Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run any antivirus software, open/empty recycle bin...


  • This topic is locked This topic is locked
63 replies to this topic

#1 Clytemnestra

Clytemnestra

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 08 May 2014 - 09:05 PM

Hey, guys.

I created the following post in the forums, and was given directions to follow that should have helped.

I tried running the various programs and tools suggested and made no progress. At the request of a moderator, I have followed the preparation guide and am posting a new topic. Here is the original post made:
 

 

A couple of days ago I was looking for custom Skyrim stuff on Nexus Mods, and I found some tips to speed up/boost computer performance (Cleanmem and one other I don't remember the name of, sorry). I installed them, then I changed my computer's settings in Advanced System Settings>Advanced>Performance>Settings (I set it to "adjust for best performnace"). Shortly thereafter, my laptop blue screened (she does this often; something is wrong with her RAM. I most often get the KERNEL_INPAGEDATA message.) then booted back up to tell me that she was installing updates. She shut herself down, booted again to say "configuring updates", then let me log on.

 

She claims that my copy of Windows is not genuine (she doesn't say this usually. It is not wholly inaccurate, but it is... well, a very long and [believe it or not] personal story). I cannot run Malwarebytes (even after naming it Zzmbam.COM, and yes, I changed the extension to .COM) or any other antimalware programming from Microsoft (the processes show up in the task manager, but they never get past the few hundred kb stage, where they're being "summoned" as I call it). I cannot access my E: partition at all (any explorer window I open to try to access it, even through shortcuts on the dekstop, it freezes and refuses to respond). When I try to run chkdsk on that partition from an elevated command prompt window and hit enter, it moves the cursor down a line and just sits there, unresponsive outside of the blinking cursor. I cannot empty, access, or delete (with rd /s c:\$Recycle.Bin) my recycle bin. CCleaner gets stuck emptying the recycle bin or dumping various logs.

 

I can run Rkill (it runs successfully and creates a log, but doesn't fix the issue) HitmanPro (gets stuck anywhere between 0% and 3%, in the System32>drivers directory, no log that I know of is created), TDSSKiller (gets stuck at 0 objects, no threats found after hours of running, I can read the report while it runs, but it doesn't change), and Active@ Partition Recovery For Windows [Demo Version] (hangs on "Initializing: Looking for devices..." indefinitely.).

 

 

Day before yesterday, I shut her down and tried to boot her into safe mode with command prompt, but she got stuck while loading files after "BootDefragDriver.sys" indefinitely until we lost power. When the power came back, I tried (with the same results) booting into safe mode with networking, then plain safe mode, over and over. She would not boot. Even trying "Repair my computer" or "boot to disc" didn't get me any further than a black screen with a moveable cursor.
I finally got her to boot by enabling boot logging, then I had to log into my partner's account (also an admin) to even get into the system recovery options; I'm not sure what to do from here, outside of back up all the other files (I really need to get into E:!!) and format the hard drive, then re-install Windows. But I don't want to have to do all that.

 

And here are the new issues that have arisen:

 

I can no longer boot into safe mode at all. It loads the drivers up to BootDefragDriver.sys and stays there. When I have to restart, I have to shut it down then select "Enable Boot Logging". It will not start any other way. I have noticed various processes running that I did not start, including the Windows Installer, Defrag.exe, and something with the extension tmp that I got a glimpse of before it was no longer on the list. It just disappeared.

 

The DDS log is oddly cut off. I will post it if requested.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 13 May 2014 - 09:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533726 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Clytemnestra

Clytemnestra
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 13 May 2014 - 10:43 PM

Replying as instructed by the bot. 

I do still have the installation disc I used.
The new DDS log is complete, not cut off like the other one was.

DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.51.2
Run by Henry at 22:53:44 on 2014-05-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3001.1831 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_54_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k defragsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
mURLSearchHooks: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: Shopping Helper Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: LastPass - c:\users\henry\appdata\locallow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\users\henry\appdata\locallow\lastpass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.9
TCP: Interfaces\{70D6577E-C7CD-4222-A36D-8E17CAB0B6FC} : DHCPNameServer = 192.168.1.9
TCP: Interfaces\{70D6577E-C7CD-4222-A36D-8E17CAB0B6FC}\242716E666F6274602D4F64756C602C425 : DHCPNameServer = 208.67.222.222 192.168.2.1
TCP: Interfaces\{70D6577E-C7CD-4222-A36D-8E17CAB0B6FC}\242716E666F6274602D4F64756C602C4F6262697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{70D6577E-C7CD-4222-A36D-8E17CAB0B6FC}\C696E6B6379737 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{E3BC4144-0C84-40B8-93CF-7F66D791EEA8} : NameServer = 208.69.150.252,208.69.150.250
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\henry\appdata\roaming\mozilla\firefox\profiles\mwdrom4k.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=ds&installDate=06/01/2014&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\itunes\mozilla plugins\npitunes (2).dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\henry\appdata\roaming\mozilla\firefox\profiles\mwdrom4k.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2014-4-9 16064]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-4-29 243128]
R2 mfmonitor;mfmonitor;c:\windows\system32\drivers\mfmonitor_x86.sys [2014-5-5 19160]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-5-4 30976]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-10 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-10 110296]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S1 MpKsl9ecf763e;MpKsl9ecf763e;c:\programdata\microsoft\microsoft antimalware\definition updates\{296114ac-85ad-4ba5-91be-03a597274163}\MpKsl9ecf763e.sys [2014-4-10 39464]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-11-26 40736]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-10 51928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-12-6 29728]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2014-5-5 13704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-30 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-15 49152]
S4 IObitUnlocker;IObitUnlocker;c:\program files\iobit\iobit unlocker\IObitUnlocker.sys [2013-3-2 28016]
.
=============== Created Last 30 ================
.
2014-05-11 23:19:50 -------- d-----w- c:\programdata\BlueStacksSetup
2014-05-11 23:19:42 -------- d-----w- c:\users\henry\appdata\local\Bluestacks
2014-05-09 23:04:11 -------- d-----w- c:\users\henry\appdata\local\Skype
2014-05-09 02:10:22 -------- d-----w- c:\users\henry\appdata\local\GVNotifierWPF
2014-05-09 02:09:55 -------- d-----w- c:\users\henry\appdata\local\Deployment
2014-05-08 01:28:39 -------- d-----w- c:\users\henry\appdata\local\Skyrim
2014-05-07 21:51:11 -------- d-----w- c:\program files\GUM635B.tmp
2014-05-07 09:40:17 -------- d-----w- c:\users\henry\appdata\roaming\OpenOffice
2014-05-07 01:30:25 -------- d-----w- c:\users\henry\appdata\local\Opera
2014-05-06 01:36:58 -------- d-----w- c:\users\henry\appdata\roaming\Solvusoft
2014-05-06 01:36:56 17840 ----a-w- c:\windows\system32\roboot.exe
2014-05-06 01:36:55 -------- d-----w- c:\program files\WinThruster
2014-05-06 01:07:15 99400 ----a-w- c:\windows\system32\setupprwdrv03.exe
2014-05-06 01:07:15 13704 ----a-w- c:\windows\system32\prwntdrv.sys
2014-05-06 01:07:07 -------- d-----w- c:\program files\EaseUS
2014-05-05 21:48:19 -------- d-----w- C:\FRST
2014-05-05 15:10:22 -------- d-----w- c:\users\henry\appdata\roaming\GlarySoft
2014-05-05 15:03:09 -------- d-----w- c:\users\henry\appdata\local\Programs
2014-05-05 12:12:35 -------- d-----w- c:\users\henry\appdata\local\gtk-2.0
2014-05-05 12:12:35 -------- d-----w- c:\users\henry\.thumbnails
2014-05-05 11:57:00 -------- d-----w- c:\users\henry\appdata\local\Apps
2014-05-05 11:54:05 -------- d-----w- c:\users\henry\MediaFire
2014-05-05 11:53:45 -------- d--h--w- c:\users\henry\.mediafire
2014-05-05 11:40:43 -------- d-----w- c:\users\henry\appdata\local\fontconfig
2014-05-05 11:40:06 -------- d-----w- c:\users\henry\appdata\local\gegl-0.2
2014-05-05 11:40:06 -------- d-----w- c:\users\henry\.gimp-2.8
2014-05-05 09:46:03 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-05 09:36:11 -------- d-----w- c:\users\henry\appdata\roaming\QuickScan
2014-05-05 05:37:35 -------- d-----w- c:\program files\MediaFire Desktop
2014-05-05 05:35:52 19160 ----a-w- c:\windows\system32\drivers\mfmonitor_x86.sys
2014-05-05 00:18:22 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-05-05 00:18:22 -------- d-----w- c:\program files\HitmanPro
2014-05-05 00:17:25 -------- d-----w- c:\programdata\HitmanPro
2014-05-04 23:52:13 -------- d-----w- c:\program files\LSoft Technologies
2014-04-29 21:42:07 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3fc99b8d-c52e-4971-b080-0c23f3554604}\offreg.dll
2014-04-29 17:03:56 -------- d-----w- c:\program files\ffdshow
2014-04-29 11:03:20 -------- d-----w- C:\Skyrim Mods
2014-04-29 11:02:55 -------- d-----w- c:\program files\common files\Wrye Bash
2014-04-29 10:46:59 -------- d-----w- C:\BOSS
2014-04-29 10:38:31 -------- d-----w- c:\programdata\Package Cache
2014-04-29 10:09:37 -------- d-----w- c:\program files\Nexus Mod Manager
2014-04-29 09:26:39 -------- d-----w- C:\The Elder Scrolls V Skyrim
2014-04-29 08:34:18 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-04-29 08:21:09 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-04-29 08:21:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-04-29 08:19:21 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-04-28 09:16:08 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3fc99b8d-c52e-4971-b080-0c23f3554604}\mpengine.dll
2014-04-16 09:25:06 107736 ----a-w- c:\windows\system32\drivers\48230029.sys
.
==================== Find3M  ====================
.
2014-05-07 00:57:43 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-29 16:53:40 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-29 16:53:30 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-29 16:53:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-14 08:05:38 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-04-14 02:07:42 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-04-09 11:53:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-09 11:53:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-04 07:01:17 249856 ------w- c:\windows\Setup1.exe
2014-04-04 07:01:16 73216 ----a-w- c:\windows\ST6UNST.EXE
2014-03-31 13:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-29 00:24:09 667978 ----a-w- c:\windows\unins000.exe
2014-03-27 01:54:05 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-27 01:54:05 1767936 ----a-w- c:\windows\system32\wininet.dll
2014-03-27 01:54:04 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-27 01:54:04 61440 ----a-w- c:\windows\system32\iesetup.dll
2014-03-27 01:54:04 2877952 ----a-w- c:\windows\system32\jscript9.dll
2014-03-27 01:54:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-27 00:24:40 204064 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-03-27 00:23:06 116512 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-03-27 00:23:04 104736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-04-27 20:40:18 11019776 ----a-w- c:\program files\common files\lpuninstall.exe
2013-03-19 21:22:04 1037648 ----a-w- c:\program files\uTorrent.exe
.
============= FINISH: 22:59:31.75 ===============
 


