Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown registry entry that won't go away...


  • This topic is locked This topic is locked
8 replies to this topic

#1 Fhoosa

Fhoosa

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:11:25 PM

Posted 29 May 2014 - 12:01 PM

Hi...

 

I think I might have some sort of virus in my computer.  Although Malwarebytes doesn't detect it, there is an item that keeps on popping up when I run AdwCleaner.  This is it:

 

HKCU\SOFTWARE\APPDATA\SOFTWARE

 

I'm not getting any redirects or anything like that, at the moment anyway, but my computer is running slower and I am getting more than my fair share of things like "we can't connect to the page" when I'm trying to get to a new web page.

 

The other day, for no reason at all, all the type on my homepage and also in g-mail, turned italic.  The only way I could get it back to normal was to do a system restore.  I never did find out what caused it.

 

Anyway, I've attached the reports that you want.

 

I look forward to hearing from you.

 

Fhoosa

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Debbie at 9:33:16 on 2014-05-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3034.1309 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EMET\EMET_notifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\BitComet\plugin_emule\plugin_eMule.exe
C:\Program Files (x86)\Tradition2Casino\Tradition2Casino.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {A50FC70A-6301-4EC7-8ABC-4A657C495D54} - hxxps://cdn4.userzoom.com/s/ie/f2/UserZoom.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7EFE49C3-3F89-4E0A-984B-7B6655B99F9C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7EFE49C3-3F89-4E0A-984B-7B6655B99F9C}\6486F6F63716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7EFE49C3-3F89-4E0A-984B-7B6655B99F9C}\84F4D454D244339323 : DHCPNameServer = 75.75.75.75 75.75.76.76
x64-mSearchAssistant = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=epom2&utm_campaign=eXQ&utm_content=ds&from=epom2&uid=WDCXWD3200BEVT-75A23T0_WD-WXH1A21R8789R8789&ts=1383413246&type=default&q={searchTerms}
x64-mCustomizeSearch = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=epom2&utm_campaign=eXQ&utm_content=ds&from=epom2&uid=WDCXWD3200BEVT-75A23T0_WD-WXH1A21R8789R8789&ts=1383413246&type=default&q={searchTerms}
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-21 55856]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-21 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-26 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-26 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-21 1692480]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-21 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-26 122584]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-4-21 172704]
S3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008]
S3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);C:\Windows\System32\drivers\vaclcskd.sys [2009-12-5 66016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-8-25 1436424]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-18 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-26 63704]
S3 PCTDMDefrag;PCTDMDefrag;C:\Windows\System32\drivers\PCTDMDefrag.sys [2012-4-8 162328]
S3 PCTDSMon;PCTDSMon;C:\Windows\System32\drivers\PCTDSMon.sys [2012-4-8 189880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-1-25 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 SRS_AE_Service;SRS Audio;C:\Windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-7-13 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-10 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-29 15:32:05 -------- d-----w- C:\Windows\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-29 15:32:05 -------- d-----w- C:\Program Files (x86)\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-29 03:58:02 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5180DFC0-9689-4C6E-AD60-8319D7DAAB06}\mpengine.dll
2014-05-28 22:04:18 -------- d-----w- C:\Program Files (x86)\Tradition2Casino
2014-05-28 01:31:10 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-26 11:11:47 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B7CB977-22E9-4D31-B66B-DEE02B6816D5}\gapaengine.dll
2014-05-21 12:02:12 -------- d-----w- C:\Windows\Hope Lake
2014-05-21 01:55:21 -------- d-----w- C:\kingsbury
2014-05-21 01:38:27 -------- d-----w- C:\Windows\SysWow64\C2MP
2014-05-21 01:33:47 257624 ----a-w- C:\Windows\System32\unrar64.dll
2014-05-18 20:18:04 45400 ----a-w- C:\Windows\SysWow64\DiscHandler.exe
2014-05-15 10:26:37 0 ----a-w- C:\Windows\SysWow64\sho3682.tmp
2014-05-15 10:08:23 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 10:08:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-15 10:02:09 -------- d-----w- C:\Windows\Migration
2014-05-14 10:51:32 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-14 10:51:31 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-13 15:05:56 4009984 ----a-w- C:\Windows\System32\ffmpeg.dll
