Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove Better-search.net virus?


  • This topic is locked This topic is locked
9 replies to this topic

#1 qntsml

qntsml

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 15 March 2014 - 02:57 PM

Hi,

 

I accidentally tried to install software that I mistakenly considered reliable. I ended up getting the better-search.net virus on my computer, and I've uninstalled all programs installed on that day, attempted to remove it by doing a full scan with Malwarebytes and removing everything it found, and resetting all of Firefox.

 

However, I know that some remnant of it is still there because *sometimes*, if I, for example, try to get to youtube.com, I'll get redirected to the same search.net website. This is the only problem I've been having though.

 

Could I please get some advice on how to completely rid my computer of this problem? Thank you for any help!



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 15 March 2014 - 03:09 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 qntsml

qntsml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 15 March 2014 - 05:33 PM

Hi, here are the results of the FRST scan:

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Connie at 2014-03-15 18:30:17
Running from C:\Users\Connie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DataStudio (HKLM-x32\...\InstallShield_{C1C47F92-0C96-408D-8E18-323F745E8A08}) (Version: 1.9.8.10 - PASCO scientific)
DataStudio (x32 Version: 1.9.8.10 - PASCO scientific) Hidden
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Network Connections 16.8.45.00 (Version: 16.8.45.00 - Dell) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mathematica Extras 9.0 (3824406) (HKLM\...\A-WIN-Extras 9.0.0 3824406_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Pasco USB Driver (HKLM-x32\...\PascoUSBDriver) (Version:  - )
PascoCommonFiles (HKLM-x32\...\PascoCommonFiles) (Version: 1.1.13 - )
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
Python 2.7.5 (HKLM-x32\...\{DBDD570E-0952-475F-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
Sassafras K2 Client (HKLM-x32\...\{E23D1D2C-1762-11D5-A8D2-00C04FA35723}) (Version: 7.0 - Sassafras Software Inc.)
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
Symantec Endpoint Protection (HKLM\...\{4ADBF5BE-7CAF-4193-A1F9-DE6820E68569}) (Version: 12.1.1101.401 - Symantec Corporation)
TeXstudio 2.6.6 (HKLM-x32\...\TeXstudio_is1) (Version: 2.6.6 - Benito van der Zander)
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
VPython 6.05 (HKLM-x32\...\VPython for Python 2.7_is1) (Version:  - )
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation)
Windows Driver Package - PASCO Scientific (WinUSB) Pasco Interface  (08/14/2008 1.0.0.0) (HKLM\...\AD4AD0F184940E4712E96652A58ADDC47894E622) (Version: 08/14/2008 1.0.0.0 - PASCO Scientific)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wolfram Mathematica 9 (M-WIN-L 9.0.0 3868239) (HKLM\...\M-WIN-L 9.0.0 3868239_is1) (Version: 9.0.0 - Wolfram Research, Inc.)

==================== Restore Points  =========================

08-03-2014 06:18:00 Removed FocalFilter.
08-03-2014 06:29:22 Installed FocalFilter.
08-03-2014 06:54:25 Removed FocalFilter.
12-03-2014 07:00:13 Windows Update
15-03-2014 19:59:25 Removed Apple Application Support
15-03-2014 20:00:00 Removed Apple Software Update
15-03-2014 20:00:20 Removed QuickTime 7

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-03-08 02:35 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3750A59A-5251-4262-97FB-C4371BFC16E5} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {75F88460-C5EC-4764-94E9-D3467FF7A98F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-15] (Microsoft Corporation)
Task: {A664662B-641E-4C29-8B64-42F4333C4516} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {AB686E3B-E264-4205-B6F6-2F6460E24099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {B7048A62-F7C3-4CA0-BC84-D8AEC409574C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {DC8CED9B-8259-4CAA-A171-80B9F6D6598C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
Task: {E859FAA1-516F-47DF-86E8-3E120B6F55D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
Task: {EC051952-B8E8-43DD-B805-D6B26114AC24} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-11-15] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2013-03-11 11:05 - 2013-03-11 11:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2013-03-11 11:04 - 2013-03-11 11:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-05-11 10:47 - 2012-05-11 10:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_ENU.dll
2013-09-10 10:46 - 2013-10-31 10:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-09-10 10:46 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-09-10 10:46 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-01-17 05:18 - 2014-01-17 05:18 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-12 00:17 - 2012-02-01 14:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-09 11:35 - 2011-05-09 11:35 - 01035264 _____ () C:\Program Files (x86)\Pasco scientific\DataStudio\Plugins\DSCommonRes.dll
2011-05-09 11:35 - 2011-05-09 11:35 - 06651392 _____ () C:\Program Files (x86)\Pasco scientific\DataStudio\EZScreens\EZCommonRes.dll
2011-05-09 11:35 - 2011-05-09 11:35 - 00823808 _____ () C:\Program Files (x86)\Pasco scientific\DataStudio\PascoCommonRes.dll
2014-02-13 11:38 - 2014-02-13 11:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2f069b57965f456c3c25fb82419a363d\IsdiInterop.ni.dll
2013-08-11 22:43 - 2012-05-30 14:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-08-11 22:41 - 2013-01-14 16:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-15 09:54 - 2014-02-15 09:54 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-17 05:18 - 2014-01-17 05:18 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-03-11 17:23 - 2014-03-11 17:23 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2014 04:00:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x52d49206
Exception code: 0xc0000005
Fault offset: 0x627dcd89
Faulting process id: 0x2320
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (03/15/2014 03:19:20 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (03/15/2014 02:27:34 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/15/2014 01:33:03 PM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 15.0.4551.1505 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 22f4

