Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with Removal of Bidvertiser Malware


  • This topic is locked This topic is locked
9 replies to this topic

#1 Healthnut

Healthnut

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 28 May 2014 - 12:13 PM

First off I am running on a HP desktop computer with Windows 8.  I am using version windows 8.1.  About a month ago I picked up this nasty malware I think when I downloaded an app or some script but don't exactly know what the exact thing was.  I was able to determine that it is from a Company called Bidvertiser. This is what I am seeing.  This thing shows up on each tab I have open. When I open the tab a small advertising box appears (usually in Russian), my screen is darkened and a  countdown inside a small circle appears next to the box. When it gets to 0 and X appears and I can click on it and get access to my tab. Or another alternative is when I click on the tab, the screen is darkened and a large empty box appears with the small cirlce X and I can click and get access to my work. These screens happen just about 90% of the time I open or click on a tab. I contacted bidvertiser and they said they do not do this, but one of their users must have infected me.  

I have run my Avast antivirus, malwarebytes (free program) and Spybot Search and Destroy (free program) and nothing seems to get rid of it or for that matter find it.  

I need some help to remove this damn thing because it is very irritaiing and eats up lots of time waiting for the countdown to get access to my work. 

 

I have included attached files with examples of what screens look like.  

 

I'll patiently wait for a response.  Thank you.  :hysterical:

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:39 AM

Posted 01 June 2014 - 08:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Healthnut

Healthnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 02 June 2014 - 11:03 PM

nasdaq, you are the best. I don't know how to thank you enough.  It appears your cure for the nasty demon worked.  After doing the steps you suggested and my computer rebooting, i clicked arouind all my tabs and it did not show up at all.  Again, thank you, thank you, thank you.  I surely won't miss that nuisance.  I have pasted the reports you requested and attached the one you requested.  Thank you again.

 

# AdwCleaner v3.211 - Report created 02/06/2014 at 22:12:47
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Allison Brown - BILLSBUSINESSCO
# Running from : C:\Users\Allison Brown\Desktop\adwcleaner_3.211.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Allison Brown\AppData\Local\genienext
Folder Deleted : C:\Users\Allison Brown\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Allison Brown\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Allison Brown\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Allison Brown\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Allison Brown\Documents\Mobogenie
Folder Deleted : C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Folder Deleted : C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
[!] Folder Deleted : C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
File Deleted : C:\Users\Allison Brown\daemonprocess.txt
File Deleted : C:\WINDOWS\System32\Tasks\SomotoUpdateCheckerAutoStart
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
[x] Not Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Inbox Toolbar
[x] Not Deleted : [x64] HKCU\Software\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Allison Brown\AppData\Roaming\Mozilla\Firefox\Profiles\zi7flzbz.default-1399301612812\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : mahgaopgbalgbfohkikbdjfmaapiehaf
 
[ File : C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2
Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : mahgaopgbalgbfohkikbdjfmaapiehaf
 