2014-05-13 15:05:40 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2014-05-13 15:05:24 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2014-05-13 15:05:22 4374528 ----a-w- C:\Windows\System32\ffdshow.ax
2014-05-13 15:04:56 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2014-05-13 15:04:26 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2014-05-13 15:04:26 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2014-05-13 15:04:26 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2014-05-13 15:04:26 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2014-05-13 15:04:24 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2014-05-13 15:04:24 183296 ----a-w- C:\Windows\System32\ff_unrar.dll
2014-05-13 15:04:24 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2014-05-13 15:02:30 3916288 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2014-05-13 15:01:48 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2014-05-13 15:01:46 3502592 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2014-05-13 15:01:12 271360 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2014-05-13 15:00:58 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2014-05-13 15:00:58 157184 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2014-05-13 15:00:56 211968 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2014-05-13 15:00:56 1525760 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2014-05-13 15:00:56 147456 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2014-05-13 15:00:54 114688 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2014-05-13 15:00:52 136704 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
2014-05-10 08:06:47 -------- d-----w- C:\Downloads [work]
2014-05-10 05:32:33 1544704 ----a-w- C:\Windows\is-HGA3B.exe
2014-05-08 01:02:38 -------- d-----w- C:\Program Files (x86)\flac-wav-converter
2014-05-06 08:49:54 -------- d-----w- C:\ProgramData\Ambers Tales
2014-05-04 02:39:46 -------- d-sh--w- C:\found.000
2014-05-04 01:50:16 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52FE9243-F6D1-4FCB-86A5-90B629D3492A}\mpengine.dll
2014-04-30 10:00:53 -------- d-s---w- C:\Windows\System32\CompatTel
.
==================== Find3M  ====================
.
2014-05-29 11:41:21 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-14 13:13:31 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 13:13:31 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 14:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 14:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 14:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-08 20:50:26 235520 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2014-04-08 20:50:16 632320 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2014-04-08 15:30:10 7682192 ----a-w- C:\Windows\System32\avcodec-lav-55.dll
2014-04-08 15:30:10 570512 ----a-w- C:\Windows\System32\LAVSplitter.ax
2014-04-08 15:30:10 441488 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2014-04-08 15:30:10 430736 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2014-04-08 15:30:10 401040 ----a-w- C:\Windows\System32\avutil-lav-52.dll
2014-04-08 15:30:10 302224 ----a-w- C:\Windows\System32\LAVAudio.ax
2014-04-08 15:30:10 286352 ----a-w- C:\Windows\System32\libbluray.dll
2014-04-08 15:30:10 250512 ----a-w- C:\Windows\System32\avfilter-lav-4.dll
2014-04-08 15:30:10 161424 ----a-w- C:\Windows\System32\avresample-lav-1.dll
2014-04-08 15:30:10 1251984 ----a-w- C:\Windows\System32\avformat-lav-55.dll
2014-04-08 15:30:10 1109136 ----a-w- C:\Windows\System32\LAVVideo.ax
2014-04-08 15:29:48 411280 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2014-04-08 15:29:48 238736 ----a-w- C:\Windows\SysWow64\libbluray.dll
2014-04-08 15:29:46 934544 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2014-04-08 15:29:46 7186064 ----a-w- C:\Windows\SysWow64\avcodec-lav-55.dll
2014-04-08 15:29:46 478864 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2014-04-08 15:29:46 412304 ----a-w- C:\Windows\SysWow64\avutil-lav-52.dll
2014-04-08 15:29:46 344720 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2014-04-08 15:29:46 263824 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2014-04-08 15:29:46 241296 ----a-w- C:\Windows\SysWow64\avfilter-lav-4.dll
2014-04-08 15:29:46 152208 ----a-w- C:\Windows\SysWow64\avresample-lav-1.dll
2014-04-08 15:29:46 1293456 ----a-w- C:\Windows\SysWow64\avformat-lav-55.dll
2014-03-11 16:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH:  9:35:18.91 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 03 June 2014 - 09:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:11:25 PM

Posted 03 June 2014 - 08:42 PM

I have attached the reports you requested.  I have tried on more that one occasion (actually a lot) to get rid of that entry that shows up in AdwCleaner, but it just keeps on coming back.   