Edited by Clytemnestra, 13 May 2014 - 10:44 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 18 May 2014 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 Clytemnestra

Clytemnestra
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 19 May 2014 - 02:34 PM

Thank you for your response!
I will run AdwCleaner now.
Just for clarification, are you telling me to run AdwCleaner once, let it finish, generate a report, then run it again and go through the cleaning process, or are you giving instructions on what steps to take if I find false positives in its scan?

EDIT: I figured that you meant to run it once and re-run it if it gave false positives. I scanned with it once and then cleaned, and it generated a report. I just have to say, I am very very excited to be making progress! 

Here's the report it gave me:

# AdwCleaner v3.210 - Report created 19/05/2014 at 15:38:24
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Henry - DOWMOOCOW
# Running from : C:\Users\Henry\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater
[#] Service Deleted : SecureUpdateSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\IObit Toolbar
Folder Deleted : C:\Program Files\Secure Speed Dial
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Heather\AppData\Local\emaze
Folder Deleted : C:\Users\Heather\AppData\Local\genienext
Folder Deleted : C:\Users\Heather\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Heather\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Heather\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Heather\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Heather\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Heather\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Henry\AppData\Roaming\Solvusoft
Folder Deleted : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\v3dnrigx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\v3dnrigx.default\Extensions\speeddial@instair.net
File Deleted : C:\Users\Public\Desktop\WinThruster.lnk
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Heather\daemonprocess.txt
File Deleted : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\v3dnrigx.default\user.js
File Deleted : C:\Windows\System32\Tasks\WinThruster
File Deleted : C:\Windows\Tasks\WinThruster_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\WinThruster_DEFAULT
File Deleted : C:\Windows\Tasks\WinThruster_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\WinThruster_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{719D3AFA-876E-4966-B067-A019C1B89F2D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A66D397-3608-4C65-992E-4E85E14DF9FB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719D3AFA-876E-4966-B067-A019C1B89F2D}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9CB803D-2535-40FD-A139-0401252E3A8B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A66D397-3608-4C65-992E-4E85E14DF9FB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9CB803D-2535-40FD-A139-0401252E3A8B}
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Solvusoft
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Lucky Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Solvusoft
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster_is1

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16843

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\v3dnrigx.default\prefs.js ]

Line Deleted : user_pref("CT3291327.FF19Solved", "true");
Line Deleted : user_pref("CT3291327.UserID", "UN40733055871724227");
Line Deleted : user_pref("CT3291327.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3291327.autoDisableScopes", -1);
Line Deleted : user_pref("CT3291327.fullUserID", "UN40733055871724227.IN.20130717162937");
Line Deleted : user_pref("CT3291327.installDate", "17/07/2013 16:29:37");
Line Deleted : user_pref("CT3291327.installSessionId", "{99F55CF2-0B44-4D0F-8860-A5F9B44B4383}");
Line Deleted : user_pref("CT3291327.installSp", "TRUE");
Line Deleted : user_pref("CT3291327.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3291327.keyword", "true");
Line Deleted : user_pref("CT3291327.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
Line Deleted : user_pref("CT3291327.searchRevert", "false");
Line Deleted : user_pref("CT3291327.searchUserMode", "2");
Line Deleted : user_pref("CT3291327.versionFromInstaller", "10.16.4.19");
Line Deleted : user_pref("CT3291327.xpeMode", "3");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291327");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN40733055871724227&UM=2&q=");
Line Deleted : user_pref("smartbar.machineId", "59VEMIXYNOIB/IKZCLBM0XNROHTRHKXQVJKHE8GEKZMUDZ/EAMEOUWUBJTSX9UR1D3XWUX+5LVTRP2P/QZRQKA");

[ File : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\prefs.js ]

Line Deleted : user_pref("CT3292584.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3292584.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3292584.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3292584.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3292584.FF19Solved", "true");
Line Deleted : user_pref("CT3292584.FirstTime", "true");
Line Deleted : user_pref("CT3292584.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3292584.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3292584.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3292584.UserID", "UN64307047112587373");
Line Deleted : user_pref("CT3292584.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3292584.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3292584.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3292584.autoDisableScopes", -1);
Line Deleted : user_pref("CT3292584.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3292584.defaultSearch", "true");
Line Deleted : user_pref("CT3292584.embeddedsData", "[{\"appId\":\"130081607027094149\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3292584.enableAlerts", "true");
Line Deleted : user_pref("CT3292584.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3292584.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3292584.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3292584.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3292584.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3292584.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3292584.fixUrls", true);
Line Deleted : user_pref("CT3292584.installDate", "6/4/2013 20:03:12");
Line Deleted : user_pref("CT3292584.installId", "cid111_59");
Line Deleted : user_pref("CT3292584.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3292584.installUsage", "2013-04-07T03:08:44.2453396+03:00");
Line Deleted : user_pref("CT3292584.installUsageEarly", "2013-04-07T03:08:42.0768979+03:00");
Line Deleted : user_pref("CT3292584.installerVersion", "1.3.7.3");
Line Deleted : user_pref("CT3292584.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3292584.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3292584.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3292584.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3292584.keyword", "true");
Line Deleted : user_pref("CT3292584.lastVersion", "10.15.0.62");
Line Deleted : user_pref("CT3292584.mam_gk_appStateReportTime.enc", "MTM2NTI5NzAwNzYzNw==");
Line Deleted : user_pref("CT3292584.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3292584.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3292584.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3292584.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3292584.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3292584.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3292584.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2siLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI4ZjU5Mzk5MC1jOTRlLTRmMjAtYWFkZS0xYmM3YzE4YjIyNGEiLCJkb21haW5zIjp[...]
Line Deleted : user_pref("CT3292584.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Line Deleted : user_pref("CT3292584.mam_gk_eventsCache.enc", "eyJjNDdiYTBkYy02Y2FmLTRhZTQtODNiYi1jZmQwYWM2M2Q4MjEiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3292584.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3292584.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3292584.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3292584.mam_gk_lastLoginTime.enc", "MTM2NTI5MzMwMDA1Nw==");
Line Deleted : user_pref("CT3292584.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3292584.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3292584.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3292584.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3292584.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3292584.mam_gk_userId.enc", "NGIzZmYwYjEtMDVhZi00M2ExLTk2ZDMtY2RmNDFkNzI0MzY1");
Line Deleted : user_pref("CT3292584.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3292584.missingMachineIdSent", "true");
Line Deleted : user_pref("CT3292584.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.chamberorganizer.com%2FHillsboroughChamber%2Fmem_lovellmtn\",\"EB_MAIN_FRAME_TITLE\":\"Lovell%20Mountain%20Farm%[...]
Line Deleted : user_pref("CT3292584.openThankYouPage", "false");
Line Deleted : user_pref("CT3292584.openUninstallPage", "true");
Line Deleted : user_pref("CT3292584.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3292584.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3292584.search.searchAppId", "130081607027094149");
Line Deleted : user_pref("CT3292584.search.searchCount", "0");
Line Deleted : user_pref("CT3292584.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3292584.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3292584.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3292584.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3292584.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3292584.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3292584.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3292584\"}");
Line Deleted : user_pref("CT3292584.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV21.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3292584.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V1\"}");
Line Deleted : user_pref("CT3292584.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3292584.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365293291759");
Line Deleted : user_pref("CT3292584.serviceLayer_services_appsMetadata_lastUpdate", "1365293292062");
Line Deleted : user_pref("CT3292584.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365293291839");
Line Deleted : user_pref("CT3292584.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1365293289817");
Line Deleted : user_pref("CT3292584.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1365293292525");
Line Deleted : user_pref("CT3292584.serviceLayer_services_location_lastUpdate", "1365293289789");
Line Deleted : user_pref("CT3292584.serviceLayer_services_login_10.15.0.62_lastUpdate", "1365293292147");
Line Deleted : user_pref("CT3292584.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365293291899");
Line Deleted : user_pref("CT3292584.serviceLayer_services_searchAPI_lastUpdate", "1365293289802");
Line Deleted : user_pref("CT3292584.serviceLayer_services_serviceMap_lastUpdate", "1365293289149");
Line Deleted : user_pref("CT3292584.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365293291776");
Line Deleted : user_pref("CT3292584.serviceLayer_services_toolbarSettings_lastUpdate", "1365293289624");
Line Deleted : user_pref("CT3292584.serviceLayer_services_translation_lastUpdate", "1365293292080");
Line Deleted : user_pref("CT3292584.settingsINI", true);
Line Deleted : user_pref("CT3292584.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3292584.showToolbarPermission", "false");
Line Deleted : user_pref("CT3292584.smartbar.CTID", "CT3292584");
Line Deleted : user_pref("CT3292584.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3292584.smartbar.homepage", true);
Line Deleted : user_pref("CT3292584.smartbar.toolbarName", "MixiDJ V1 ");
Line Deleted : user_pref("CT3292584.startPage", "true");
Line Deleted : user_pref("CT3292584.toolbarBornServerTime", "7-4-2013");
Line Deleted : user_pref("CT3292584.toolbarCurrentServerTime", "7-4-2013");
Line Deleted : user_pref("CT3292584.toolbarLoginClientTime", "Sat Apr 06 2013 20:08:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3292584.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjUyOTcwOTE0NjQ=");
Line Deleted : user_pref("CT3292584_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365297003942,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3292584&CUI=UN64307047112587373&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V1 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3292584&SearchSource=2&CUI=UN64307047112587373&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3292584");
Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=nt&installDate=06/01/2014");
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V1 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=ds&installDate=06/01/2014&q=");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3292584&octid=CT3292584&SearchSource=61&CUI=UN64307047112587373&UM=2&UP=SP967D35EB-68A2-40AD-8193-0194801BAAE8,hxxp://searc[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3292584&SearchSource=2&CUI=UN64307047112587373&UM=2&q=");
Line Deleted : user_pref("smartbar.machineId", "59VEMIXYNOIB/IKZCLBM0XNROHTRHKXQVJKHE8GEKZMUDZ/EAMEOUWUBJTSX9UR1D3XWUX+5LVTRP2P/QZRQKA");
Line Deleted : user_pref("smartbar.originalHomepage", "about:home");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5019C03D-82F7-4836-ABD1-94E309DB2582&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=ds&q={searchTerms}&installDate=06/01/2014
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp

[ File : C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=ds&q={searchTerms}&installDate=06/01/2014
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321521&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5019C03D-82F7-4836-ABD1-94E309DB2582&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod
Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp

*************************

AdwCleaner[R0].txt - [24517 octets] - [19/05/2014 15:35:30]
AdwCleaner[S0].txt - [24237 octets] - [19/05/2014 15:38:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24298 octets] ##########

 

 

I will run the FRST thing now.

EDIT: Here is the FRST.txt log.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Henry (administrator) on DOWMOOCOW on 19-05-2014 16:00:32
Running from C:\Users\Henry\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-2105114045-2200044803-2402353932-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCRN_Autoupdater.exe.lnk
ShortcutTarget: RCRN_Autoupdater.exe.lnk -> C:\The Elder Scrolls V Skyrim\RCRN\Autoupdater\RCRN_Autoupdater.exe (Damiano La Maida)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5375999B7E32CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM - (No Name) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {74BD36E0-2890-4490-BE44-B7AF7D93CCA6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {C429D765-6CA7-4A9B-B279-AD54596BE24C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E74588F9-9AF6-40A2-B1F8-051C3AA24717} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.9
Tcpip\..\Interfaces\{E3BC4144-0C84-40B8-93CF-7F66D791EEA8}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default
FF Homepage: hxxp://www.free-tv-video-online.me/internet/will_and_grace/season_4.html|hxxp://www.free-tv-video-online.me/player/gorillavid.php?id=siogo4dvmuqe|hxxp://www.free-tv-video-online.me/player/gorillavid.php?id=lysfkaq1mitb|hxxp://www.free-tv-video-online.me/player/gorillavid.php?id=e930laf0dzx9
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\support@lastpass.com [2014-04-22]
FF Extension: Bitdefender QuickScan - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-05-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-16]
FF Extension: Adblock Edge - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-16]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com",
            "hxxp://search.b1.org/?bsrc=4hcxr&chid=c162341",
            "hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192",
            "hxxp://mystart.incredibar.com/mb175?a=6Oz1BwDyqz&i=26",
            "hxxp://search.conduit.com/?CUI=UN19073156231165523&ctid=CT3279141&SearchSource=48&sspv=SP_CHWSP06",
            "hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ch",
            "hxxp://xfinity.comcast.net/?cid=insDate06112013",
            "hxxp://www.facebook.com/",
            "hxxp://search.conduit.com/?ctid=CT3321521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP5019C03D-82F7-4836-ABD1-94E309DB2582&SSPV=",
            "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=hp&installDate=06/01/2014"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Theme Creator) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-24]
CHR Extension: (Google Drive) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-24]
CHR Extension: (YouTube) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Facebook) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-04-10]
CHR Extension: (Adblock Plus) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-10]
CHR Extension: (Google Search) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (MixiDJ V1) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj [2013-04-24]
CHR Extension: (Netflix) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-04-10]
CHR Extension: (Pandora) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-04-10]
CHR Extension: (XKit) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-05-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-07]
CHR Extension: (Blogger) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]

----------------------------------------------

It didn't make a log titled "Addition.txt". I don't believe I've run the program before. Why wouldn't it create "Addition.txt"?


Edited by Clytemnestra, 19 May 2014 - 03:08 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 20 May 2014 - 08:46 AM

Please post a fresh copy of the FRST.txt log.

There was too much information on your post and your FRST LOG was truncated.

#7 Clytemnestra

Clytemnestra
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 20 May 2014 - 09:14 PM

Ah. Sorry about that. Here you go:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Henry (administrator) on DOWMOOCOW on 19-05-2014 16:00:32
Running from C:\Users\Henry\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-2105114045-2200044803-2402353932-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCRN_Autoupdater.exe.lnk
ShortcutTarget: RCRN_Autoupdater.exe.lnk -> C:\The Elder Scrolls V Skyrim\RCRN\Autoupdater\RCRN_Autoupdater.exe (Damiano La Maida)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5375999B7E32CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKLM - (No Name) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {74BD36E0-2890-4490-BE44-B7AF7D93CCA6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {C429D765-6CA7-4A9B-B279-AD54596BE24C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E74588F9-9AF6-40A2-B1F8-051C3AA24717} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.9
Tcpip\..\Interfaces\{E3BC4144-0C84-40B8-93CF-7F66D791EEA8}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default
FF Homepage: hxxp://www.free-tv-video-online.me/internet/will_and_grace/season_4.html|hxxp://www.free-tv-video-online.me/player/gorillavid.php?id=siogo4dvmuqe|hxxp://www.free-tv-video-online.me/player/gorillavid.php?id=lysfkaq1mitb|hxxp://www.free-tv-video-online.me/player/gorillavid.php?id=e930laf0dzx9
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\support@lastpass.com [2014-04-22]
FF Extension: Bitdefender QuickScan - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-05-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-16]
FF Extension: Adblock Edge - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-16]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com",
            "hxxp://search.b1.org/?bsrc=4hcxr&chid=c162341",
            "hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192",
            "hxxp://mystart.incredibar.com/mb175?a=6Oz1BwDyqz&i=26",
            "hxxp://search.conduit.com/?CUI=UN19073156231165523&ctid=CT3279141&SearchSource=48&sspv=SP_CHWSP06",
            "hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ch",
            "hxxp://xfinity.comcast.net/?cid=insDate06112013",
            "hxxp://www.facebook.com/",
            "hxxp://search.conduit.com/?ctid=CT3321521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP5019C03D-82F7-4836-ABD1-94E309DB2582&SSPV=",
            "hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=hp&installDate=06/01/2014"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Theme Creator) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-24]
CHR Extension: (Google Drive) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-24]
CHR Extension: (YouTube) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Facebook) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-04-10]
CHR Extension: (Adblock Plus) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-10]
CHR Extension: (Google Search) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (MixiDJ V1) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj [2013-04-24]
CHR Extension: (Netflix) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-04-10]
CHR Extension: (Pandora) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-04-10]
CHR Extension: (XKit) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-05-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-07]
CHR Extension: (Blogger) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]


------
That's where the log ends.