*************************
 
AdwCleaner[R0].txt - [3793 octets] - [02/06/2014 22:02:16]
AdwCleaner[S0].txt - [3436 octets] - [02/06/2014 22:12:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3496 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Allison Brown (administrator) on BILLSBUSINESSCO on 02-06-2014 22:29:29
Running from C:\Users\Allison Brown\Desktop\Maintenance Programs
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Altaro) C:\Program Files (x86)\Altaro\Oops!Backup\OopsBackup.Service.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Monotype Inc.) C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Altaro) C:\Program Files (x86)\Altaro\Oops!Backup\OopsBackup.exe
(Monotype Inc.) C:\Program Files\Monotype\SkyFonts\SkyFonts.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft) C:\Program Files\Monotype\SkyFonts\SkyFonts.Monitor.exe
(Altaro) C:\Program Files (x86)\Altaro\Oops!Backup\OopsBackup.Engine.exe
(Dropbox, Inc.) C:\Users\Allison Brown\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Boomerang Software) C:\Program Files (x86)\Boomerang Software\Guardian PC Security Tools\PFFT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Guardian PC Security Tools] => C:\Program Files (x86)\Boomerang Software\Guardian PC Security Tools\Pfft.exe [306176 2007-06-21] (Boomerang Software)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-26] (AVAST Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2534936 2014-03-12] (Sony Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-76821204-377258392-1396739166-1001\...\Run: [Oops!Backup] => C:\Program Files (x86)\Altaro\Oops!Backup\OopsBackup.exe [3338752 2012-04-25] (Altaro)
HKU\S-1-5-21-76821204-377258392-1396739166-1001\...\Run: [Monotype SkyFonts System Extension] => C:\Program Files\Monotype\SkyFonts\SkyFonts.exe [1124144 2014-05-30] (Monotype Inc.)
HKU\S-1-5-21-76821204-377258392-1396739166-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKU\S-1-5-21-76821204-377258392-1396739166-1001\...\Run: [Rank Builder Neo] => C:\Program Files (x86)\BacklinkBeast\RunAtStartup.exe [343552 2012-06-22] (Geekpedia)
HKU\S-1-5-21-76821204-377258392-1396739166-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-76821204-377258392-1396739166-1001\...\Run: [GoogleChromeAutoLaunch_2CB76EC9E952848E0F8A3AB9F28423A6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
HKU\S-1-5-21-76821204-377258392-1396739166-1001\...\MountPoints2: {d8053412-4fe3-11e2-be65-806e6f6e6963} - "E:\Start.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Allison Brown\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - {BDD481C9-4EA3-4C01-AB9A-A9F38AFFC7D3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {BDD481C9-4EA3-4C01-AB9A-A9F38AFFC7D3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {BDD481C9-4EA3-4C01-AB9A-A9F38AFFC7D3} URL = 
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Allison Brown\AppData\Roaming\Mozilla\Firefox\Profiles\zi7flzbz.default-1399301612812
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Allison Brown\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-11]
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Screen Capture Plugin) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7_0\plugins/screen_capture.dll No File
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.430.433.1_0\plugin/ace.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Allison Brown\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
CHR Extension: (Google Translate) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-09-11]
CHR Extension: (SEOquake) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2013-09-23]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-09-11]
CHR Extension: (Google Docs) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (Webpage Screenshot) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2013-09-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (ColorZilla) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2013-12-08]
CHR Extension: (YouTube) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Google Search) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Internet Marketing Bar) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhijnmmpipndmnpkhpbigejkhmlnlcap [2014-05-05]
CHR Extension: (Proxy SwitchySharp) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2013-09-11]
CHR Extension: (HTTPS Everywhere) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-09-11]
CHR Extension: (Facebook for Chrome) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2013-09-11]
CHR Extension: (avast! Online Security) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-17]
CHR Extension: (Facebook Image Text Detection Tool) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifhnpljjonbkgdbkfdophelkeolkjilf [2014-02-14]
CHR Extension: (Google +1 Button) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2013-09-11]
CHR Extension: (Sky and Forest [FVD]) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabingleedfgfnnkebeaciehlcjjlkka [2013-11-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2013-09-11]
CHR Extension: (StumbleUpon) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2013-09-11]
CHR Extension: (Proxybonanza manager) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\kconeelhhdbnjombompadmclijkcfbph [2014-03-16]
CHR Extension: (Shareaholic for Pinterest) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc [2013-09-11]
CHR Extension: (Online Timer) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjkmknlbmnnkekmlamleaacjfoiippjl [2014-02-11]
CHR Extension: (FVD Downloader) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-09-11]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2013-11-03]
CHR Extension: (Google Mail Checker) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-09-11]
CHR Extension: (SocialMonkee Submitter) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphmcdpcokgeknmaineflodmagodpmdd [2013-09-23]
CHR Extension: (Hangouts) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-09-11]
CHR Extension: (Google Wallet) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Buffer) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2014-05-13]
CHR Extension: (Print Friendly & PDF) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2013-09-11]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2013-12-13]
CHR Extension: (Evernote Web Clipper) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-09-11]