 

(I didn't have an Addition.txt log)

 

Also, something appeared suddenly in my c:\users\Debbie\appdata\local\virtualstore.  It is this:  MGLogs.zip.  I don't have a clue why it ended up there.  Any ideas?

 

The computer seems to be doing ok at the moment.  No redirects, nothing out of the ordinary that I can recall.  I don't know if I have some kind of bug or if the computer is just playing with me.  Hopefully you'll be able to tell me.

 

# AdwCleaner v3.211 - Report created 03/06/2014 at 12:59:12
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Debbie - HOME
# Running from : C:\Users\Debbie\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v

[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R15].txt - [850 octets] - [21/01/2014 03:19:59]
AdwCleaner[R16].txt - [936 octets] - [24/01/2014 18:22:18]
AdwCleaner[R17].txt - [943 octets] - [26/01/2014 05:21:37]
AdwCleaner[R18].txt - [1118 octets] - [29/01/2014 23:11:28]
AdwCleaner[R19].txt - [1112 octets] - [01/02/2014 01:37:36]
AdwCleaner[R20].txt - [1272 octets] - [01/02/2014 11:32:21]
AdwCleaner[R21].txt - [1309 octets] - [02/02/2014 15:25:46]
AdwCleaner[R22].txt - [1371 octets] - [07/02/2014 04:43:55]
AdwCleaner[R23].txt - [1540 octets] - [10/02/2014 07:45:25]
AdwCleaner[R24].txt - [1554 octets] - [11/02/2014 21:58:31]
AdwCleaner[R25].txt - [2103 octets] - [12/02/2014 00:58:45]
AdwCleaner[R26].txt - [1827 octets] - [13/02/2014 23:58:34]
AdwCleaner[R27].txt - [4264 octets] - [15/02/2014 06:34:24]
AdwCleaner[R28].txt - [3962 octets] - [15/02/2014 06:34:53]
AdwCleaner[R29].txt - [4009 octets] - [17/02/2014 07:33:37]
AdwCleaner[R30].txt - [2089 octets] - [27/02/2014 04:21:03]
AdwCleaner[R31].txt - [2139 octets] - [27/02/2014 19:25:25]
AdwCleaner[R32].txt - [2210 octets] - [01/03/2014 10:42:40]
AdwCleaner[R33].txt - [2319 octets] - [02/03/2014 16:06:03]
AdwCleaner[R34].txt - [2393 octets] - [03/03/2014 20:51:25]
AdwCleaner[R35].txt - [2454 octets] - [07/03/2014 04:18:12]
AdwCleaner[R36].txt - [2515 octets] - [09/03/2014 02:52:34]
AdwCleaner[R37].txt - [2576 octets] - [10/03/2014 02:10:52]
AdwCleaner[R38].txt - [2661 octets] - [12/03/2014 15:44:39]
AdwCleaner[R39].txt - [2722 octets] - [14/03/2014 06:25:45]
AdwCleaner[R40].txt - [2822 octets] - [14/03/2014 21:52:39]
AdwCleaner[R41].txt - [2896 octets] - [16/03/2014 22:59:16]
AdwCleaner[R42].txt - [2957 octets] - [22/03/2014 03:13:30]
AdwCleaner[R43].txt - [3066 octets] - [23/03/2014 10:23:12]
AdwCleaner[R44].txt - [3140 octets] - [23/03/2014 23:56:58]
AdwCleaner[R45].txt - [3262 octets] - [25/03/2014 01:09:16]
AdwCleaner[R46].txt - [3323 octets] - [26/03/2014 00:54:17]
AdwCleaner[R47].txt - [3384 octets] - [26/03/2014 23:46:01]
AdwCleaner[R48].txt - [3431 octets] - [29/03/2014 11:50:00]
AdwCleaner[R49].txt - [3506 octets] - [29/03/2014 19:53:03]
AdwCleaner[R50].txt - [3580 octets] - [31/03/2014 00:48:49]
AdwCleaner[R51].txt - [3628 octets] - [31/03/2014 17:09:43]
AdwCleaner[R52].txt - [3759 octets] - [07/04/2014 00:31:05]
AdwCleaner[R53].txt - [3797 octets] - [09/04/2014 22:00:41]
AdwCleaner[R54].txt - [3872 octets] - [10/04/2014 04:54:09]
AdwCleaner[R55].txt - [3933 octets] - [10/04/2014 19:23:56]
AdwCleaner[R56].txt - [3994 octets] - [12/04/2014 08:17:26]
AdwCleaner[R57].txt - [4116 octets] - [13/04/2014 01:35:40]
AdwCleaner[R58].txt - [4177 octets] - [13/04/2014 22:17:47]
AdwCleaner[R59].txt - [4238 octets] - [18/04/2014 03:37:47]
AdwCleaner[R60].txt - [7124 octets] - [20/04/2014 20:43:47]
AdwCleaner[R61].txt - [4533 octets] - [23/04/2014 00:21:30]
AdwCleaner[R62].txt - [5237 octets] - [25/04/2014 04:58:07]
AdwCleaner[R63].txt - [4721 octets] - [26/04/2014 08:30:17]
AdwCleaner[R64].txt - [4773 octets] - [27/04/2014 19:59:41]
AdwCleaner[R65].txt - [4848 octets] - [28/04/2014 13:22:39]