Start Time: 01cf40747c25ec81

Termination Time: 15

Application Path: C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE

Report Id: d0c7b568-ac67-11e3-97e0-b00594eff88e

Error: (03/15/2014 01:08:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 10.2.1.2, time stamp: 0x4f235ac4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfea4858d
Faulting process id: 0x9c8
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3

Error: (03/14/2014 10:26:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 08:53:33 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/14/2014 01:50:58 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (03/14/2014 00:32:42 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/13/2014 02:14:35 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: c:\users\connie\downloads\networkwizardloader(2).exe by: Auto-Protect scan.  Action: Delete succeeded .  Action Description: Reboot Processing


System errors:
=============
Error: (03/15/2014 01:09:47 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/14/2014 10:27:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KeyAccess service.

Error: (03/14/2014 10:26:43 PM) (Source: Service Control Manager) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/14/2014 10:26:43 PM) (Source: Service Control Manager) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/13/2014 02:37:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KeyAccess service.

Error: (03/13/2014 02:14:09 PM) (Source: Service Control Manager) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/13/2014 02:14:09 PM) (Source: Service Control Manager) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/13/2014 02:12:41 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (03/13/2014 02:12:37 PM) (Source: DCOM) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (03/13/2014 02:12:34 PM) (Source: DCOM) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}


Microsoft Office Sessions:
=========================
Error: (03/15/2014 04:00:50 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.7601.175144ce792c4QuickTime.qts_unloaded0.0.0.052d49206c0000005627dcd89232001cf40894219b9b5C:\Windows\syswow64\MsiExec.exeQuickTime.qts8128f196-ac7c-11e3-97e0-b00594eff88e

Error: (03/15/2014 03:19:20 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (03/15/2014 02:27:34 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (03/15/2014 01:33:03 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE15.0.4551.150522f401cf40747c25ec8115C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXEd0c7b568-ac67-11e3-97e0-b00594eff88e

Error: (03/15/2014 01:08:54 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe10.2.1.24f235ac4unknown0.0.0.000000000c0000005fea4858d9c801cf3ff602c32f8fC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exeunknown7c8fca4a-ac64-11e3-97e0-b00594eff88e

Error: (03/14/2014 10:26:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 08:53:33 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (03/14/2014 01:50:58 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108

Error: (03/14/2014 00:32:42 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (03/13/2014 02:14:35 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: c:\users\connie\downloads\networkwizardloader(2).exe by: Auto-Protect scan.  Action: Delete succeeded .  Action Description: Reboot Processing


CodeIntegrity Errors:
===================================
  Date: 2014-03-15 14:36:03.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 13:57:09.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 12:32:51.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 12:24:15.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-15 11:26:48.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 23:18:12.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 22:26:41.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 22:09:34.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 18:09:29.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-14 16:45:22.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 8078.34 MB
Available physical RAM: 4860.33 MB
Total Pagefile: 16154.87 MB
Available Pagefile: 12829.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:393.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 3568DADB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Connie (administrator) on CONNIE-PC on 15-03-2014 18:29:53
Running from C:\Users\Connie\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Sassafras Software Inc.) C:\Windows\keyacc32.exe
(O2Micro International) C:\Windows\system32\o2flash.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Sassafras Software Inc.) C:\Windows\kass.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(PASCO Scientific) C:\Program Files (x86)\Pasco scientific\DataStudio\PASPortal.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel® Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [KeyAccess] - C:\Windows\kass.exe [125120 2012-05-23] (Sassafras Software Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
AppInit_DLLs: KATRK64.DLL => C:\Windows\KATRK64.DLL [24256 2012-05-23] (Sassafras Software Inc.)
AppInit_DLLs-x32: KATRACK.DLL => C:\Windows\KATRACK.DLL [18624 2012-05-23] (Sassafras Software Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - DefaultScope {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP877D74DB-470F-4AFD-8134-4211EEF24A84&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 129.170.17.4

FireFox:
========
FF ProfilePath: C:\Users\Connie\AppData\Roaming\Mozilla\Firefox\Profiles\ir6a0jws.default-1394813779468
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF [2013-10-23]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP877D74DB-470F-4AFD-8134-4211EEF24A84&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-10]
CHR Extension: (Google Drive) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-10]
CHR Extension: (YouTube) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-10]
CHR Extension: (Google Search) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-10]
CHR Extension: (Google Wallet) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-10]