CHR Extension: (Gmail) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-22] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-04-07] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 OopsBackup.Service.exe; C:\Program Files (x86)\Altaro\Oops!Backup\OopsBackup.Service.exe [22016 2012-04-25] (Altaro)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-03-12] (Sony Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R2 SkyFontsService; C:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe [35120 2014-05-30] (Monotype Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 ArcSoftKsUFilter; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-04] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-22] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-03-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-22] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [191960 2010-02-16] (EldoS Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [33488 2013-09-23] ()
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-05-29] (EldoS Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-21] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-21] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\ALLISO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-02 22:28 - 2014-06-02 22:29 - 00000000 ____D () C:\FRST
2014-06-02 22:25 - 2014-06-02 22:25 - 01327971 _____ () C:\Users\Allison Brown\Downloads\adwcleaner_3.211.exe
2014-06-02 22:24 - 2014-06-02 22:24 - 00003793 _____ () C:\Users\Allison Brown\Desktop\AdwCleaner[R0] before clean.txt
2014-06-02 22:24 - 2014-06-02 22:24 - 00000147 ____H () C:\Users\Allison Brown\Desktop\.~lock.AdwCleaner[R0] before clean.txt#
2014-06-02 22:22 - 2014-06-02 22:22 - 00003580 _____ () C:\Users\Allison Brown\Desktop\AdwCleaner[S0].txt
2014-06-02 22:22 - 2014-06-02 22:22 - 00000147 ____H () C:\Users\Allison Brown\Desktop\.~lock.AdwCleaner[S0].txt#
2014-06-02 22:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-02 22:01 - 2014-06-02 22:24 - 00000000 ____D () C:\AdwCleaner
2014-06-02 21:41 - 2014-06-02 21:41 - 01327971 _____ () C:\Users\Allison Brown\Desktop\adwcleaner_3.211.exe
2014-05-29 11:36 - 2014-05-29 11:36 - 00000614 _____ () C:\Users\Allison Brown\Downloads\aquaponicssurvivor
2014-05-28 10:51 - 2014-05-28 10:51 - 05203612 _____ (Swearware) C:\Users\Allison Brown\Downloads\ComboFix.exe
2014-05-25 09:16 - 2014-05-25 09:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-25 09:15 - 2014-05-25 12:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 09:15 - 2014-05-25 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 09:15 - 2014-05-25 09:15 - 00001401 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 09:15 - 2014-05-25 09:15 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 09:15 - 2014-05-25 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 09:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-05-23 11:29 - 2014-05-23 11:41 - 00000000 ____D () C:\Users\Allison Brown\Documents\Wordpress 3.9.1 download
2014-05-23 11:21 - 2014-05-23 11:21 - 04968079 _____ (Tim Kosse) C:\Users\Allison Brown\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-22 14:39 - 2014-05-22 14:40 - 00000000 ____D () C:\Users\Allison Brown\Documents\Rechargeable 5 button Mouse
2014-05-22 07:50 - 2014-05-22 07:50 - 02916200 _____ () C:\Users\Allison Brown\Downloads\3infographics.zip
2014-05-21 16:44 - 2014-05-21 17:07 - 2014993113 _____ () C:\Users\Allison Brown\Downloads\3-Hours of Bonus Training for Dark Post Profits Owners! » Internet Marketing Bar.mp4
2014-05-20 20:14 - 2014-05-20 20:14 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-20 20:14 - 2014-05-20 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-20 20:13 - 2014-05-20 20:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-20 20:13 - 2014-05-20 20:14 - 00000000 ____D () C:\Program Files\iTunes
2014-05-20 20:13 - 2014-05-20 20:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-15 15:29 - 2014-05-15 15:29 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\TheBestSpinner
2014-05-15 15:28 - 2014-05-15 15:28 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner
2014-05-15 15:28 - 2014-05-15 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner
2014-05-15 15:28 - 2014-05-15 15:28 - 00000000 ____D () C:\Program Files (x86)\TheBestSpinner
2014-05-15 15:27 - 2014-05-15 15:27 - 01451770 _____ () C:\Users\Allison Brown\Downloads\SetupTheBestSpinner.exe
2014-05-14 19:11 - 2014-05-14 19:11 - 08537807 _____ () C:\Users\Allison Brown\Downloads\OfflineBusiness Logo V1.zip
2014-05-14 17:50 - 2014-05-14 17:50 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 17:48 - 2014-04-11 05:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 17:48 - 2014-04-11 05:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 17:48 - 2014-04-11 03:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 17:48 - 2014-04-11 01:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 17:48 - 2014-04-11 00:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 17:48 - 2014-04-11 00:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 17:48 - 2014-04-10 22:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 17:48 - 2014-04-10 22:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 17:48 - 2014-04-10 22:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 17:48 - 2014-04-10 22:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 17:48 - 2014-04-10 22:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 17:48 - 2014-04-10 22:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 17:48 - 2014-04-10 22:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 17:48 - 2014-04-10 22:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 17:48 - 2014-04-10 22:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 17:48 - 2014-04-10 22:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 17:48 - 2014-04-10 21:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 17:48 - 2014-04-10 21:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 17:48 - 2014-04-10 21:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 17:48 - 2014-04-10 21:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 17:48 - 2014-04-10 21:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 17:48 - 2014-04-10 21:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 17:48 - 2014-04-10 21:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 17:48 - 2014-04-10 21:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 17:48 - 2014-04-10 21:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 17:48 - 2014-04-10 21:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 17:48 - 2014-04-10 21:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 17:48 - 2014-03-23 21:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 17:48 - 2014-03-23 21:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 17:48 - 2014-03-23 21:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 17:48 - 2014-03-13 02:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 17:48 - 2014-03-13 01:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 17:46 - 2014-05-05 23:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 17:46 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 17:46 - 2014-05-05 22:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 17:46 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 17:46 - 2014-04-08 17:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 17:46 - 2014-04-08 17:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 17:46 - 2014-04-08 13:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 17:46 - 2014-04-08 13:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 17:46 - 2014-03-27 04:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 17:46 - 2014-03-27 02:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 13:11 - 2014-05-14 13:11 - 00781632 _____ (CompuClever Systems Inc.) C:\Users\Allison Brown\Downloads\Ultrafileopener2 (1).exe
2014-05-14 13:08 - 2014-05-14 13:08 - 00009216 ___SH () C:\Users\Public\Desktop\Thumbs.db
2014-05-14 13:07 - 2014-05-14 13:07 - 00001317 _____ () C:\Users\Allison Brown\Desktop\Ultra File Opener.lnk
2014-05-14 13:07 - 2014-05-14 13:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-14 13:07 - 2014-05-14 13:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\CompuClever
2014-05-14 13:07 - 2014-05-14 13:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\CompuClever
2014-05-14 13:06 - 2014-05-14 13:06 - 00781632 _____ (CompuClever Systems Inc.) C:\Users\Allison Brown\Downloads\Ultrafileopener2.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000108 _____ () C:\Users\Allison Brown\Downloads\index.htm
2014-05-14 09:56 - 2014-05-17 11:15 - 00000000 ____D () C:\Users\Allison Brown\Documents\Foreign Tax Form Filing
2014-05-13 20:38 - 2014-06-02 21:59 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Skype
2014-05-13 20:38 - 2014-05-13 20:38 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\Skype
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ____D () C:\ProgramData\Skype
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-13 20:36 - 2014-05-13 20:36 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Allison Brown\Downloads\SkypeSetup.exe
2014-05-13 07:25 - 2014-05-13 07:25 - 00000000 ____D () C:\Users\Allison Brown\Documents\WebCam Media
2014-05-12 22:11 - 2014-05-12 22:11 - 00002279 _____ () C:\Users\Public\Desktop\Magic-i Visual Effects 2.lnk
2014-05-12 22:11 - 2014-05-12 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
2014-05-12 22:11 - 2008-04-04 10:10 - 00019968 _____ (ArcSoft, Inc.) C:\WINDOWS\system32\Drivers\ArcSoftKsUFilter.sys
2014-05-12 22:11 - 2008-03-22 05:52 - 00053560 _____ (ArcSoft, Inc.) C:\WINDOWS\system\ArcSoftKsUFilter.dll
2014-05-12 22:11 - 2005-04-27 16:36 - 00245408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unicows.dll
2014-05-12 22:11 - 1995-07-31 13:44 - 00212480 _____ (Eastman Kodak) C:\WINDOWS\SysWOW64\PCDLIB32.DLL
2014-05-12 22:09 - 2014-05-12 22:09 - 00002018 _____ () C:\Users\Public\Desktop\WebCam Companion 3.lnk
2014-05-12 22:09 - 2014-05-12 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 3
2014-05-12 22:07 - 2014-05-13 07:12 - 00000204 _____ () C:\Users\Public\Desktop\ArcSoft Products and Bonus Offers.url
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\ArcSoft
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-05-12 22:05 - 2014-05-27 14:56 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-05-12 22:05 - 2014-05-12 22:05 - 00002167 _____ () C:\Users\Public\Desktop\Media Impression 2.lnk
2014-05-12 22:05 - 2014-05-12 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2
2014-05-12 22:05 - 2006-11-14 11:31 - 00022784 _____ (Arcsoft, Inc.) C:\WINDOWS\SysWOW64\Drivers\afc.sys
2014-05-12 22:04 - 2014-05-12 22:11 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-05-12 22:03 - 2014-05-27 14:56 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\ArcSoft
2014-05-12 21:12 - 2014-05-12 21:12 - 00367496 _____ () C:\Users\Allison Brown\Downloads\hookpages.zip
2014-05-12 21:12 - 2014-05-12 21:12 - 00367496 _____ () C:\Users\Allison Brown\Downloads\hookpages (1).zip
2014-05-12 12:11 - 2014-05-12 12:11 - 00001201 _____ () C:\Users\Allison Brown\Desktop\Free Ultimate File Opener.lnk
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Bill\AppData\Local\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Free Ultimate File Opener
2014-05-12 12:09 - 2014-05-12 12:10 - 13069264 _____ () C:\Users\Allison Brown\Downloads\FreeUltimateFileOpener.exe
2014-05-12 08:29 - 2014-05-12 08:30 - 00000000 ____D () C:\Users\Allison Brown\Documents\Google Ranktracker script 5-14
2014-05-10 11:22 - 2014-05-10 11:22 - 00000033 _____ () C:\Users\Allison Brown\Documents\WEBSiteBuilder.dat
2014-05-10 11:19 - 2014-05-10 11:19 - 00002796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WEB3-SITEBUILDER.lnk
2014-05-10 11:19 - 2014-05-10 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bilberry Media
2014-05-10 10:54 - 2014-05-10 11:02 - 00000000 ____D () C:\Users\Allison Brown\Documents\Excel program skills videos 5-14
2014-05-10 10:23 - 2014-05-13 12:47 - 00000000 ____D () C:\Users\Allison Brown\Documents\VoipO info
2014-05-09 12:57 - 2014-05-09 12:57 - 00000000 ____D () C:\Users\Allison Brown\Documents\Youtube soundtracks
2014-05-09 07:13 - 2014-05-09 07:13 - 00000000 __SHD () C:\Users\Allison Brown\AppData\Local\EmieUserList
2014-05-09 07:13 - 2014-05-09 07:13 - 00000000 __SHD () C:\Users\Allison Brown\AppData\Local\EmieSiteList
2014-05-08 20:33 - 2014-05-29 14:35 - 00000000 ____D () C:\Users\Allison Brown\Documents\Hostgator affiliate program
2014-05-08 08:02 - 2014-05-08 08:02 - 00000000 ____D () C:\Users\Allison Brown\Documents\Android Tablet info
2014-05-08 07:58 - 2014-05-08 08:00 - 00000000 ____D () C:\Users\Allison Brown\Documents\Gigaware 2 webcam info 5-14
2014-05-06 22:20 - 2014-05-06 22:20 - 00000000 ____D () C:\Users\Allison Brown\Downloads\InternetSlayersPLRGift
2014-05-06 22:19 - 2014-05-06 22:19 - 01243294 _____ () C:\Users\Allison Brown\Downloads\InternetSlayersPLRGift.zip
2014-05-05 09:53 - 2014-05-05 09:53 - 00000000 ____D () C:\Users\Allison Brown\Desktop\Old Firefox Data
 