AdwCleaner[R66].txt - [4965 octets] - [29/04/2014 08:29:14]
AdwCleaner[R67].txt - [5087 octets] - [03/05/2014 10:56:25]
AdwCleaner[R68].txt - [5078 octets] - [06/05/2014 01:31:56]
AdwCleaner[R69].txt - [5153 octets] - [06/05/2014 05:12:49]
AdwCleaner[R70].txt - [5214 octets] - [10/05/2014 09:00:31]
AdwCleaner[R71].txt - [5275 octets] - [10/05/2014 19:23:58]
AdwCleaner[R72].txt - [6993 octets] - [11/05/2014 21:40:01]
AdwCleaner[R73].txt - [5574 octets] - [17/05/2014 02:20:25]
AdwCleaner[R74].txt - [5696 octets] - [17/05/2014 17:03:39]
AdwCleaner[R75].txt - [5818 octets] - [18/05/2014 22:33:34]
AdwCleaner[R76].txt - [6012 octets] - [22/05/2014 06:33:30]
AdwCleaner[R77].txt - [5932 octets] - [23/05/2014 01:31:50]
AdwCleaner[R78].txt - [12553 octets] - [23/05/2014 19:56:07]
AdwCleaner[R79].txt - [12669 octets] - [25/05/2014 22:43:37]
AdwCleaner[R80].txt - [6368 octets] - [27/05/2014 20:32:31]
AdwCleaner[R81].txt - [6490 octets] - [29/05/2014 09:23:33]
AdwCleaner[R82].txt - [6551 octets] - [29/05/2014 17:12:36]
AdwCleaner[R83].txt - [6673 octets] - [31/05/2014 07:44:44]
AdwCleaner[R84].txt - [6795 octets] - [01/06/2014 23:24:21]
AdwCleaner[R85].txt - [6842 octets] - [03/06/2014 12:57:21]
AdwCleaner[S11].txt - [917 octets] - [21/01/2014 03:21:36]
AdwCleaner[S12].txt - [1189 octets] - [29/01/2014 23:12:32]
AdwCleaner[S13].txt - [1291 octets] - [01/02/2014 11:33:27]
AdwCleaner[S14].txt - [1608 octets] - [10/02/2014 07:46:37]
AdwCleaner[S15].txt - [2181 octets] - [12/02/2014 00:59:33]
AdwCleaner[S16].txt - [1843 octets] - [13/02/2014 23:59:27]
AdwCleaner[S17].txt - [2479 octets] - [17/02/2014 20:35:48]
AdwCleaner[S18].txt - [2385 octets] - [02/03/2014 16:06:50]
AdwCleaner[S19].txt - [2888 octets] - [14/03/2014 21:54:00]
AdwCleaner[S20].txt - [3132 octets] - [23/03/2014 10:24:11]
AdwCleaner[S21].txt - [3202 octets] - [23/03/2014 23:58:54]
AdwCleaner[S22].txt - [3690 octets] - [31/03/2014 17:10:27]
AdwCleaner[S23].txt - [4056 octets] - [12/04/2014 08:18:31]
AdwCleaner[S24].txt - [7133 octets] - [20/04/2014 20:46:38]
AdwCleaner[S25].txt - [4597 octets] - [23/04/2014 00:23:18]
AdwCleaner[S26].txt - [5315 octets] - [25/04/2014 04:59:43]
AdwCleaner[S27].txt - [4783 octets] - [26/04/2014 08:32:15]
AdwCleaner[S28].txt - [5027 octets] - [29/04/2014 08:30:01]
AdwCleaner[S29].txt - [5337 octets] - [10/05/2014 19:26:43]
AdwCleaner[S30].txt - [7058 octets] - [11/05/2014 21:41:10]
AdwCleaner[S31].txt - [5638 octets] - [17/05/2014 02:21:26]
AdwCleaner[S32].txt - [5760 octets] - [17/05/2014 17:04:33]
AdwCleaner[S33].txt - [6078 octets] - [22/05/2014 06:34:28]
AdwCleaner[S34].txt - [5994 octets] - [23/05/2014 01:32:34]
AdwCleaner[S35].txt - [12991 octets] - [25/05/2014 22:44:33]
AdwCleaner[S36].txt - [6310 octets] - [26/05/2014 18:17:04]
AdwCleaner[S37].txt - [6432 octets] - [27/05/2014 20:33:53]
AdwCleaner[S38].txt - [6615 octets] - [29/05/2014 17:13:41]
AdwCleaner[S39].txt - [6737 octets] - [31/05/2014 07:45:30]
AdwCleaner[S40].txt - [6764 octets] - [03/06/2014 12:59:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S40].txt - [6825 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Debbie (administrator) on HOME on 03-06-2014 13:10:09
Running from C:\Users\Debbie\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(www.BitComet.com) C:\Program Files (x86)\BitComet\BitComet.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1266648 2014-04-07] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3197802315-1125251100-3617295894-1000\...\Run: [BitComet] => C:\Program Files (x86)\BitComet\BitComet.exe [14276784 2013-12-31] (www.BitComet.com)
HKU\S-1-5-21-3197802315-1125251100-3617295894-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-23] (Google Inc.)
HKU\S-1-5-21-3197802315-1125251100-3617295894-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3197802315-1125251100-3617295894-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB
DPF: HKLM-x32 {A50FC70A-6301-4EC7-8ABC-4A657C495D54} https://cdn4.userzoom.com/s/ie/f2/UserZoom.cab
DPF: HKLM-x32 {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: HKLM-x32 {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Debbie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "https://www.google.com/webhp?source=search_app",
   "hxxp://www.google.com/"
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=386496&ilc=12&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-30]
CHR Extension: (Google Search) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-30]
CHR Extension: (Nielsen) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-30]
CHR Extension: (Gmail) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [jgceplfonlgodadnpognljgdjlcnpjnh] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\extension.crx [2014-03-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S4 aswSP; No ImagePath
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 EuMusDesignVirtualAudioCableWdm_lcs; C:\Windows\System32\DRIVERS\vaclcskd.sys [66016 2009-12-05] (Eugene V. Muzychenko)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PCTDMDefrag; C:\Windows\system32\drivers\PCTDMDefrag.sys [162328 2011-02-04] (PC Tools)
S3 PCTDMDefrag; C:\Windows\SysWOW64\drivers\PCTDMDefrag.sys [108056 2011-02-04] (PC Tools)
S3 PCTDSMon; C:\Windows\system32\drivers\PCTDSMon.sys [189880 2011-02-04] (PC Tools)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-07-13] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-03 13:10 - 2014-06-03 13:10 - 00013068 _____ () C:\Users\Debbie\Desktop\FRST.txt
2014-06-03 12:55 - 2014-06-03 12:55 - 02068992 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2014-06-03 12:54 - 2014-06-03 12:54 - 01327971 _____ () C:\Users\Debbie\Desktop\adwcleaner_3.211.exe
2014-06-03 08:57 - 2014-06-03 08:57 - 00001988 _____ () C:\Users\Public\Desktop\Max Recorder.lnk
2014-06-03 08:57 - 2014-06-03 08:57 - 00001710 _____ () C:\Users\Public\Desktop\DFX.lnk
2014-06-03 08:57 - 2014-06-03 08:57 - 00000000 ____D () C:\Users\Debbie\AppData\Local\MaxRecorder
2014-06-03 08:57 - 2014-06-03 08:57 - 00000000 ____D () C:\Users\Debbie\AppData\Local\DFX
2014-06-03 08:57 - 2014-06-03 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2014-06-03 08:56 - 2014-06-03 08:57 - 00000000 ____D () C:\Program Files (x86)\DFX
2014-06-03 07:38 - 2014-06-03 13:00 - 00016236 _____ () C:\Windows\PFRO.log
2014-06-03 04:17 - 2014-06-03 05:52 - 00000000 ____D () C:\Program Files (x86)\SlotsJackpot
2014-06-03 03:59 - 2014-06-03 05:51 - 00000000 ____D () C:\Program Files (x86)\CasinoFiz
2014-06-01 23:50 - 2014-06-03 13:00 - 00000495 _____ () C:\Windows\setupact.log
2014-06-01 23:50 - 2014-06-01 23:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 23:09 - 2014-06-01 23:09 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panopticon Path of Reflections 1.0
2014-05-30 22:10 - 2014-06-03 07:37 - 00000310 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-05-30 22:10 - 2014-05-30 22:17 - 00000000 ____D () C:\Users\Debbie\AppData\Local\FreeFixer
2014-05-30 22:10 - 2014-05-30 22:10 - 00002976 _____ () C:\Windows\System32\Tasks\FreeFixer background scan
2014-05-30 22:10 - 2014-05-30 22:10 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-05-30 22:10 - 2014-05-30 22:10 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\FreeFixer
2014-05-30 22:10 - 2014-05-30 22:10 - 00000000 ____D () C:\Program Files\FreeFixer
2014-05-30 22:01 - 2014-06-02 14:22 - 00000000 ____D () C:\ProgramData\VSO
2014-05-30 22:01 - 2014-05-30 22:01 - 00001194 _____ () C:\Users\Debbie\Desktop\ConvertXToDVD 5.lnk
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Vso