==================== Services (Whitelisted) =================

R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 KeyAccess; C:\Windows\keyacc32.exe [1403072 2012-05-23] (Sassafras Software Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-06-14] (Pharos Systems International)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-01-28] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-19] (Symantec Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-11] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140304.011\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140314.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140314.016\ENG64.SYS [126040 2014-03-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140314.016\EX64.SYS [2099288 2014-03-11] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-03-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-03-07] (Symantec Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [29664 2012-04-19] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2011-11-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-02-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-10-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2011-11-15] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-03-18] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [119816 2013-10-23] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2011-08-16] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 18:29 - 2014-03-15 18:30 - 00020728 _____ () C:\Users\Connie\Downloads\FRST.txt
2014-03-15 18:28 - 2014-03-15 18:29 - 00000000 ____D () C:\FRST
2014-03-15 18:28 - 2014-03-15 18:28 - 02157056 _____ (Farbar) C:\Users\Connie\Downloads\FRST64.exe
2014-03-14 22:20 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Malwarebytes
2014-03-14 22:19 - 2014-03-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 22:19 - 2014-03-14 22:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Connie\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 22:19 - 2014-03-14 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 22:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-14 17:26 - 2014-03-14 17:26 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-12 19:45 - 2014-03-15 18:27 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-03-12 01:02 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 01:02 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 01:02 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 01:02 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 01:02 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 01:02 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 01:02 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 01:02 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 01:02 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 01:02 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 01:02 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 01:02 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 01:02 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 01:02 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 01:02 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 01:02 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 01:02 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 01:02 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 01:02 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 01:02 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 01:02 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 01:02 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 01:02 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 01:02 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 01:02 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 01:02 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 01:02 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 01:02 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 01:02 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 01:02 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 01:02 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 01:02 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 01:02 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 01:02 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 01:02 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 01:02 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 01:02 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 01:02 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 01:02 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 01:02 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 01:02 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 01:02 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 01:02 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 01:02 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 01:02 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 01:02 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 01:02 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 01:02 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-08 02:29 - 2014-03-08 02:29 - 02152608 _____ (FocalFilter) C:\Users\Connie\Downloads\FocalFilter_Setup_November2012.exe
2014-03-08 02:18 - 2014-03-08 02:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-05 23:11 - 2014-03-05 23:11 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple Computer
2014-03-05 23:04 - 2014-03-06 01:56 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Apple Computer
2014-03-05 23:03 - 2014-03-15 16:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-05 23:02 - 2014-03-05 23:02 - 41945432 _____ (Apple Inc.) C:\Users\Connie\Downloads\QuickTimeInstaller.exe
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\ProgramData\Apple
2014-03-05 23:01 - 2014-03-05 23:01 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c(1).qtl
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\IsolatedStorage
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Local\_
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-03-05 22:52 - 2014-03-05 22:52 - 00930952 _____ (CNET Download.com) C:\Users\Connie\Downloads\cbsidlm-cbsi183-FileViewPro-SEO-75872556.exe
2014-03-05 22:50 - 2014-03-05 22:50 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (2).qtl
2014-03-05 22:49 - 2014-03-05 22:49 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (1).qtl
2014-03-05 22:44 - 2014-03-05 22:44 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c.qtl
2014-03-05 12:26 - 2014-03-14 00:34 - 00000000 ____D () C:\Users\Connie\Desktop\LabReport5
2014-03-03 20:19 - 2014-03-03 20:21 - 00000000 ____D () C:\Users\Connie\AppData\Local\Mathematica
2014-03-03 20:19 - 2014-03-03 20:19 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Mathematica
2014-03-03 20:18 - 2014-03-03 20:19 - 00000000 ____D () C:\ProgramData\Mathematica
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Extras
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-03-03 20:15 - 2012-11-19 21:40 - 00368504 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i3.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00360312 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcpip32.mlp
2014-03-03 20:15 - 2012-11-19 21:40 - 00258424 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i2.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00252280 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i1.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00172920 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmodule32.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00095096 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcp32.mlp
2014-03-03 20:15 - 2012-11-19 21:40 - 00087928 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlshm32.mlp
2014-03-03 20:15 - 2012-11-19 21:40 - 00077688 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmap32.mlp
2014-03-03 20:15 - 2012-11-19 21:37 - 00436088 _____ (Wolfram Research, Inc.) C:\Windows\system32\ml64i3.dll
2014-03-03 20:15 - 2012-11-19 21:37 - 00425848 _____ (Wolfram Research, Inc.) C:\Windows\system32\mltcpip64.mlp
2014-03-03 20:15 - 2012-11-19 21:37 - 00302968 _____ (Wolfram Research, Inc.) C:\Windows\system32\ml64i2.dll
2014-03-03 20:15 - 2012-11-19 21:37 - 00180600 _____ (Wolfram Research, Inc.) C:\Windows\system32\mlmodule64.dll
2014-03-03 20:15 - 2012-11-19 21:37 - 00103800 _____ (Wolfram Research, Inc.) C:\Windows\system32\mltcp64.mlp
2014-03-03 20:15 - 2012-11-19 21:37 - 00099192 _____ (Wolfram Research, Inc.) C:\Windows\system32\mlshm64.mlp
2014-03-03 20:14 - 2014-03-03 20:14 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-03-03 20:07 - 2014-03-03 20:13 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN(1).exe
2014-03-03 19:56 - 2014-03-03 19:56 - 00002220 _____ () C:\Users\Connie\Desktop\Google Chrome.lnk
2014-03-03 19:55 - 2014-03-03 19:55 - 00001161 _____ () C:\Users\Connie\Desktop\Mozilla Firefox.lnk
2014-03-03 19:09 - 2014-03-03 19:15 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN.exe
2014-03-03 19:09 - 2014-03-03 19:09 - 00001039 _____ () C:\Users\Connie\Desktop\TeXstudio.lnk
2014-02-22 17:29 - 2014-02-22 17:29 - 01128528 _____ () C:\Windows\Minidump\022214-22245-01.dmp
2014-02-17 17:47 - 2014-02-17 17:47 - 00000000 ____D () C:\subfig
2014-02-16 20:27 - 2014-02-16 20:27 - 00003134 _____ () C:\Users\Connie\Downloads\Error_Analysis.m
2014-02-15 09:54 - 2014-02-15 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 04:02 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 04:02 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