==================== One Month Modified Files and Folders =======
 
2014-06-02 22:29 - 2014-06-02 22:28 - 00000000 ____D () C:\FRST
2014-06-02 22:29 - 2013-12-21 18:01 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\Temp
2014-06-02 22:27 - 2014-02-05 20:56 - 00000642 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-76821204-377258392-1396739166-1001.job
2014-06-02 22:26 - 2013-01-26 21:56 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-76821204-377258392-1396739166-1001
2014-06-02 22:25 - 2014-06-02 22:25 - 01327971 _____ () C:\Users\Allison Brown\Downloads\adwcleaner_3.211.exe
2014-06-02 22:25 - 2014-04-10 16:07 - 01095745 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-02 22:25 - 2014-01-07 09:41 - 00003986 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F534902-C3F0-4633-BB19-2FB3DF734833}
2014-06-02 22:25 - 2012-12-26 22:23 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-06-02 22:24 - 2014-06-02 22:24 - 00003793 _____ () C:\Users\Allison Brown\Desktop\AdwCleaner[R0] before clean.txt
2014-06-02 22:24 - 2014-06-02 22:24 - 00000147 ____H () C:\Users\Allison Brown\Desktop\.~lock.AdwCleaner[R0] before clean.txt#
2014-06-02 22:24 - 2014-06-02 22:01 - 00000000 ____D () C:\AdwCleaner
2014-06-02 22:22 - 2014-06-02 22:22 - 00003580 _____ () C:\Users\Allison Brown\Desktop\AdwCleaner[S0].txt
2014-06-02 22:22 - 2014-06-02 22:22 - 00000147 ____H () C:\Users\Allison Brown\Desktop\.~lock.AdwCleaner[S0].txt#
2014-06-02 22:20 - 2014-04-15 01:05 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Dropbox
2014-06-02 22:20 - 2013-12-21 18:26 - 00000000 __RDO () C:\Users\Allison Brown\SkyDrive
2014-06-02 22:20 - 2013-09-17 07:09 - 01125888 ___SH () C:\Users\Allison Brown\Desktop\Thumbs.db
2014-06-02 22:20 - 2013-09-09 14:55 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-02 22:20 - 2013-09-09 14:52 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 22:20 - 2013-09-09 10:27 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-02 22:19 - 2014-04-15 01:07 - 00000000 ___RD () C:\Users\Allison Brown\Dropbox
2014-06-02 22:19 - 2014-04-15 01:06 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\DropboxMaster
2014-06-02 22:19 - 2014-02-10 17:04 - 00000000 __RHD () C:\Users\Allison Brown\AppData\Roaming\Monotype
2014-06-02 22:17 - 2013-09-16 17:04 - 00000000 ____D () C:\ProgramData\OopsBackup
2014-06-02 22:17 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-02 22:16 - 2014-04-17 07:53 - 00048166 _____ () C:\WINDOWS\PFRO.log
2014-06-02 22:15 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-02 22:13 - 2013-12-21 18:01 - 00000000 ____D () C:\Users\Allison Brown
2014-06-02 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-02 21:59 - 2014-05-13 20:38 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Skype
2014-06-02 21:48 - 2013-10-09 11:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-02 21:41 - 2014-06-02 21:41 - 01327971 _____ () C:\Users\Allison Brown\Desktop\adwcleaner_3.211.exe
2014-06-02 21:34 - 2013-09-09 14:52 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 08:28 - 2014-02-10 17:04 - 00001898 _____ () C:\Users\Public\Desktop\SkyFonts.lnk
2014-06-01 11:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-30 13:22 - 2013-09-14 11:19 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\vlc
2014-05-30 11:11 - 2014-02-20 11:15 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\ClassicShell
2014-05-30 10:14 - 2013-09-14 11:14 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\Paint.NET
2014-05-29 22:10 - 2013-09-23 15:57 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\FileZilla
2014-05-29 14:35 - 2014-05-08 20:33 - 00000000 ____D () C:\Users\Allison Brown\Documents\Hostgator affiliate program
2014-05-29 11:36 - 2014-05-29 11:36 - 00000614 _____ () C:\Users\Allison Brown\Downloads\aquaponicssurvivor
2014-05-29 06:28 - 2013-09-12 10:21 - 00000157 _____ () C:\WINDOWS\SysWOW64\SystemPreferences.xml
2014-05-29 03:34 - 2013-09-20 12:33 - 04635136 ___SH () C:\Users\Allison Brown\Downloads\Thumbs.db
2014-05-28 10:51 - 2014-05-28 10:51 - 05203612 _____ (Swearware) C:\Users\Allison Brown\Downloads\ComboFix.exe
2014-05-27 18:50 - 2014-01-14 08:44 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-27 14:56 - 2014-05-12 22:05 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-05-27 14:56 - 2014-05-12 22:03 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\ArcSoft
2014-05-27 10:50 - 2013-09-14 10:58 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Notepad++
2014-05-27 10:48 - 2014-03-30 10:34 - 00001069 _____ () C:\Users\Bill\Desktop\Notepad++.lnk
2014-05-27 10:48 - 2014-03-30 10:34 - 00001069 _____ () C:\Users\Allison Brown\Desktop\Notepad++.lnk
2014-05-27 10:48 - 2014-03-30 10:34 - 00001069 _____ () C:\Users\Administrator\Desktop\Notepad++.lnk