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-05-30 21:46 - 2014-05-30 22:01 - 00099384 _____ () C:\Users\Debbie\AppData\Roaming\inst.exe
2014-05-30 21:46 - 2014-05-30 22:01 - 00082816 _____ (VSO Software) C:\Users\Debbie\AppData\Roaming\pcouffin.sys
2014-05-30 21:46 - 2014-05-30 22:01 - 00007859 _____ () C:\Users\Debbie\AppData\Roaming\pcouffin.cat
2014-05-30 21:46 - 2014-05-30 22:01 - 00000055 _____ () C:\Users\Debbie\AppData\Roaming\pcouffin.log
2014-05-30 08:53 - 2014-05-30 08:53 - 00008300 _____ () C:\Users\Debbie\Documents\Coupon.htm
2014-05-30 08:53 - 2014-05-30 08:53 - 00000000 ____D () C:\Users\Debbie\Documents\Coupon_files
2014-05-30 06:28 - 2014-05-30 06:28 - 00000000 ____D () C:\kingsbury
2014-05-30 05:14 - 2014-05-30 05:14 - 01016261 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2014-05-30 01:16 - 2014-05-30 01:16 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Elephant Games
2014-05-29 17:14 - 2014-05-29 17:14 - 00000000 _____ () C:\Windows\SysWOW64\shoDEDB.tmp
2014-05-29 09:35 - 2014-05-29 09:35 - 00023840 _____ () C:\Users\Debbie\Desktop\dds.txt
2014-05-29 09:35 - 2014-05-29 09:35 - 00010130 _____ () C:\Users\Debbie\Desktop\attach.txt
2014-05-29 09:32 - 2014-05-29 09:32 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2014-05-29 09:14 - 2014-05-29 09:14 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-29 08:32 - 2014-05-29 08:32 - 00000000 ____D () C:\Windows\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-29 08:32 - 2014-05-29 08:32 - 00000000 ____D () C:\Program Files (x86)\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-20 18:38 - 2014-05-20 18:39 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-05-20 18:38 - 2014-05-20 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2014-05-20 18:34 - 2014-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-05-20 18:33 - 2013-12-01 05:10 - 00257624 _____ () C:\Windows\system32\unrar64.dll
2014-05-18 13:18 - 2014-05-18 13:18 - 00045400 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-15 03:26 - 2014-05-15 03:26 - 00000000 _____ () C:\Windows\SysWOW64\sho3682.tmp
2014-05-15 03:08 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:08 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:08 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:08 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:08 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:08 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 03:51 - 2014-05-08 23:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 03:51 - 2014-05-08 23:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 03:51 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 03:51 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 03:50 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 03:50 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 03:50 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 03:50 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 03:50 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 03:50 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 03:50 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 03:50 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 03:50 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 03:50 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 03:50 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 03:50 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 03:50 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 03:50 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 03:50 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 03:50 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 03:50 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 03:50 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 03:50 