==================== One Month Modified Files and Folders =======

2014-03-15 18:30 - 2014-03-15 18:29 - 00020728 _____ () C:\Users\Connie\Downloads\FRST.txt
2014-03-15 18:29 - 2014-03-15 18:28 - 00000000 ____D () C:\FRST
2014-03-15 18:28 - 2014-03-15 18:28 - 02157056 _____ (Farbar) C:\Users\Connie\Downloads\FRST64.exe
2014-03-15 18:27 - 2014-03-12 19:45 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-03-15 18:23 - 2013-08-11 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 18:14 - 2013-09-10 04:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 17:53 - 2013-09-23 13:17 - 00000000 ____D () C:\Users\Connie\Documents\Dartmouth College
2014-03-15 17:52 - 2013-08-11 22:36 - 01442526 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 16:00 - 2014-03-05 23:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-15 15:16 - 2013-09-10 04:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 13:12 - 2014-02-05 17:12 - 00000548 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-03-14 22:34 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 22:34 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 22:32 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 22:26 - 2012-05-23 09:00 - 00001705 _____ () C:\Windows\keyacc.ini
2014-03-14 22:26 - 2010-11-20 23:47 - 00200454 _____ () C:\Windows\PFRO.log
2014-03-14 22:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 22:26 - 2009-07-14 00:51 - 00040464 _____ () C:\Windows\setupact.log
2014-03-14 22:20 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Malwarebytes
2014-03-14 22:20 - 2014-03-14 22:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 22:19 - 2014-03-14 22:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Connie\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 22:19 - 2014-03-14 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 17:26 - 2014-03-14 17:26 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-14 17:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-14 00:34 - 2014-03-05 12:26 - 00000000 ____D () C:\Users\Connie\Desktop\LabReport5
2014-03-13 14:14 - 2009-07-14 00:45 - 00457168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:22 - 2013-09-16 17:54 - 00000298 _____ () C:\Users\Connie\Desktop\Assignments.txt
2014-03-11 17:23 - 2013-08-11 22:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 17:23 - 2013-08-11 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 17:23 - 2013-08-11 22:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 04:19 - 2014-02-05 17:15 - 00000000 ____D () C:\Users\Connie\Documents\MATLAB
2014-03-08 02:54 - 2013-09-10 10:42 - 00000000 ____D () C:\Users\Connie
2014-03-08 02:29 - 2014-03-08 02:29 - 02152608 _____ (FocalFilter) C:\Users\Connie\Downloads\FocalFilter_Setup_November2012.exe
2014-03-08 02:18 - 2014-03-08 02:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-06 13:10 - 2013-12-02 02:17 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\CodeBlocks
2014-03-06 01:57 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-06 01:56 - 2014-03-05 23:04 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Apple Computer
2014-03-06 00:00 - 2014-01-03 01:04 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-03-05 23:11 - 2014-03-05 23:11 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple Computer
2014-03-05 23:02 - 2014-03-05 23:02 - 41945432 _____ (Apple Inc.) C:\Users\Connie\Downloads\QuickTimeInstaller.exe
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\ProgramData\Apple
2014-03-05 23:01 - 2014-03-05 23:01 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c(1).qtl
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\IsolatedStorage
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Local\_
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-03-05 22:52 - 2014-03-05 22:52 - 00930952 _____ (CNET Download.com) C:\Users\Connie\Downloads\cbsidlm-cbsi183-FileViewPro-SEO-75872556.exe
2014-03-05 22:50 - 2014-03-05 22:50 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (2).qtl
2014-03-05 22:49 - 2014-03-05 22:49 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (1).qtl
2014-03-05 22:44 - 2014-03-05 22:44 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c.qtl
2014-03-03 20:21 - 2014-03-03 20:19 - 00000000 ____D () C:\Users\Connie\AppData\Local\Mathematica
2014-03-03 20:19 - 2014-03-03 20:19 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Mathematica
2014-03-03 20:19 - 2014-03-03 20:18 - 00000000 ____D () C:\ProgramData\Mathematica
2014-03-03 20:19 - 2013-09-10 10:43 - 00118480 _____ () C:\Users\Connie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Extras
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-03-03 20:14 - 2014-03-03 20:14 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-03-03 20:13 - 2014-03-03 20:07 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN(1).exe
2014-03-03 19:56 - 2014-03-03 19:56 - 00002220 _____ () C:\Users\Connie\Desktop\Google Chrome.lnk
2014-03-03 19:55 - 2014-03-03 19:55 - 00001161 _____ () C:\Users\Connie\Desktop\Mozilla Firefox.lnk
2014-03-03 19:15 - 2014-03-03 19:09 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN.exe
2014-03-03 19:09 - 2014-03-03 19:09 - 00001039 _____ () C:\Users\Connie\Desktop\TeXstudio.lnk
2014-03-01 04:01 - 2011-02-10 10:33 - 00774404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 02:05 - 2014-03-12 01:02 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-12 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-12 01:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-12 01:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-12 01:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-12 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-12 01:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-12 01:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-12 01:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-12 01:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-12 01:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-12 01:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-12 01:02 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-12 01:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-12 01:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-12 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-12 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-12 01:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-12 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-12 01:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-12 01:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-12 01:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-12 01:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-12 01:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-12 01:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-12 01:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-12 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-12 01:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-12 01:02 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-12 01:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-12 01:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-12 01:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-12 01:02 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-12 01:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-12 01:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-12 01:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-12 01:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-12 01:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-12 01:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-12 01:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-22 17:29 - 2014-02-22 17:29 - 01128528 _____ () C:\Windows\Minidump\022214-22245-01.dmp
2014-02-22 17:29 - 2013-09-20 12:46 - 927212293 _____ () C:\Windows\MEMORY.DMP
2014-02-22 17:29 - 2013-09-20 12:46 - 00000000 ____D () C:\Windows\Minidump
2014-02-21 16:47 - 2013-09-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 03:49 - 2013-11-27 15:34 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\texstudio
2014-02-18 04:01 - 2013-10-23 15:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-18 04:00 - 2013-10-23 15:37 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 17:47 - 2014-02-17 17:47 - 00000000 ____D () C:\subfig
2014-02-16 20:27 - 2014-02-16 20:27 - 00003134 _____ () C:\Users\Connie\Downloads\Error_Analysis.m
2014-02-15 09:54 - 2014-02-15 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 15:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Connie\AppData\Local\Temp\AskSLib.dll
C:\Users\Connie\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Connie\AppData\Local\Temp\Gw2.exe
C:\Users\Connie\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Connie\AppData\Local\Temp\riftuninstall.exe
C:\Users\Connie\AppData\Local\Temp\setup32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-13 17:36