2014-05-27 10:48 - 2013-09-14 10:58 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-27 06:25 - 2013-09-23 16:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2014-05-25 12:48 - 2014-05-25 09:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 09:17 - 2014-05-25 09:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 09:16 - 2014-05-25 09:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-25 09:15 - 2014-05-25 09:15 - 00001401 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 09:15 - 2014-05-25 09:15 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 09:15 - 2014-05-25 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-23 11:41 - 2014-05-23 11:29 - 00000000 ____D () C:\Users\Allison Brown\Documents\Wordpress 3.9.1 download
2014-05-23 11:21 - 2014-05-23 11:21 - 04968079 _____ (Tim Kosse) C:\Users\Allison Brown\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-05-23 11:21 - 2013-09-23 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-05-23 11:21 - 2013-09-23 15:57 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-05-23 11:01 - 2014-04-15 01:07 - 00001102 _____ () C:\Users\Allison Brown\Desktop\Dropbox.lnk
2014-05-23 11:01 - 2014-04-15 01:06 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-23 11:01 - 2013-01-26 21:50 - 00000000 ___RD () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 10:57 - 2014-04-15 10:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-23 07:30 - 2013-11-14 02:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-22 14:40 - 2014-05-22 14:39 - 00000000 ____D () C:\Users\Allison Brown\Documents\Rechargeable 5 button Mouse
2014-05-22 10:43 - 2013-09-09 17:00 - 00000000 ____D () C:\Users\Allison Brown\Documents\Ebay Business Info  6-11
2014-05-22 07:50 - 2014-05-22 07:50 - 02916200 _____ () C:\Users\Allison Brown\Downloads\3infographics.zip
2014-05-21 17:07 - 2014-05-21 16:44 - 2014993113 _____ () C:\Users\Allison Brown\Downloads\3-Hours of Bonus Training for Dark Post Profits Owners! » Internet Marketing Bar.mp4
2014-05-21 16:56 - 2013-09-10 07:28 - 00000000 ____D () C:\Users\Allison Brown\Documents\Worldstart info
2014-05-20 20:14 - 2014-05-20 20:14 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-20 20:14 - 2014-05-20 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-20 20:14 - 2014-05-20 20:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-20 20:14 - 2014-05-20 20:13 - 00000000 ____D () C:\Program Files\iTunes
2014-05-20 20:13 - 2014-05-20 20:13 - 00000000 ____D () C:\Program Files\iPod
2014-05-19 12:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-18 21:08 - 2013-01-26 21:50 - 00000000 ___RD () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 21:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 21:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 21:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 21:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 21:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 21:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 07:04 - 2013-09-14 11:38 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 11:56 - 2014-03-16 09:19 - 00000000 ____D () C:\Users\Allison Brown\Documents\Proxybonanza account
2014-05-17 11:15 - 2014-05-14 09:56 - 00000000 ____D () C:\Users\Allison Brown\Documents\Foreign Tax Form Filing
2014-05-17 10:21 - 2014-04-12 16:05 - 00002507 _____ () C:\WINDOWS\setupact.log
2014-05-15 20:49 - 2014-02-05 20:56 - 00003672 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-76821204-377258392-1396739166-1001
2014-05-15 20:42 - 2014-04-22 08:41 - 00447888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndisflt.sys
2014-05-15 20:42 - 2014-03-11 17:21 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-15 20:42 - 2014-03-11 17:21 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-15 20:42 - 2014-03-11 17:21 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-05-15 15:29 - 2014-05-15 15:29 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\TheBestSpinner
2014-05-15 15:28 - 2014-05-15 15:28 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner
2014-05-15 15:28 - 2014-05-15 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner
2014-05-15 15:28 - 2014-05-15 15:28 - 00000000 ____D () C:\Program Files (x86)\TheBestSpinner
2014-05-15 15:27 - 2014-05-15 15:27 - 01451770 _____ () C:\Users\Allison Brown\Downloads\SetupTheBestSpinner.exe
2014-05-15 14:37 - 2013-09-09 15:28 - 00000000 ____D () C:\Users\Allison Brown\Documents\All notepad files
2014-05-14 19:11 - 2014-05-14 19:11 - 08537807 _____ () C:\Users\Allison Brown\Downloads\OfflineBusiness Logo V1.zip
2014-05-14 17:55 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 17:55 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-14 17:54 - 2013-10-02 15:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 17:53 - 2013-09-03 16:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 17:51 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-14 17:51 - 2013-01-28 10:46 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 17:50 - 2014-05-14 17:50 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 13:11 - 2014-05-14 13:11 - 00781632 _____ (CompuClever Systems Inc.) C:\Users\Allison Brown\Downloads\Ultrafileopener2 (1).exe
2014-05-14 13:08 - 2014-05-14 13:08 - 00009216 ___SH () C:\Users\Public\Desktop\Thumbs.db
2014-05-14 13:07 - 2014-05-14 13:07 - 00001317 _____ () C:\Users\Allison Brown\Desktop\Ultra File Opener.lnk
2014-05-14 13:07 - 2014-05-14 13:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-14 13:07 - 2014-05-14 13:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\CompuClever