Edited by Clytemnestra, 20 May 2014 - 09:14 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 21 May 2014 - 07:38 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
URLSearchHook: HKLM - (No Name) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
"hxxp://search.conduit.com/?CUI=UN19073156231165523&ctid=CT3279141&SearchSource=48&sspv=SP_CHWSP06",
"hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ch",
"hxxp://search.conduit.com/?ctid=CT3321521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP5019C03D-82F7-4836-ABD1-94E309DB2582&SSPV=",
"hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=hp&installDate=06/01/2014"
CHR Extension: (MixiDJ V1) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj [2013-04-24]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Please run the FRST tool normally one more time and post a fresh log.

Include the Addition.txt if it was created the first time you run the tool.

#9 Clytemnestra

Clytemnestra
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 21 May 2014 - 10:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-05-2014
Ran by Henry at 2014-05-21 09:05:38 Run:1
Running from C:\Users\Henry\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
URLSearchHook: HKLM - (No Name) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
"hxxp://search.conduit.com/?CUI=UN19073156231165523&ctid=CT3279141&SearchSource=48&sspv=SP_CHWSP06",
"hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ch",
"hxxp://search.conduit.com/?ctid=CT3321521&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP5019C03D-82F7-4836-ABD1-94E309DB2582&SSPV=",
"hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=OB_138_79&co=US&userid=e1064ea9-3d55-26b7-55d8-6c09fd88166d&searchtype=hp&installDate=06/01/2014"
CHR Extension: (MixiDJ V1) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj [2013-04-24]

End
*****************

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{da51d4f6-3e7e-4ef8-b400-9198e0874606} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key deleted successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => Key not found.
C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj => Moved successfully.

==== End of Fixlog ====

__________

I ran the fix, it finished, and I told the computer to restart; it hung on "shutting down" for over an hour, so I held the power button until it shut off and then rebooted. Then I attempted to reset Chrome, but it sat on that little popup with the "loading" circle spinning round for about 6 hours. I tried to close the browser at that point, but a Microsoft Windows pop up came up saying, "The process is not responding. End process?" I ended the process and the browser window closed, but there was still a Chrome process using quite a lot of the memory in the process list. I restarted the computer (with no issues at the "shutting down" screen) and re-attempted the reset by opening the browser, clicking reset, waiting until the settings page looked different, then closing it. There were no lingering Chrome processes left. I reopened the browser and ran FRST's scan, but it has been hanging on "Listing Files and Folders: Uninstall_SkipUAC_Administrator.job" since around 4pm.
Would you still like me to post FRSTs log?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 22 May 2014 - 08:04 AM

There is a unknown reason why chrome is reacting this way.

I suggest you remove Chrome using the Add/Remove program.
Restart the computer and re-install the program. Do not re-install any extensions just yet.

Then run the FRST log and post a fresh log.

#11 Clytemnestra

Clytemnestra
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 23 May 2014 - 01:37 AM

I've uninstalled, re-booted, and re-installed Chrome. FRST is hanging on that one entry again, the "Uninstall_SkipUAC_Administrator.job". Do you want me to close FRST or end the process (bcdedit.exe) it's stuck on?