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 17 March 2014 - 11:20 AM

Do the redirects happen in all browsers or just in one of them?


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 qntsml

qntsml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 18 March 2014 - 10:29 PM

Here is the ADWcleaner log:

 

# AdwCleaner v3.022 - Report created 17/03/2014 at 14:37:47
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Connie - CONNIE-PC
# Running from : C:\Users\Connie\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Connie\AppData\Roaming\Mozilla\Firefox\Profiles\ir6a0jws.default-1394813779468\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [1053 octets] - [17/03/2014 12:53:34]
AdwCleaner[S0].txt - [944 octets] - [17/03/2014 14:37:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1003 octets] ##########
 



#6 qntsml

qntsml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 18 March 2014 - 10:31 PM

Here is my new log from the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Connie (administrator) on CONNIE-PC on 18-03-2014 23:30:44
Running from C:\Users\Connie\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Sassafras Software Inc.) C:\Windows\keyacc32.exe
(O2Micro International) C:\Windows\system32\o2flash.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(PASCO Scientific) C:\Program Files (x86)\Pasco scientific\DataStudio\PASPortal.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Sassafras Software Inc.) C:\Windows\kass.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel® Corporation)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [KeyAccess] - C:\Windows\kass.exe [125120 2012-05-23] (Sassafras Software Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll [X]
AppInit_DLLs: KATRK64.DLL => C:\Windows\KATRK64.DLL [24256 2012-05-23] (Sassafras Software Inc.)
AppInit_DLLs-x32: KATRACK.DLL => C:\Windows\KATRACK.DLL [18624 2012-05-23] (Sassafras Software Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - DefaultScope {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDRJS
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP877D74DB-470F-4AFD-8134-4211EEF24A84&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {5FC36FC1-670E-4AE4-90A1-DED017EE239C} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 129.170.17.4

FireFox:
========
FF ProfilePath: C:\Users\Connie\AppData\Roaming\Mozilla\Firefox\Profiles\ir6a0jws.default-1394813779468
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3824406\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF [2013-10-23]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-10]
CHR Extension: (Google Drive) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-10]
CHR Extension: (YouTube) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-10]
CHR Extension: (Google Search) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-10]
CHR Extension: (Google Wallet) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-10]