2014-05-14 13:07 - 2014-05-14 13:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\CompuClever
2014-05-14 13:06 - 2014-05-14 13:06 - 00781632 _____ (CompuClever Systems Inc.) C:\Users\Allison Brown\Downloads\Ultrafileopener2.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000108 _____ () C:\Users\Allison Brown\Downloads\index.htm
2014-05-14 09:33 - 2014-01-09 12:47 - 00000000 ____D () C:\Users\Allison Brown\Documents\FSHG Capital Investments info
2014-05-13 20:38 - 2014-05-13 20:38 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\Skype
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ____D () C:\ProgramData\Skype
2014-05-13 20:38 - 2014-05-13 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-13 20:36 - 2014-05-13 20:36 - 01677440 _____ (Skype Technologies S.A.) C:\Users\Allison Brown\Downloads\SkypeSetup.exe
2014-05-13 13:48 - 2013-10-09 11:36 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 12:47 - 2014-05-10 10:23 - 00000000 ____D () C:\Users\Allison Brown\Documents\VoipO info
2014-05-13 07:25 - 2014-05-13 07:25 - 00000000 ____D () C:\Users\Allison Brown\Documents\WebCam Media
2014-05-13 07:25 - 2012-12-26 22:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-13 07:12 - 2014-05-12 22:07 - 00000204 _____ () C:\Users\Public\Desktop\ArcSoft Products and Bonus Offers.url
2014-05-12 22:11 - 2014-05-12 22:11 - 00002279 _____ () C:\Users\Public\Desktop\Magic-i Visual Effects 2.lnk
2014-05-12 22:11 - 2014-05-12 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
2014-05-12 22:11 - 2014-05-12 22:04 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-05-12 22:11 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-05-12 22:09 - 2014-05-12 22:09 - 00002018 _____ () C:\Users\Public\Desktop\WebCam Companion 3.lnk
2014-05-12 22:09 - 2014-05-12 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 3
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\ArcSoft
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-05-12 22:05 - 2014-05-12 22:05 - 00002167 _____ () C:\Users\Public\Desktop\Media Impression 2.lnk
2014-05-12 22:05 - 2014-05-12 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2
2014-05-12 21:12 - 2014-05-12 21:12 - 00367496 _____ () C:\Users\Allison Brown\Downloads\hookpages.zip
2014-05-12 21:12 - 2014-05-12 21:12 - 00367496 _____ () C:\Users\Allison Brown\Downloads\hookpages (1).zip
2014-05-12 12:11 - 2014-05-12 12:11 - 00001201 _____ () C:\Users\Allison Brown\Desktop\Free Ultimate File Opener.lnk
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Bill\AppData\Local\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Allison Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Allison Brown\AppData\Local\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Free Ultimate File Opener
2014-05-12 12:11 - 2014-05-12 12:11 - 00000000 ____D () C:\Program Files (x86)\Free Ultimate File Opener
2014-05-12 12:10 - 2014-05-12 12:09 - 13069264 _____ () C:\Users\Allison Brown\Downloads\FreeUltimateFileOpener.exe
2014-05-12 08:30 - 2014-05-12 08:29 - 00000000 ____D () C:\Users\Allison Brown\Documents\Google Ranktracker script 5-14
2014-05-10 11:22 - 2014-05-10 11:22 - 00000033 _____ () C:\Users\Allison Brown\Documents\WEBSiteBuilder.dat
2014-05-10 11:19 - 2014-05-10 11:19 - 00002796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WEB3-SITEBUILDER.lnk
2014-05-10 11:19 - 2014-05-10 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bilberry Media
2014-05-10 11:02 - 2014-05-10 10:54 - 00000000 ____D () C:\Users\Allison Brown\Documents\Excel program skills videos 5-14
2014-05-09 12:57 - 2014-05-09 12:57 - 00000000 ____D () C:\Users\Allison Brown\Documents\Youtube soundtracks
2014-05-09 07:13 - 2014-05-09 07:13 - 00000000 __SHD () C:\Users\Allison Brown\AppData\Local\EmieUserList
2014-05-09 07:13 - 2014-05-09 07:13 - 00000000 __SHD () C:\Users\Allison Brown\AppData\Local\EmieSiteList
2014-05-08 08:02 - 2014-05-08 08:02 - 00000000 ____D () C:\Users\Allison Brown\Documents\Android Tablet info
2014-05-08 08:00 - 2014-05-08 07:58 - 00000000 ____D () C:\Users\Allison Brown\Documents\Gigaware 2 webcam info 5-14
2014-05-07 03:29 - 2013-09-09 14:52 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 03:29 - 2013-09-09 14:52 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 22:20 - 2014-05-06 22:20 - 00000000 ____D () C:\Users\Allison Brown\Downloads\InternetSlayersPLRGift
2014-05-06 22:19 - 2014-05-06 22:19 - 01243294 _____ () C:\Users\Allison Brown\Downloads\InternetSlayersPLRGift.zip
2014-05-06 08:37 - 2014-04-20 19:25 - 00000816 _____ () C:\WINDOWS\system32\ScanResults.xml
2014-05-06 08:34 - 2014-04-20 19:23 - 00001056 _____ () C:\WINDOWS\system32\SettingsFile
2014-05-05 23:40 - 2014-05-14 17:46 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 22:25 - 2014-05-14 17:46 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 22:00 - 2014-05-14 17:46 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 21:10 - 2014-05-14 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-05 09:53 - 2014-05-05 09:53 - 00000000 ____D () C:\Users\Allison Brown\Desktop\Old Firefox Data
 