EDIT, 3:36am:
It finished. Here's the FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Henry (administrator) on DOWMOOCOW on 23-05-2014 01:26:03
Running from C:\Users\Henry\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(O2Micro International) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Windows\System32\Defrag.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-21-2105114045-2200044803-2402353932-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2105114045-2200044803-2402353932-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCRN_Autoupdater.exe.lnk
ShortcutTarget: RCRN_Autoupdater.exe.lnk -> C:\The Elder Scrolls V Skyrim\RCRN\Autoupdater\RCRN_Autoupdater.exe (Damiano La Maida)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5375999B7E32CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {74BD36E0-2890-4490-BE44-B7AF7D93CCA6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {C429D765-6CA7-4A9B-B279-AD54596BE24C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E74588F9-9AF6-40A2-B1F8-051C3AA24717} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.9
Tcpip\..\Interfaces\{E3BC4144-0C84-40B8-93CF-7F66D791EEA8}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default
FF Homepage: https://mail.google.com/mail/u/0/#inbox/146241e657162f97|https://cmd.fm/|hxxp://www.bleepingcomputer.com/forums/t/533726/cannot-run-any-antivirus-software-openempty-recycle-bin/#entry3375446|https://www.google.com/search?site=imghp&tbm=isch&source=hp&biw=1279&bih=712&q=site%3Atotallykate.com&oq=site%3Atotallykate.com&gs_l=img.3...1473.11712.0.11989.20.20.0.0.0.0.200.1948.13j6j1.20.0.ernk_qsrc...0...1.1.44.img..16.4.392.chSvO7G2Wfw|hxxp://machacking.net/kb/files/cokemachines.txt
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\support@lastpass.com [2014-04-22]
FF Extension: Bitdefender QuickScan - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-05-05]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-16]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-05-16]
FF Extension: Adblock Plus - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-16]
FF Extension: Adblock Edge - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\mwdrom4k.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-16]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Theme Creator) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-04-10]
CHR Extension: (Google Docs) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-24]
CHR Extension: (Google Drive) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-24]
CHR Extension: (YouTube) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-24]
CHR Extension: (Facebook) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-04-10]
CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-10]
CHR Extension: (Google Search) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-24]
CHR Extension: (MixiDJ V1) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj [2014-05-23]
CHR Extension: (Netflix) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2014-04-10]
CHR Extension: (Pandora) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-04-10]
CHR Extension: (XKit) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-05-08]
CHR Extension: (LastPass) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-07]
CHR Extension: (Blogger) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (No Name) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-04-10]
CHR Extension: (Tumblr Savior) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-05-08]
CHR Extension: (Gmail) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-24]
CHR HKLM\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx [2013-04-03]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files\LastPass\lpchrome.crx [2013-04-27]
CHR HKCU\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx [2013-04-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
S2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881440 2013-12-09] (IObit)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-09-05] (Perfect World Entertainment Inc)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-05-04] (SurfRight B.V.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-09] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-29] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-04-29] (Malwarebytes Corporation)
S2 MF NTFS Monitor; C:\Users\Heather\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [457736 2014-04-30] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 o2flash; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International)
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-04-13] (Glarysoft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-29] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-05-22] ()
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [28016 2011-08-26] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [40736 2013-11-26] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-29] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-04-29] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x86.sys [19160 2013-12-06] (Windows ® Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 MpKsl9ecf763e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{296114AC-85AD-4BA5-91BE-03A597274163}\MpKsl9ecf763e.sys [39464 2014-04-10] ()
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [13704 2010-08-25] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113336 2013-07-21] (Power Software Ltd)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S0 46030104; system32\drivers\30282419.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [X]
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [X]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [X]
S3 b57nd60x; system32\DRIVERS\b57nd60x.sys [X]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [X]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 O2SDRDR; system32\DRIVERS\o2sd.sys [X]
S2 Parvdm; \SystemRoot\system32\DRIVERS\parvdm.sys [X]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X]
S3 SrvHsfV92; system32\DRIVERS\VSTDPV3.SYS [X]
S3 SrvHsfWinac; system32\DRIVERS\VSTCNXT3.SYS [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 viaagp; \SystemRoot\system32\drivers\viaagp.sys [X]
S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [X]
S0 vmbus; system32\drivers\vmbus.sys [X]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-23 01:09 - 2014-05-23 01:09 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 01:05 - 2014-05-23 01:05 - 00918672 _____ (Google Inc.) C:\Users\Henry\Downloads\ChromeSetup.exe
2014-05-19 16:00 - 2014-05-23 01:26 - 00019421 _____ () C:\Users\Henry\Desktop\FRST.txt
2014-05-19 15:44 - 2014-05-19 15:44 - 00000314 _____ () C:\Windows\PFRO.log
2014-05-19 15:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-19 15:35 - 2014-05-19 15:39 - 00000000 ____D () C:\AdwCleaner
2014-05-19 15:24 - 2014-05-19 15:24 - 01326389 _____ () C:\Users\Henry\Desktop\adwcleaner_3.210.exe
2014-05-19 15:24 - 2014-05-19 15:24 - 01056768 _____ (Farbar) C:\Users\Henry\Desktop\FRST.exe
2014-05-17 22:33 - 2014-05-17 22:33 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\PowerISO
2014-05-17 22:33 - 2014-05-17 22:33 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\DAEMON Tools Lite
2014-05-17 20:47 - 2014-05-17 20:47 - 00000000 ____H () C:\Users\Henry\Documents\Default.rdp
2014-05-17 20:11 - 2014-05-17 20:29 - 00001182 _____ () C:\Users\Henry\Desktop\ Mabinogi .lnk
2014-05-17 20:11 - 2014-05-17 20:11 - 00000000 ___SD () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mabinogi
2014-05-17 20:11 - 2014-05-17 20:11 - 00000000 ____D () C:\Nexon
2014-05-17 15:27 - 2014-05-17 15:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-17 00:27 - 2014-05-17 00:27 - 00000000 __SHD () C:\found.003
2014-05-16 18:27 - 2014-05-17 20:11 - 00000000 ___SD () C:\Users\Henry\Documents\Mabinogi
2014-05-16 16:29 - 2014-05-16 16:29 - 02556712 _____ () C:\Users\Henry\Downloads\Mabinogi_Downloader.exe
2014-05-16 16:29 - 2014-05-16 16:29 - 00000178 _____ () C:\console.log
2014-05-15 06:47 - 2014-05-15 08:30 - 00106266 _____ () C:\Users\Henry\Downloads\13C7.tmp
2014-05-15 04:17 - 2014-05-22 16:05 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-11 22:33 - 2014-05-11 22:33 - 00022552 _____ () C:\Users\Henry\AppData\Local\recently-used.xbel
2014-05-11 19:32 - 2014-05-11 19:40 - 143237120 _____ () C:\Users\Henry\Downloads\BlueStacks_HD_AppPlayerPro_setup_REL.msi
2014-05-11 19:19 - 2014-05-11 19:19 - 00000000 ____D () C:\Users\Henry\AppData\Local\Bluestacks
2014-05-11 19:18 - 2014-05-11 19:19 - 10381600 _____ (BlueStack Systems Inc.) C:\Users\Henry\Downloads\BlueStacks-SplitInstaller_native.exe
2014-05-09 21:34 - 2008-03-08 18:55 - 00065829 ____N () C:\Users\Heather\Downloads\dmd-themist-cd1.srt
2014-05-09 21:34 - 2008-03-08 18:55 - 00056500 ____N () C:\Users\Heather\Downloads\dmd-themist-cd2.srt
2014-05-09 19:04 - 2014-05-09 19:04 - 00000000 ____D () C:\Users\Henry\AppData\Local\Skype
2014-05-08 22:10 - 2014-05-08 22:13 - 00000000 ____D () C:\Users\Henry\AppData\Local\GVNotifierWPF
2014-05-08 22:10 - 2014-05-08 22:10 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dave Amenta
2014-05-08 22:09 - 2014-05-22 02:19 - 00000000 ____D () C:\Users\Henry\AppData\Local\Deployment
2014-05-08 21:39 - 2014-05-13 23:40 - 00003079 _____ () C:\Users\Henry\Desktop\attach.txt
2014-05-08 21:39 - 2014-05-13 22:59 - 00014807 _____ () C:\Users\Henry\Desktop\dds.txt
2014-05-08 21:15 - 2014-05-08 21:15 - 00688992 ____R (Swearware) C:\Users\Henry\Desktop\dds.com
2014-05-07 21:28 - 2014-05-07 21:28 - 00000000 ____D () C:\Users\Henry\Documents\My Games
2014-05-07 21:28 - 2014-05-07 21:28 - 00000000 ____D () C:\Users\Henry\AppData\Local\Skyrim
2014-05-07 20:23 - 2014-05-07 20:24 - 03972608 _____ () C:\Users\Henry\Desktop\RogueKiller.exe
2014-05-07 20:21 - 2014-05-07 20:21 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Henry\Desktop\rkill.com
2014-05-07 17:51 - 2014-05-07 17:52 - 00000000 ____D () C:\Program Files\GUM635B.tmp
2014-05-07 05:40 - 2014-05-07 05:40 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\OpenOffice
2014-05-07 05:27 - 2014-04-29 18:21 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Henry\Desktop\TDSSKiller.exe
2014-05-07 00:52 - 2014-05-07 00:53 - 00021037 _____ () C:\Windows\system32\Result.txt
2014-05-06 21:30 - 2014-05-06 21:30 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Opera
2014-05-06 21:30 - 2014-05-06 21:30 - 00000000 ____D () C:\Users\Henry\AppData\Local\Opera
2014-05-06 21:10 - 2014-05-06 21:10 - 00024769 _____ () C:\Users\Henry\Downloads\Result.txt
2014-05-06 21:07 - 2014-05-06 21:07 - 00982016 _____ (Farbar) C:\Users\Henry\Desktop\MiniToolBox.exe
2014-05-05 21:36 - 2014-05-05 21:36 - 00000000 ____D () C:\Program Files\WinThruster
2014-05-05 21:07 - 2014-05-05 21:07 - 00001369 _____ () C:\Users\Public\Desktop\EaseUS Partition Recovery 5.6.1.lnk
2014-05-05 21:07 - 2014-05-05 21:07 - 00000000 ____D () C:\Program Files\EaseUS
2014-05-05 21:07 - 2012-11-13 09:41 - 00099400 _____ () C:\Windows\system32\setupprwdrv03.exe
2014-05-05 21:07 - 2010-08-25 19:39 - 00013704 _____ () C:\Windows\system32\prwntdrv.sys
2014-05-05 17:58 - 2014-05-05 18:06 - 00025135 _____ () C:\Users\Henry\Downloads\Addition.txt
2014-05-05 17:48 - 2014-05-23 01:26 - 00000000 ____D () C:\FRST
2014-05-05 17:48 - 2014-05-05 17:58 - 00067707 _____ () C:\Users\Henry\Downloads\FRST.txt
2014-05-05 11:10 - 2014-05-05 11:10 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GlarySoft
2014-05-05 11:03 - 2014-05-05 11:03 - 00000000 __RSH () C:\MSDOS.SYS
2014-05-05 11:03 - 2014-05-05 11:03 - 00000000 __RSH () C:\IO.SYS
2014-05-05 10:57 - 2014-04-28 11:23 - 00000000 ____D () C:\Users\Heather\Documents\testdisk-7.0-WIP
2014-05-05 10:54 - 2014-05-05 10:54 - 00000370 _____ () C:\Users\Heather\Documents\to download and install.txt
2014-05-05 08:21 - 2014-05-05 08:26 - 276395862 _____ () C:\Users\Heather\Documents\Mabinogi(from My Documents).rar
2014-05-05 08:12 - 2014-05-11 22:33 - 00000000 ____D () C:\Users\Henry\AppData\Local\gtk-2.0
2014-05-05 08:12 - 2014-05-05 09:33 - 00000000 ____D () C:\Users\Henry\.thumbnails
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part106.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part105.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part104.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part103.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part102.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part101.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part100.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part099.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part098.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part097.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part096.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part095.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 02865152 _____ () C:\Program Files\JULIE TTS.part107.rar
2014-05-05 08:05 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part094.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part093.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part092.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part091.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part090.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part089.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part088.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part087.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part086.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part085.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part084.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part083.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part082.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part081.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part080.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part079.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part078.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part077.rar
2014-05-05 08:04 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part076.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part075.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part074.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part073.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part072.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part071.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part070.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part069.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part068.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part067.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part066.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part065.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part064.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part063.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part062.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part061.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part060.rar
2014-05-05 08:03 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part059.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part058.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part057.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part056.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part055.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part054.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part053.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part052.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part051.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part050.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part049.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part048.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part047.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part046.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part045.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part044.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part043.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part042.rar
2014-05-05 08:02 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part041.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part040.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part039.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part038.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part037.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part036.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part035.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part034.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part033.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part032.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part031.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part030.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part029.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part028.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part027.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part026.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part025.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part024.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part023.rar
2014-05-05 08:01 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part022.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part021.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part020.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part019.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part018.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part017.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part016.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part015.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part014.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part013.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part012.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part011.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part010.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part009.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part008.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part007.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part006.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part005.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part004.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part003.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part002.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part001.rar
2014-05-05 07:57 - 2014-05-08 22:09 - 00000000 ____D () C:\Users\Henry\AppData\Local\Apps\2.0
2014-05-05 07:57 - 2014-05-05 07:59 - 00000000 ___RD () C:\Users\Heather\Documents\MediaFire
2014-05-05 07:54 - 2014-05-05 07:54 - 00000000 ____D () C:\Users\Henry\MediaFire
2014-05-05 07:53 - 2014-05-05 12:54 - 00000000 ___HD () C:\Users\Henry\.mediafire
2014-05-05 07:47 - 2014-05-05 07:47 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\WinRAR
2014-05-05 07:40 - 2014-05-12 00:48 - 00000000 ____D () C:\Users\Henry\.gimp-2.8
2014-05-05 07:40 - 2014-05-05 07:40 - 00000000 ____D () C:\Users\Henry\AppData\Local\gegl-0.2
2014-05-05 05:36 - 2014-05-05 05:36 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\QuickScan
2014-05-05 05:28 - 2014-05-07 22:08 - 00025980 _____ () C:\Users\Henry\Desktop\Rkill.txt
2014-05-05 05:27 - 2014-04-29 19:22 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-05-05 04:42 - 2014-04-29 18:21 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Heather\Desktop\TDSSKiller.exe
2014-05-05 04:35 - 2014-05-05 04:39 - 69986712 _____ (MediaFire) C:\Users\Heather\Downloads\MediaFireDesktop-0.10.36.9353-windows-PRODUCTION.exe
2014-05-05 01:35 - 2013-12-06 12:42 - 00019160 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\mfmonitor_x86.sys
2014-05-04 21:48 - 2014-05-23 01:25 - 00064682 _____ () C:\Windows\setupact.log
2014-05-04 21:48 - 2014-05-04 21:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 20:59 - 2014-05-04 20:59 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-04 20:37 - 2014-05-04 20:38 - 77868893 _____ () C:\Users\Heather\Desktop\HENRY.rar
2014-05-04 20:28 - 2014-05-04 20:34 - 00000000 ____D () C:\Users\Heather\Desktop\HENRY
2014-05-04 20:18 - 2014-05-08 02:54 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-04 20:07 - 2014-05-04 20:13 - 532719233 _____ () C:\Users\Henry\AppData\Local\Local.rar
2014-05-04 19:54 - 2014-05-04 20:00 - 535944193 _____ () C:\Users\Henry\Documents\Documents.rar
2014-05-04 19:52 - 2014-05-04 19:52 - 00000000 ____D () C:\Program Files\LSoft Technologies
2014-05-04 19:36 - 2014-05-04 19:36 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\IObit
2014-05-04 19:36 - 2014-05-04 19:36 - 00000000 ____D () C:\Users\Jeff
2014-05-02 23:17 - 2014-05-05 17:40 - 00000266 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-05-02 20:21 - 2014-05-02 20:21 - 00000677 _____ () C:\Users\Heather\Downloads\instructions from Caiti.txt
2014-05-02 11:38 - 2014-05-02 11:38 - 00010608 ____N () C:\bootsqm.dat
2014-05-02 07:34 - 2014-04-28 11:23 - 00000000 ____D () C:\Users\Heather\Downloads\testdisk-7.0-WIP
2014-04-30 21:15 - 2014-04-30 22:58 - 00224332 _____ () C:\Users\Heather\Downloads\7DE3.tmp
2014-04-30 21:04 - 2014-05-05 04:22 - 00000000 ____D () C:\Users\Heather\Downloads\killitdedstuff
2014-04-29 19:22 - 2014-04-30 20:31 - 00026276 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-04-29 19:22 - 2014-04-30 20:19 - 00000000 ____D () C:\Users\Heather\Desktop\rkill
2014-04-29 13:03 - 2014-05-05 11:04 - 00000000 ____D () C:\Program Files\ffdshow
2014-04-29 11:01 - 2014-04-29 17:09 - 00000000 ____D () C:\Users\Heather\Desktop\Skyrim stuff
2014-04-29 10:35 - 2014-04-29 11:57 - 00001129 _____ () C:\Users\Heather\Desktop\Skyrim (SKSE).lnk
2014-04-29 10:35 - 2014-04-29 10:35 - 00001645 _____ () C:\Users\Henry\Desktop\Skyrim (SKSE).lnk
2014-04-29 10:35 - 2014-04-29 10:35 - 00001645 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk
2014-04-29 09:07 - 2014-04-29 09:07 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RCRN
2014-04-29 07:20 - 2014-04-29 08:53 - 00000000 ____D () C:\Users\Heather\Documents\Nexus Mod Manager
2014-04-29 07:20 - 2014-04-29 07:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\Black_Tree_Gaming
2014-04-29 07:03 - 2014-05-06 23:53 - 00000000 ____D () C:\Skyrim Mods
2014-04-29 07:02 - 2014-04-29 07:02 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2014-04-29 07:02 - 2014-04-29 07:02 - 00000000 ____D () C:\Program Files\Common Files\Wrye Bash
2014-04-29 06:57 - 2014-04-29 06:57 - 00136850 _____ () C:\Users\Heather\AppData\Local\recently-used.xbel
2014-04-29 06:46 - 2014-04-29 06:47 - 00000000 ____D () C:\BOSS
2014-04-29 06:09 - 2014-05-05 11:08 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-04-29 05:27 - 2014-05-05 04:57 - 00000000 ____D () C:\Users\Heather\Desktop\txt
2014-04-29 05:26 - 2014-05-05 11:03 - 00000000 ____D () C:\The Elder Scrolls V Skyrim
2014-04-29 05:25 - 2014-04-29 05:25 - 00000628 _____ () C:\Users\Heather\Desktop\t - Shortcut.lnk
2014-04-29 04:38 - 2014-04-29 14:50 - 00000000 ____D () C:\Users\Heather\AppData\Local\Skyrim
2014-04-29 04:38 - 2014-04-29 07:03 - 00000000 ____D () C:\Users\Heather\Documents\My Games
2014-04-29 04:34 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-04-29 04:21 - 2014-04-29 16:01 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\DAEMON Tools Lite
2014-04-29 04:21 - 2014-04-29 04:21 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-29 04:21 - 2014-04-29 04:21 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-04-28 15:38 - 2014-05-02 05:30 - 00001182 _____ () C:\Users\Heather\Desktop\ Mabinogi .lnk