==================== Services (Whitelisted) =================

R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 KeyAccess; C:\Windows\keyacc32.exe [1403072 2012-05-23] (Sassafras Software Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-06-14] (Pharos Systems International)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [137208 2012-01-28] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe [2601544 2012-04-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe [325040 2012-04-19] (Symantec Corporation)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2013-08-11] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140304.011\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140317.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140318.001\ENG64.SYS [126040 2014-03-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140318.001\EX64.SYS [2099288 2014-03-11] (Symantec Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS [678008 2012-03-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS [39032 2012-03-07] (Symantec Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys [29664 2012-04-19] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [451192 2011-11-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [932472 2012-02-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2013-10-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [171128 2011-11-15] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [386168 2012-03-18] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [119816 2013-10-23] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62672 2011-08-16] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 16:05 - 2014-03-18 16:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 00:56 - 2014-03-18 00:56 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-17 12:53 - 2014-03-17 14:37 - 00000000 ____D () C:\AdwCleaner
2014-03-17 12:53 - 2014-03-17 12:53 - 01950720 _____ () C:\Users\Connie\Downloads\AdwCleaner.exe
2014-03-16 01:13 - 2014-03-16 01:13 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 01:12 - 2014-03-16 01:12 - 01037734 _____ (Thisisu) C:\Users\Connie\Downloads\JRT.exe
2014-03-15 18:30 - 2014-03-15 18:30 - 00026229 _____ () C:\Users\Connie\Downloads\Addition.txt
2014-03-15 18:29 - 2014-03-18 23:30 - 00020795 _____ () C:\Users\Connie\Downloads\FRST.txt
2014-03-15 18:28 - 2014-03-18 23:30 - 00000000 ____D () C:\FRST
2014-03-15 18:28 - 2014-03-15 18:28 - 02157056 _____ (Farbar) C:\Users\Connie\Downloads\FRST64.exe
2014-03-14 22:20 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Malwarebytes
2014-03-14 22:19 - 2014-03-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 22:19 - 2014-03-14 22:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Connie\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 22:19 - 2014-03-14 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 22:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-12 19:45 - 2014-03-18 23:23 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-03-12 01:02 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 01:02 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 01:02 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 01:02 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 01:02 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 01:02 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 01:02 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 01:02 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 01:02 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 01:02 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 01:02 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 01:02 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 01:02 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 01:02 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 01:02 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 01:02 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 01:02 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 01:02 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 01:02 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 01:02 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 01:02 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 01:02 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 01:02 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 01:02 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 01:02 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 01:02 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 01:02 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 01:02 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 01:02 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 01:02 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 01:02 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 01:02 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 01:02 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 01:02 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 01:02 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 01:02 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 01:02 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 01:02 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 01:02 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 01:02 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 01:02 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 01:02 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 01:02 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 01:02 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 01:02 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 01:02 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 01:02 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 01:02 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-08 02:29 - 2014-03-08 02:29 - 02152608 _____ (FocalFilter) C:\Users\Connie\Downloads\FocalFilter_Setup_November2012.exe
2014-03-08 02:18 - 2014-03-08 02:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-05 23:11 - 2014-03-05 23:11 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple Computer
2014-03-05 23:04 - 2014-03-06 01:56 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Apple Computer
2014-03-05 23:03 - 2014-03-15 16:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-05 23:02 - 2014-03-05 23:02 - 41945432 _____ (Apple Inc.) C:\Users\Connie\Downloads\QuickTimeInstaller.exe
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\ProgramData\Apple
2014-03-05 23:01 - 2014-03-05 23:01 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c(1).qtl
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\IsolatedStorage
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Local\_
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-03-05 22:52 - 2014-03-05 22:52 - 00930952 _____ (CNET Download.com) C:\Users\Connie\Downloads\cbsidlm-cbsi183-FileViewPro-SEO-75872556.exe
2014-03-05 22:50 - 2014-03-05 22:50 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (2).qtl
2014-03-05 22:49 - 2014-03-05 22:49 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (1).qtl
2014-03-05 22:44 - 2014-03-05 22:44 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c.qtl
2014-03-05 12:26 - 2014-03-14 00:34 - 00000000 ____D () C:\Users\Connie\Desktop\LabReport5
2014-03-03 20:19 - 2014-03-03 20:21 - 00000000 ____D () C:\Users\Connie\AppData\Local\Mathematica
2014-03-03 20:19 - 2014-03-03 20:19 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Mathematica
2014-03-03 20:18 - 2014-03-03 20:19 - 00000000 ____D () C:\ProgramData\Mathematica
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Extras
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-03-03 20:15 - 2012-11-19 21:40 - 00368504 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i3.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00360312 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcpip32.mlp
2014-03-03 20:15 - 2012-11-19 21:40 - 00258424 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i2.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00252280 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\ml32i1.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00172920 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmodule32.dll
2014-03-03 20:15 - 2012-11-19 21:40 - 00095096 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mltcp32.mlp
2014-03-03 20:15 - 2012-11-19 21:40 - 00087928 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlshm32.mlp
2014-03-03 20:15 - 2012-11-19 21:40 - 00077688 _____ (Wolfram Research, Inc.) C:\Windows\SysWOW64\mlmap32.mlp
2014-03-03 20:15 - 2012-11-19 21:37 - 00436088 _____ (Wolfram Research, Inc.) C:\Windows\system32\ml64i3.dll
2014-03-03 20:15 - 2012-11-19 21:37 - 00425848 _____ (Wolfram Research, Inc.) C:\Windows\system32\mltcpip64.mlp
2014-03-03 20:15 - 2012-11-19 21:37 - 00302968 _____ (Wolfram Research, Inc.) C:\Windows\system32\ml64i2.dll
2014-03-03 20:15 - 2012-11-19 21:37 - 00180600 _____ (Wolfram Research, Inc.) C:\Windows\system32\mlmodule64.dll
2014-03-03 20:15 - 2012-11-19 21:37 - 00103800 _____ (Wolfram Research, Inc.) C:\Windows\system32\mltcp64.mlp
2014-03-03 20:15 - 2012-11-19 21:37 - 00099192 _____ (Wolfram Research, Inc.) C:\Windows\system32\mlshm64.mlp
2014-03-03 20:14 - 2014-03-03 20:14 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-03-03 20:07 - 2014-03-03 20:13 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN(1).exe
2014-03-03 19:56 - 2014-03-03 19:56 - 00002220 _____ () C:\Users\Connie\Desktop\Google Chrome.lnk
2014-03-03 19:55 - 2014-03-03 19:55 - 00001161 _____ () C:\Users\Connie\Desktop\Mozilla Firefox.lnk
2014-03-03 19:09 - 2014-03-03 19:15 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN.exe
2014-03-03 19:09 - 2014-03-03 19:09 - 00001039 _____ () C:\Users\Connie\Desktop\TeXstudio.lnk
2014-02-22 17:29 - 2014-02-22 17:29 - 01128528 _____ () C:\Windows\Minidump\022214-22245-01.dmp
2014-02-17 17:47 - 2014-02-17 17:47 - 00000000 ____D () C:\subfig
2014-02-16 20:27 - 2014-02-16 20:27 - 00003134 _____ () C:\Users\Connie\Downloads\Error_Analysis.m

