378188013787\cookies.sqlite:zedo.com
 

 

 

Exception encountered in module [JavaRa]
Message: Could not find a part of the path 'C:\Users\Alysa\Desktop\localizations'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindPaths(FileOrDirectory FileOrDirectory, String directory, String wildCard)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindFilesOrDirectories(FileOrDirectory FileOrDirectory, String directory, SearchOption searchType, String[] wildcards, Collection`1 Results)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindFilesOrDirectories(FileOrDirectory FileOrDirectory, String directory, SearchOption searchType, String[] wildcards)
   at Microsoft.VisualBasic.MyServices.FileSystemProxy.GetFiles(String directory)
   at JavaRa.UI.Form1_Load(Object sender, EventArgs e)

Exception encountered in module [JavaRa]
Message: Could not find a part of the path 'C:\Users\Alysa\Desktop\localizations'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindPaths(FileOrDirectory FileOrDirectory, String directory, String wildCard)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindFilesOrDirectories(FileOrDirectory FileOrDirectory, String directory, SearchOption searchType, String[] wildcards, Collection`1 Results)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindFilesOrDirectories(FileOrDirectory FileOrDirectory, String directory, SearchOption searchType, String[] wildcards)
   at Microsoft.VisualBasic.MyServices.FileSystemProxy.GetFiles(String directory)
   at JavaRa.UI.Form1_Load(Object sender, EventArgs e)

== Cleaning JRE temporary files ==
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1aee39c7
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1aee39c7.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-719ba2d5
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-719ba2d5.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7a30f079-7ebde423
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7a30f079-7ebde423.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\49bb782e-47c5fc7a
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\49bb782e-47c5fc7a.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\666e65ed-391adba6
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\666e65ed-391adba6.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3ff0f9a6-4e07dd71
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\3ff0f9a6-4e07dd71.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ac1fa64-14ab591b
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4ac1fa64-14ab591b.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\14142b43-3b99a00b
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\14142b43-3b99a00b.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3a74a4da-10d3c39d
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3a74a4da-10d3c39d.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41c97319-795ddea8
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41c97319-795ddea8.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22e17456-3511aaa6
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22e17456-3511aaa6.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\727a7042-2f04c593
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\727a7042-2f04c593.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3ca5ef13-77003b38
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3ca5ef13-77003b38.idx
 
== Cleaning JRE temporary files ==
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1aee39c7
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1aee39c7.idx
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-719ba2d5
Deleted file: C:\Users\Alysa\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-719ba2d5.idx

 

Sincerely,

Alysa
 
 



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:12 PM

Posted 04 January 2014 - 08:36 AM

Hello,

 

 

I understand. My vacation ends on Monday and I should to back to work. :)

 

 

The logs are CLEAN! Congratulations. :bananas:

 

 

 

Nicely done ! This is the end of our journey if you don't have any more questions.
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

 

STEP 1 - CLEANUP


To remove all of the tools we used and the files and folders they created, please do the following:

 

 

Download the following file => txt.gif  fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
It's no needed to post the log this time.

 

 

Please download OTC.exe by OldTimer and save it to your desktop.
 

  • Right-click the OTC.exe and choose Run as Administrator.
  • Click on CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

 

  • Next please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the run button.
  • The tool will delete itself once it finishes.

 

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. :)



STEP 2 SECURITY ADVICES



Change all your passwords !


Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).
Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use PC Tools Password Generator to create random passwords and then install an application like KeePass Password Safe to store them for easy access.If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft



Keep your antivirus software turned on and up-to-date

 

  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • You should scan your computer with an AntiSpyware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
  • Be sure to check for and download any definition updates prior to performing a scan.

 

 

Install HIPS based software if needed (or use Limited Account with UAC enabled)


HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO, PrivateFirewall, Online Armor etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users. (so if you don't feel comfortable using such software then you can skip this advice)
However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application. It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency so please refrain doing so.
 
If you like Comodo you should choose for yourself which version of Comodo you will use 5 or 6. Personally I stick to version 5 at least for now.
COMODO V5 & V6 Users Count Poll

 

 

 

Be prepared for CryptoLocker:

 

 

CryptoLocker Ransomware Information Guide and FAQ

Cryptolocker Ransomware: What You Need To Know

 

Since the prevention is better than cure you can use gpedit built-in Windows or CryptoPrevent (described in the first link) to secure the PC against this locker.

Another way is to use Comodo Firewall and to add all local disks to Protected Files and Folders

Panda Antivirus Cloud added a new feature called data shield which should work as well (don't install it if already have another antivirus solution on board).

You may want to check HitmanPro.Alert.CryptoGuard and add install it to be safe when surfing the net.

 

 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:
 

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • .exe, .com, .bat, .pif, .scr or .cmd do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you.  We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

 

 

Tweak your browsers
 
 
MOZILLA FIREFOX


To prevent further infections be sure to install the following add-ons NoScript and AdBlock Plus

 

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

 

Adblock Plus can be found here.

 

NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

 

NoScript can be found here
 

 

Google Chrome

 
If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access

 

 

For Internet Explorer 9/10 read the articles below:
 

Security and privacy features in Internet Explorer 9

Enhanced Protected Mode
Use Tracking Protection in Internet Explorer

Security in Internet Explorer 10

 

Immunize your browsers with SpywareBlaster 5 and Spybot Search and Destroy 1.6

Also MBAM acquired the following software Malwarebytes Anti-Exploit and it should work with the most popular browsers. Beware the product is in beta stage.

Changelog can be seen here and known issues here.

 

EMET is another great tool which should lock the pc against exploits (but can cause some programs to stop working when the protection is enabled so I would stick to Malwarebytes Anti-Exploit).
 

 

 

Disable the dangerous services you don't need and don't use like Remote Registy, Server (this will disable file sharing), RemoteAccess etc. (if you don't feel comfortable to change the services configuration then please skip this step). It's a good idea to disable the autorun functionality using the following tool to prevent spreading of the infections from USB flash drives.


 
Make the extensions for known file types visible:
 
 
Be wary of files with a double extension such as jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.

 

 

 

Create an image of your system (you can use the built-in Windows software as well if you prefere)

 

  • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorial on how to create an system image can be found here.
  • The tutorial on how to restore an system image can be found here.
  • Be sure to read the tutorial first.

 

 

Optimize Windows 7 for better performance

Check this article for more information.

 

 

Follow this list and your potential for being infected again will reduce dramatically.

Safe Surfing! :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 January 2014 - 08:37 AM.

cXfZ4wS.png


#15 givemekiss

givemekiss
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington State
  • Local time:02:12 AM

Posted 04 January 2014 - 09:35 PM

Georgi,

 

THANK YOU,  THANK YOU, THANK YOU!!! You Have been an amazing support for me, and I really appreciate the fact that you took time during your vacation to help me.  Now that my computer is clean, I am going to create another back-up disk...just in case I mess things up.  This whole process has made me realize just how hard this type of job can be, and I have a new appreciation for individuals like yourself who take the time out of their own lives to help someone like me...who lives on the other side of the planet no less!  I hope that if I need any help in the future, that you are still around to guide me through the world of computer-ology.

 

Now on to downloading the rest of your recommendations and hopefully be able to maintain my computer better. 

 

Thanks again!!

 

Sincerely,
Alysa






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users