==================== One Month Modified Files and Folders =======

2014-05-23 01:26 - 2014-05-19 16:00 - 00019421 _____ () C:\Users\Henry\Desktop\FRST.txt
2014-05-23 01:26 - 2014-05-05 17:48 - 00000000 ____D () C:\FRST
2014-05-23 01:25 - 2014-05-04 21:48 - 00064682 _____ () C:\Windows\setupact.log
2014-05-23 01:23 - 2013-03-18 18:14 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105114045-2200044803-2402353932-1001UA.job
2014-05-23 01:09 - 2014-05-23 01:09 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-23 01:08 - 2009-01-21 19:22 - 00000000 ____D () C:\Program Files\Google
2014-05-23 01:05 - 2014-05-23 01:05 - 00918672 _____ (Google Inc.) C:\Users\Henry\Downloads\ChromeSetup.exe
2014-05-23 01:03 - 2014-02-14 21:19 - 01075864 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 01:03 - 2013-03-17 02:18 - 00022022 _____ () C:\Windows\system32\perfh012.dat
2014-05-23 01:03 - 2013-03-17 02:18 - 00019372 _____ () C:\Windows\system32\prfh0404.dat
2014-05-23 01:03 - 2013-03-17 02:18 - 00018884 _____ () C:\Windows\system32\prfh0804.dat
2014-05-23 01:03 - 2013-03-17 02:18 - 00011658 _____ () C:\Windows\system32\prfc0404.dat
2014-05-23 01:03 - 2013-03-17 02:18 - 00011634 _____ () C:\Windows\system32\perfc012.dat
2014-05-23 01:03 - 2013-03-17 02:18 - 00011452 _____ () C:\Windows\system32\prfc0804.dat
2014-05-23 01:03 - 2013-03-16 23:18 - 00030018 _____ () C:\Windows\system32\perfh014.dat
2014-05-23 01:03 - 2013-03-16 23:18 - 00012432 _____ () C:\Windows\system32\perfc014.dat
2014-05-23 00:56 - 2013-03-16 18:03 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 21:09 - 2014-04-10 07:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 19:53 - 2013-03-16 18:03 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 19:52 - 2014-04-09 07:46 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-05-22 19:52 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 17:45 - 2014-04-10 00:44 - 01422475 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 16:05 - 2014-05-15 04:17 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-22 13:00 - 2013-07-04 20:40 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\DiskDefrag
2014-05-22 06:23 - 2013-03-18 18:14 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105114045-2200044803-2402353932-1001Core.job
2014-05-22 02:19 - 2014-05-08 22:09 - 00000000 ____D () C:\Users\Henry\AppData\Local\Deployment
2014-05-21 04:01 - 2013-04-15 13:58 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Skype
2014-05-19 15:44 - 2014-05-19 15:44 - 00000314 _____ () C:\Windows\PFRO.log
2014-05-19 15:39 - 2014-05-19 15:35 - 00000000 ____D () C:\AdwCleaner
2014-05-19 15:38 - 2013-03-16 16:28 - 00000000 ____D () C:\Users\Heather
2014-05-19 15:24 - 2014-05-19 15:24 - 01326389 _____ () C:\Users\Henry\Desktop\adwcleaner_3.210.exe
2014-05-19 15:24 - 2014-05-19 15:24 - 01056768 _____ (Farbar) C:\Users\Henry\Desktop\FRST.exe
2014-05-19 04:50 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 04:50 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 00:48 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Registration
2014-05-17 22:33 - 2014-05-17 22:33 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\PowerISO
2014-05-17 22:33 - 2014-05-17 22:33 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\DAEMON Tools Lite
2014-05-17 20:47 - 2014-05-17 20:47 - 00000000 ____H () C:\Users\Henry\Documents\Default.rdp
2014-05-17 20:29 - 2014-05-17 20:11 - 00001182 _____ () C:\Users\Henry\Desktop\ Mabinogi .lnk
2014-05-17 20:11 - 2014-05-17 20:11 - 00000000 ___SD () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mabinogi
2014-05-17 20:11 - 2014-05-17 20:11 - 00000000 ____D () C:\Nexon
2014-05-17 20:11 - 2014-05-16 18:27 - 00000000 ___SD () C:\Users\Henry\Documents\Mabinogi
2014-05-17 15:27 - 2014-05-17 15:27 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-17 00:27 - 2014-05-17 00:27 - 00000000 __SHD () C:\found.003
2014-05-16 23:14 - 2013-03-16 18:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-16 23:14 - 2013-03-16 18:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-16 23:13 - 2013-04-17 10:14 - 00000000 ____D () C:\Users\Henry\AppData\Local\Adobe
2014-05-16 16:29 - 2014-05-16 16:29 - 02556712 _____ () C:\Users\Henry\Downloads\Mabinogi_Downloader.exe
2014-05-16 16:29 - 2014-05-16 16:29 - 00000178 _____ () C:\console.log
2014-05-16 14:23 - 2014-02-14 21:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-15 08:30 - 2014-05-15 06:47 - 00106266 _____ () C:\Users\Henry\Downloads\13C7.tmp
2014-05-14 16:02 - 2014-04-09 07:46 - 00000000 ____D () C:\Program Files\Glary Utilities 4.9
2014-05-14 02:39 - 2014-02-22 01:51 - 00000000 ____D () C:\Users\Henry\AppData\Local\Microsoft Games
2014-05-13 23:40 - 2014-05-08 21:39 - 00003079 _____ () C:\Users\Henry\Desktop\attach.txt
2014-05-13 22:59 - 2014-05-08 21:39 - 00014807 _____ () C:\Users\Henry\Desktop\dds.txt
2014-05-12 02:05 - 2014-01-29 04:04 - 00000000 ____D () C:\t
2014-05-12 00:48 - 2014-05-05 07:40 - 00000000 ____D () C:\Users\Henry\.gimp-2.8
2014-05-11 22:33 - 2014-05-11 22:33 - 00022552 _____ () C:\Users\Henry\AppData\Local\recently-used.xbel
2014-05-11 22:33 - 2014-05-05 08:12 - 00000000 ____D () C:\Users\Henry\AppData\Local\gtk-2.0
2014-05-11 19:40 - 2014-05-11 19:32 - 143237120 _____ () C:\Users\Henry\Downloads\BlueStacks_HD_AppPlayerPro_setup_REL.msi
2014-05-11 19:19 - 2014-05-11 19:19 - 00000000 ____D () C:\Users\Henry\AppData\Local\Bluestacks
2014-05-11 19:19 - 2014-05-11 19:18 - 10381600 _____ (BlueStack Systems Inc.) C:\Users\Henry\Downloads\BlueStacks-SplitInstaller_native.exe
2014-05-09 19:04 - 2014-05-09 19:04 - 00000000 ____D () C:\Users\Henry\AppData\Local\Skype
2014-05-08 22:13 - 2014-05-08 22:10 - 00000000 ____D () C:\Users\Henry\AppData\Local\GVNotifierWPF
2014-05-08 22:10 - 2014-05-08 22:10 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dave Amenta
2014-05-08 22:09 - 2014-05-05 07:57 - 00000000 ____D () C:\Users\Henry\AppData\Local\Apps\2.0
2014-05-08 21:15 - 2014-05-08 21:15 - 00688992 ____R (Swearware) C:\Users\Henry\Desktop\dds.com
2014-05-08 02:54 - 2014-05-04 20:18 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-07 22:08 - 2014-05-05 05:28 - 00025980 _____ () C:\Users\Henry\Desktop\Rkill.txt
2014-05-07 21:28 - 2014-05-07 21:28 - 00000000 ____D () C:\Users\Henry\Documents\My Games
2014-05-07 21:28 - 2014-05-07 21:28 - 00000000 ____D () C:\Users\Henry\AppData\Local\Skyrim
2014-05-07 20:24 - 2014-05-07 20:23 - 03972608 _____ () C:\Users\Henry\Desktop\RogueKiller.exe
2014-05-07 20:21 - 2014-05-07 20:21 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Henry\Desktop\rkill.com
2014-05-07 17:52 - 2014-05-07 17:51 - 00000000 ____D () C:\Program Files\GUM635B.tmp
2014-05-07 05:40 - 2014-05-07 05:40 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\OpenOffice
2014-05-07 05:34 - 2013-04-05 19:26 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Adobe
2014-05-07 00:53 - 2014-05-07 00:52 - 00021037 _____ () C:\Windows\system32\Result.txt
2014-05-06 23:53 - 2014-04-29 07:03 - 00000000 ____D () C:\Skyrim Mods
2014-05-06 21:31 - 2012-11-26 15:54 - 00000000 ____D () C:\Program Files\Opera
2014-05-06 21:30 - 2014-05-06 21:30 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Opera
2014-05-06 21:30 - 2014-05-06 21:30 - 00000000 ____D () C:\Users\Henry\AppData\Local\Opera
2014-05-06 21:10 - 2014-05-06 21:10 - 00024769 _____ () C:\Users\Henry\Downloads\Result.txt
2014-05-06 21:07 - 2014-05-06 21:07 - 00982016 _____ (Farbar) C:\Users\Henry\Desktop\MiniToolBox.exe
2014-05-06 20:59 - 2014-03-23 14:54 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\uTorrent
2014-05-05 21:36 - 2014-05-05 21:36 - 00000000 ____D () C:\Program Files\WinThruster
2014-05-05 21:07 - 2014-05-05 21:07 - 00001369 _____ () C:\Users\Public\Desktop\EaseUS Partition Recovery 5.6.1.lnk
2014-05-05 21:07 - 2014-05-05 21:07 - 00000000 ____D () C:\Program Files\EaseUS
2014-05-05 18:15 - 2014-04-10 07:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-05 18:06 - 2014-05-05 17:58 - 00025135 _____ () C:\Users\Henry\Downloads\Addition.txt
2014-05-05 17:58 - 2014-05-05 17:48 - 00067707 _____ () C:\Users\Henry\Downloads\FRST.txt
2014-05-05 17:40 - 2014-05-02 23:17 - 00000266 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2014-05-05 17:20 - 2009-07-14 00:33 - 00494032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 12:54 - 2014-05-05 07:53 - 00000000 ___HD () C:\Users\Henry\.mediafire
2014-05-05 11:10 - 2014-05-05 11:10 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GlarySoft
2014-05-05 11:08 - 2014-04-29 06:09 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-05-05 11:04 - 2014-04-29 13:03 - 00000000 ____D () C:\Program Files\ffdshow
2014-05-05 11:03 - 2014-05-05 11:03 - 00000000 __RSH () C:\MSDOS.SYS
2014-05-05 11:03 - 2014-05-05 11:03 - 00000000 __RSH () C:\IO.SYS
2014-05-05 11:03 - 2014-04-29 05:26 - 00000000 ____D () C:\The Elder Scrolls V Skyrim
2014-05-05 10:54 - 2014-05-05 10:54 - 00000370 _____ () C:\Users\Heather\Documents\to download and install.txt
2014-05-05 09:33 - 2014-05-05 08:12 - 00000000 ____D () C:\Users\Henry\.thumbnails
2014-05-05 08:26 - 2014-05-05 08:21 - 276395862 _____ () C:\Users\Heather\Documents\Mabinogi(from My Documents).rar
2014-05-05 08:24 - 2013-12-21 21:57 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\.minecraft
2014-05-05 08:16 - 2013-01-05 01:45 - 00000000 ____D () C:\Program Files\Everything
2014-05-05 08:12 - 2013-04-05 19:26 - 00000000 ____D () C:\Users\Henry
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part106.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part105.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part104.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part103.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part102.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part101.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part100.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part099.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part098.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part097.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part096.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 05242880 _____ () C:\Program Files\JULIE TTS.part095.rar
2014-05-05 08:06 - 2014-05-05 08:06 - 02865152 _____ () C:\Program Files\JULIE TTS.part107.rar
2014-05-05 08:06 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part094.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part093.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part092.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part091.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part090.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part089.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part088.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part087.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part086.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part085.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part084.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part083.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part082.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part081.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part080.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part079.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part078.rar