==================== One Month Modified Files and Folders =======

2014-03-18 23:30 - 2014-03-15 18:29 - 00020795 _____ () C:\Users\Connie\Downloads\FRST.txt
2014-03-18 23:30 - 2014-03-15 18:28 - 00000000 ____D () C:\FRST
2014-03-18 23:29 - 2013-09-16 17:54 - 00000398 _____ () C:\Users\Connie\Desktop\Assignments.txt
2014-03-18 23:23 - 2014-03-12 19:45 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-03-18 23:23 - 2013-08-11 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 23:22 - 2013-08-11 22:36 - 01576737 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 23:21 - 2013-09-10 04:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 16:22 - 2013-09-13 14:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-18 16:05 - 2014-03-18 16:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 15:14 - 2013-09-10 04:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 13:10 - 2014-02-05 17:12 - 00000548 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2014-03-18 06:50 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 06:50 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 03:06 - 2013-12-02 02:17 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\CodeBlocks
2014-03-18 03:00 - 2013-10-23 15:37 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 03:00 - 2013-10-23 15:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 00:56 - 2014-03-18 00:56 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-18 00:56 - 2009-07-14 00:51 - 00041024 _____ () C:\Windows\setupact.log
2014-03-17 23:25 - 2013-09-23 13:17 - 00000000 ____D () C:\Users\Connie\Documents\Dartmouth College
2014-03-17 14:45 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 14:41 - 2012-05-23 09:00 - 00001705 _____ () C:\Windows\keyacc.ini
2014-03-17 14:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 14:37 - 2014-03-17 12:53 - 00000000 ____D () C:\AdwCleaner
2014-03-17 12:53 - 2014-03-17 12:53 - 01950720 _____ () C:\Users\Connie\Downloads\AdwCleaner.exe
2014-03-16 04:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 01:13 - 2014-03-16 01:13 - 00000000 ____D () C:\Windows\ERUNT
2014-03-16 01:12 - 2014-03-16 01:12 - 01037734 _____ (Thisisu) C:\Users\Connie\Downloads\JRT.exe
2014-03-15 18:30 - 2014-03-15 18:30 - 00026229 _____ () C:\Users\Connie\Downloads\Addition.txt
2014-03-15 18:28 - 2014-03-15 18:28 - 02157056 _____ (Farbar) C:\Users\Connie\Downloads\FRST64.exe
2014-03-15 16:00 - 2014-03-05 23:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-14 22:26 - 2010-11-20 23:47 - 00200454 _____ () C:\Windows\PFRO.log
2014-03-14 22:20 - 2014-03-14 22:20 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Malwarebytes
2014-03-14 22:20 - 2014-03-14 22:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 22:19 - 2014-03-14 22:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Connie\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-14 22:19 - 2014-03-14 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 00:34 - 2014-03-05 12:26 - 00000000 ____D () C:\Users\Connie\Desktop\LabReport5
2014-03-13 14:14 - 2009-07-14 00:45 - 00457168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 17:23 - 2013-08-11 22:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 17:23 - 2013-08-11 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 17:23 - 2013-08-11 22:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 04:19 - 2014-02-05 17:15 - 00000000 ____D () C:\Users\Connie\Documents\MATLAB
2014-03-08 02:54 - 2013-09-10 10:42 - 00000000 ____D () C:\Users\Connie
2014-03-08 02:29 - 2014-03-08 02:29 - 02152608 _____ (FocalFilter) C:\Users\Connie\Downloads\FocalFilter_Setup_November2012.exe
2014-03-08 02:18 - 2014-03-08 02:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-06 01:57 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-06 01:56 - 2014-03-05 23:04 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Apple Computer
2014-03-06 00:00 - 2014-01-03 01:04 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-03-05 23:11 - 2014-03-05 23:11 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple Computer
2014-03-05 23:02 - 2014-03-05 23:02 - 41945432 _____ (Apple Inc.) C:\Users\Connie\Downloads\QuickTimeInstaller.exe
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\Users\Connie\AppData\Local\Apple
2014-03-05 23:02 - 2014-03-05 23:02 - 00000000 ____D () C:\ProgramData\Apple
2014-03-05 23:01 - 2014-03-05 23:01 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c(1).qtl
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\IsolatedStorage
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\Users\Connie\AppData\Local\_
2014-03-05 22:53 - 2014-03-05 22:53 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-03-05 22:52 - 2014-03-05 22:52 - 00930952 _____ (CNET Download.com) C:\Users\Connie\Downloads\cbsidlm-cbsi183-FileViewPro-SEO-75872556.exe
2014-03-05 22:50 - 2014-03-05 22:50 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (2).qtl
2014-03-05 22:49 - 2014-03-05 22:49 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c (1).qtl
2014-03-05 22:44 - 2014-03-05 22:44 - 00000230 _____ () C:\Users\Connie\Downloads\8c0e2d06812a6ea028df2d19a544123c.qtl
2014-03-03 20:21 - 2014-03-03 20:19 - 00000000 ____D () C:\Users\Connie\AppData\Local\Mathematica