Some content of TEMP:
====================
C:\Users\Allison Brown\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljcon7.dll
C:\Users\Allison Brown\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-30 06:25
 
==================== End Of Log ============================
 
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:39 AM

Posted 03 June 2014 - 08:09 AM

Glad we could help.
Clean these.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {BDD481C9-4EA3-4C01-AB9A-A9F38AFFC7D3} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7_0\plugins/screen_capture.dll No File
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.430.433.1_0\plugin/ace.dll No File
S3 cpuz134; \??\C:\Users\ALLISO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
C:\Users\Allison Brown\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljcon7.dll
Task: {2346EC38-C2DD-4AEC-9119-B2CABBAE61D8} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

One last check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#5 Healthnut

Healthnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 03 June 2014 - 09:53 AM

nasdaq, another thank you.  Here are the 2 reports you requested.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Allison Brown at 2014-06-03 09:42:03 Run:1
Running from C:\Users\Allison Brown\Desktop\Maintenance Programs
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {BDD481C9-4EA3-4C01-AB9A-A9F38AFFC7D3} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7_0\plugins/screen_capture.dll No File
CHR Plugin: (Apps Enhancements Plugin(By Google)) - C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.430.433.1_0\plugin/ace.dll No File
S3 cpuz134; \??\C:\Users\ALLISO~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
C:\Users\Allison Brown\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljcon7.dll
Task: {2346EC38-C2DD-4AEC-9119-B2CABBAE61D8} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDD481C9-4EA3-4C01-AB9A-A9F38AFFC7D3} => Key deleted successfully.
HKCR\CLSID\{BDD481C9-4EA3-4C01-AB9A-A9F38AFFC7D3} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3282495&SearchSource=48&CUI=UN31515994422818110&UM=2" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll not found.
C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7_0\plugins/screen_capture.dll not found.
C:\Users\Allison Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.430.433.1_0\plugin/ace.dll not found.
cpuz134 => Service deleted successfully.
C:\Users\Allison Brown\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljcon7.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2346EC38-C2DD-4AEC-9119-B2CABBAE61D8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2346EC38-C2DD-4AEC-9119-B2CABBAE61D8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox 25.0.1 Firefox out of Date!  
 Mozilla Thunderbird (24.4.0) 
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
 iolo Common Lib ioloServiceManager.exe 
 iolo System Mechanic Professional iologovernor64.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:39 AM

Posted 03 June 2014 - 12:38 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 51
---

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 Healthnut

Healthnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 05 June 2014 - 09:19 AM

nasdaq, I guess I celebrated a little too soon thinking this bidvertiser thing was gone.  It has started to pop up again.  Not nearly as often as previously but it is still there.  It's kind of like we cut the arms and legs off but the body is still wiggling.  Can you help with more suggestions to get rid of this thing.  thank you.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:39 AM

Posted 05 June 2014 - 12:13 PM

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

If not in Chrome then which browser are you using?

#9 Healthnut

Healthnut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 AM

Posted 05 June 2014 - 03:45 PM

I have reset and restarted Chrome and will monitor what is happening for a few days to see what is happening.  Thank you.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:39 AM

Posted 11 June 2014 - 08:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users