2014-05-05 08:05 - 2014-05-05 08:05 - 05242880 _____ () C:\Program Files\JULIE TTS.part077.rar
2014-05-05 08:05 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part076.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part075.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part074.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part073.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part072.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part071.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part070.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part069.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part068.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part067.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part066.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part065.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part064.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part063.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part062.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part061.rar
2014-05-05 08:04 - 2014-05-05 08:04 - 05242880 _____ () C:\Program Files\JULIE TTS.part060.rar
2014-05-05 08:04 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part059.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part058.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part057.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part056.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part055.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part054.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part053.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part052.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part051.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part050.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part049.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part048.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part047.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part046.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part045.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part044.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part043.rar
2014-05-05 08:03 - 2014-05-05 08:03 - 05242880 _____ () C:\Program Files\JULIE TTS.part042.rar
2014-05-05 08:03 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part041.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part040.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part039.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part038.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part037.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part036.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part035.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part034.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part033.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part032.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part031.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part030.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part029.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part028.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part027.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part026.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part025.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part024.rar
2014-05-05 08:02 - 2014-05-05 08:02 - 05242880 _____ () C:\Program Files\JULIE TTS.part023.rar
2014-05-05 08:02 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part022.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part021.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part020.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part019.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part018.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part017.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part016.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part015.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part014.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part013.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part012.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part011.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part010.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part009.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part008.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part007.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part006.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part005.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part004.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part003.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part002.rar
2014-05-05 08:01 - 2014-05-05 08:01 - 05242880 _____ () C:\Program Files\JULIE TTS.part001.rar
2014-05-05 07:59 - 2014-05-05 07:57 - 00000000 ___RD () C:\Users\Heather\Documents\MediaFire
2014-05-05 07:54 - 2014-05-05 07:54 - 00000000 ____D () C:\Users\Henry\MediaFire
2014-05-05 07:47 - 2014-05-05 07:47 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\WinRAR
2014-05-05 07:40 - 2014-05-05 07:40 - 00000000 ____D () C:\Users\Henry\AppData\Local\gegl-0.2
2014-05-05 05:46 - 2013-04-05 19:26 - 00119776 _____ () C:\Users\Henry\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 05:36 - 2014-05-05 05:36 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\QuickScan
2014-05-05 04:57 - 2014-04-29 05:27 - 00000000 ____D () C:\Users\Heather\Desktop\txt
2014-05-05 04:39 - 2014-05-05 04:35 - 69986712 _____ (MediaFire) C:\Users\Heather\Downloads\MediaFireDesktop-0.10.36.9353-windows-PRODUCTION.exe
2014-05-05 04:22 - 2014-04-30 21:04 - 00000000 ____D () C:\Users\Heather\Downloads\killitdedstuff
2014-05-04 21:48 - 2014-05-04 21:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 20:59 - 2014-05-04 20:59 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-04 20:38 - 2014-05-04 20:37 - 77868893 _____ () C:\Users\Heather\Desktop\HENRY.rar
2014-05-04 20:34 - 2014-05-04 20:28 - 00000000 ____D () C:\Users\Heather\Desktop\HENRY
2014-05-04 20:13 - 2014-05-04 20:07 - 532719233 _____ () C:\Users\Henry\AppData\Local\Local.rar
2014-05-04 20:00 - 2014-05-04 19:54 - 535944193 _____ () C:\Users\Henry\Documents\Documents.rar
2014-05-04 19:52 - 2014-05-04 19:52 - 00000000 ____D () C:\Program Files\LSoft Technologies
2014-05-04 19:36 - 2014-05-04 19:36 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\IObit
2014-05-04 19:36 - 2014-05-04 19:36 - 00000000 ____D () C:\Users\Jeff
2014-05-02 20:21 - 2014-05-02 20:21 - 00000677 _____ () C:\Users\Heather\Downloads\instructions from Caiti.txt
2014-05-02 11:38 - 2014-05-02 11:38 - 00010608 ____N () C:\bootsqm.dat
2014-05-02 05:30 - 2014-04-28 15:38 - 00001182 _____ () C:\Users\Heather\Desktop\ Mabinogi .lnk
2014-05-01 04:40 - 2013-03-19 17:12 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Skype
2014-04-30 22:58 - 2014-04-30 21:15 - 00224332 _____ () C:\Users\Heather\Downloads\7DE3.tmp
2014-04-30 20:31 - 2014-04-29 19:22 - 00026276 _____ () C:\Users\Heather\Desktop\Rkill.txt
2014-04-30 20:19 - 2014-04-29 19:22 - 00000000 ____D () C:\Users\Heather\Desktop\rkill
2014-04-29 19:22 - 2014-05-05 05:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Heather\Desktop\rkill.exe
2014-04-29 18:21 - 2014-05-07 05:27 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Henry\Desktop\TDSSKiller.exe
2014-04-29 18:21 - 2014-05-05 04:42 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Heather\Desktop\TDSSKiller.exe
2014-04-29 17:09 - 2014-04-29 11:01 - 00000000 ____D () C:\Users\Heather\Desktop\Skyrim stuff
2014-04-29 16:01 - 2014-04-29 04:21 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\DAEMON Tools Lite
2014-04-29 16:01 - 2013-03-19 17:22 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\uTorrent
2014-04-29 14:50 - 2014-04-29 04:38 - 00000000 ____D () C:\Users\Heather\AppData\Local\Skyrim
2014-04-29 12:53 - 2014-04-10 07:26 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-29 12:53 - 2014-04-10 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-29 12:53 - 2014-04-10 07:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-29 11:57 - 2014-04-29 10:35 - 00001129 _____ () C:\Users\Heather\Desktop\Skyrim (SKSE).lnk
2014-04-29 10:35 - 2014-04-29 10:35 - 00001645 _____ () C:\Users\Henry\Desktop\Skyrim (SKSE).lnk
2014-04-29 10:35 - 2014-04-29 10:35 - 00001645 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk
2014-04-29 09:39 - 2014-04-10 08:22 - 00000000 ____D () C:\Users\Heather\AppData\Local\WinZip
2014-04-29 09:07 - 2014-04-29 09:07 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RCRN
2014-04-29 08:53 - 2014-04-29 07:20 - 00000000 ____D () C:\Users\Heather\Documents\Nexus Mod Manager
2014-04-29 07:41 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-29 07:23 - 2014-03-23 16:20 - 00000000 ____D () C:\Games
2014-04-29 07:20 - 2014-04-29 07:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\Black_Tree_Gaming
2014-04-29 07:03 - 2014-04-29 04:38 - 00000000 ____D () C:\Users\Heather\Documents\My Games
2014-04-29 07:03 - 2013-12-09 22:26 - 00000000 ____D () C:\Users\Heather\.gimp-2.8
2014-04-29 07:02 - 2014-04-29 07:02 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2014-04-29 07:02 - 2014-04-29 07:02 - 00000000 ____D () C:\Program Files\Common Files\Wrye Bash
2014-04-29 06:57 - 2014-04-29 06:57 - 00136850 _____ () C:\Users\Heather\AppData\Local\recently-used.xbel
2014-04-29 06:57 - 2013-12-09 22:29 - 00000000 ____D () C:\Users\Heather\AppData\Local\gtk-2.0
2014-04-29 06:47 - 2014-04-29 06:46 - 00000000 ____D () C:\BOSS
2014-04-29 05:25 - 2014-04-29 05:25 - 00000628 _____ () C:\Users\Heather\Desktop\t - Shortcut.lnk
2014-04-29 05:24 - 2013-01-05 01:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-29 04:21 - 2014-04-29 04:21 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-29 04:21 - 2014-04-29 04:21 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-04-29 04:03 - 2013-12-31 14:45 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-04-28 11:23 - 2014-05-05 10:57 - 00000000 ____D () C:\Users\Heather\Documents\testdisk-7.0-WIP
2014-04-28 11:23 - 2014-05-02 07:34 - 00000000 ____D () C:\Users\Heather\Downloads\testdisk-7.0-WIP
2014-04-27 21:15 - 2013-03-18 01:18 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\vlc
2014-04-27 00:14 - 2012-11-27 23:28 - 00000000 ____D () C:\Users\Heather\Documents\Google Talk Received Files
2014-04-26 01:43 - 2013-06-19 18:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-24 14:26 - 2014-04-04 21:09 - 00000000 ____D () C:\Users\Heather\Downloads\SIMS