2014-03-03 20:19 - 2014-03-03 20:19 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Mathematica
2014-03-03 20:19 - 2014-03-03 20:18 - 00000000 ____D () C:\ProgramData\Mathematica
2014-03-03 20:19 - 2013-09-10 10:43 - 00118480 _____ () C:\Users\Connie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Extras
2014-03-03 20:18 - 2014-03-03 20:18 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-03-03 20:14 - 2014-03-03 20:14 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-03-03 20:13 - 2014-03-03 20:07 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN(1).exe
2014-03-03 19:56 - 2014-03-03 19:56 - 00002220 _____ () C:\Users\Connie\Desktop\Google Chrome.lnk
2014-03-03 19:55 - 2014-03-03 19:55 - 00001161 _____ () C:\Users\Connie\Desktop\Mozilla Firefox.lnk
2014-03-03 19:15 - 2014-03-03 19:09 - 1210695064 _____ (Wolfram Research, Inc. ) C:\Users\Connie\Downloads\Mathematica_9.0.0_WIN.exe
2014-03-03 19:09 - 2014-03-03 19:09 - 00001039 _____ () C:\Users\Connie\Desktop\TeXstudio.lnk
2014-03-01 04:01 - 2011-02-10 10:33 - 00774404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 02:05 - 2014-03-12 01:02 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-12 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-12 01:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-12 01:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-12 01:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-12 01:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-12 01:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-12 01:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-12 01:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-12 01:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-12 01:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-12 01:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-12 01:02 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-12 01:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-12 01:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-12 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-12 01:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-12 01:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-12 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-12 01:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-12 01:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-12 01:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-12 01:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-12 01:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-12 01:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-12 01:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-12 01:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-12 01:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-12 01:02 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-12 01:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-12 01:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-12 01:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-12 01:02 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-12 01:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-12 01:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-12 01:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-12 01:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-12 01:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-12 01:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-12 01:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-22 17:29 - 2014-02-22 17:29 - 01128528 _____ () C:\Windows\Minidump\022214-22245-01.dmp
2014-02-22 17:29 - 2013-09-20 12:46 - 927212293 _____ () C:\Windows\MEMORY.DMP
2014-02-22 17:29 - 2013-09-20 12:46 - 00000000 ____D () C:\Windows\Minidump
2014-02-21 03:49 - 2013-11-27 15:34 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\texstudio
2014-02-17 17:47 - 2014-02-17 17:47 - 00000000 ____D () C:\subfig
2014-02-16 20:27 - 2014-02-16 20:27 - 00003134 _____ () C:\Users\Connie\Downloads\Error_Analysis.m

Some content of TEMP:
====================
C:\Users\Connie\AppData\Local\Temp\AskSLib.dll
C:\Users\Connie\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Connie\AppData\Local\Temp\Gw2.exe
C:\Users\Connie\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Connie\AppData\Local\Temp\Quarantine.exe
C:\Users\Connie\AppData\Local\Temp\riftuninstall.exe
C:\Users\Connie\AppData\Local\Temp\setup32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-13 17:36

==================== End Of Log ============================



#7 qntsml

qntsml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 18 March 2014 - 10:33 PM

Also, the redirects only occur in Firefox (as far as I have observed, at least - they only happen some of the time).



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 19 March 2014 - 05:12 PM

Try to completely uninstall Firefox and re-install it again afterwards. Are there still those redirects afterwards?



#9 qntsml

qntsml
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 19 March 2014 - 05:33 PM

I think they're gone now. Thank you!



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 AM

Posted 25 March 2014 - 01:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users