Some content of TEMP:
====================
C:\Users\Henry\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 06:10

==================== End Of Log ============================


Edited by Clytemnestra, 23 May 2014 - 02:35 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 23 May 2014 - 08:20 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (MixiDJ V1) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj [2014-05-23]
CHR Extension: (No Name) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-04-10]
CHR HKLM\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx [2013-04-03]
CHR HKCU\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx [2013-04-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S0 46030104; system32\drivers\30282419.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what issues remains.

#13 Clytemnestra

Clytemnestra
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 23 May 2014 - 10:08 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-05-2014
Ran by Henry at 2014-05-23 09:27:59 Run:2
Running from C:\Users\Henry\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (MixiDJ V1) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj [2014-05-23]
CHR Extension: (No Name) - C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-04-10]
CHR HKLM\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx [2013-04-03]
CHR HKCU\...\Chrome\Extension: [cpgiblhchgoecodgpfekaadnmndjalhj] - C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx [2013-04-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S0 46030104; system32\drivers\30282419.sys [X]

End
*****************

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin => Key deleted successfully.
C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll not found.
C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll not found.
C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL not found.
C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL not found.
C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll not found.
c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj => Moved successfully.
C:\Users\Henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj => Key deleted successfully.
C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\cpgiblhchgoecodgpfekaadnmndjalhj => Key deleted successfully.
"C:\Users\Henry\AppData\Local\CRE\cpgiblhchgoecodgpfekaadnmndjalhj.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
46030104 => Service deleted successfully.

==== End of Fixlog ====

----

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Java version out of Date!
 Adobe Flash Player     13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Mozilla Thunderbird (27.0.)
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````


EDIT, 12:21pm:
I restarted the computer because all of a sudden now, I have no sound; I hover over the icon in the tray and it says, "The Audio Service is not running." (I can't ask it to troubleshoot the issue, because the diagnostic thing just hangs on "detecting problems" indefinitely.) The computer was frozen for a while after rebooting, and is now responsive enough for me to post about the weirdest pop-up I have ever seen.

It came up shortly after I logged in and I am very confused.
The title bar reads, "::{26EE0668-A00A-44D7-9371-BEB064C98683}\3\::{8E908FC9-BECC-40F6-915B-F4CA0E70D03D}". The message reads, "There is not enough free memory to run this program. Exit one or more programs, and then try again."

I don't know what program is trying to run.
 


Edited by Clytemnestra, 23 May 2014 - 12:17 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 24 May 2014 - 07:03 AM


Looks like you have a problem with the

Network and Sharing Center - explorer.exe shell:::{8E908FC9-BECC-40f6-915B-F4CA0E70D03D}

Run the SFC.EXE as suggested here.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===

If the problem persists continue.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options only.

Reset Registry Permissions
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
p.s. will take care of the Security check log when all is well.

#15 Clytemnestra

Clytemnestra
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:27 PM

Posted 24 May 2014 - 03:31 PM

The scan ran, and the thing is claiming it found no registry issues, and yet I have no sound, cannot create a system restore point, access the recovery options, run Malwarebytes, etcetera.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users