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 03:50 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 03:50 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 03:50 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 03:50 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 03:50 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 03:50 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 03:50 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 03:50 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 03:50 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 03:50 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 03:50 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 08:05 - 2014-05-13 08:05 - 04374528 _____ () C:\Windows\system32\ffdshow.ax
2014-05-13 08:05 - 2014-05-13 08:05 - 04009984 _____ () C:\Windows\system32\ffmpeg.dll
2014-05-13 08:05 - 2014-05-13 08:05 - 00474624 _____ () C:\Windows\system32\ff_kernelDeint.dll
2014-05-13 08:05 - 2014-05-13 08:05 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 01532928 _____ () C:\Windows\system32\ff_samplerate.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00631296 _____ () C:\Windows\system32\TomsMoComp_ff.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00222720 _____ () C:\Windows\system32\ff_libdts.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00190464 _____ () C:\Windows\system32\libmpeg2_ff.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00183296 _____ () C:\Windows\system32\ff_unrar.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00156672 _____ () C:\Windows\system32\ff_libmad.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00116224 _____ () C:\Windows\system32\ff_liba52.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00114688 _____ () C:\Windows\system32\ff_wmv9.dll
2014-05-13 08:02 - 2014-05-13 08:02 - 03916288 _____ () C:\Windows\SysWOW64\ffmpeg.dll
2014-05-13 08:01 - 2014-05-13 08:01 - 03502592 _____ () C:\Windows\SysWOW64\ffdshow.ax
2014-05-13 08:01 - 2014-05-13 08:01 - 00271360 _____ () C:\Windows\SysWOW64\TomsMoComp_ff.dll
2014-05-13 08:01 - 2014-05-13 08:01 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 01525760 _____ () C:\Windows\SysWOW64\ff_samplerate.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00211968 _____ () C:\Windows\SysWOW64\ff_libdts.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00157184 _____ () C:\Windows\SysWOW64\ff_unrar.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00147456 _____ () C:\Windows\SysWOW64\ff_libmad.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00136704 _____ () C:\Windows\SysWOW64\libmpeg2_ff.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00114688 _____ () C:\Windows\SysWOW64\ff_liba52.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00099840 _____ () C:\Windows\SysWOW64\ff_wmv9.dll
2014-05-10 01:06 - 2014-05-26 04:25 - 00000000 ____D () C:\Downloads [work]
2014-05-09 22:32 - 2014-05-09 22:32 - 01544704 _____ () C:\Windows\is-HGA3B.exe
2014-05-09 22:32 - 2014-05-09 22:32 - 00021031 _____ () C:\Windows\is-HGA3B.msg
2014-05-09 22:32 - 2014-05-09 22:32 - 00000320 _____ () C:\Windows\is-HGA3B.lst
2014-05-07 18:02 - 2014-05-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC WAV Converter
2014-05-07 18:02 - 2014-05-07 18:02 - 00000000 ____D () C:\Program Files (x86)\flac-wav-converter
2014-05-06 01:41 - 2014-05-06 01:41 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-06 01:41 - 2014-05-06 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-06 01:20 - 2014-05-06 01:20 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\WinRAR

==================== One Month Modified Files and Folders =======

2014-06-03 13:10 - 2014-06-03 13:10 - 00013068 _____ () C:\Users\Debbie\Desktop\FRST.txt
2014-06-03 13:10 - 2014-03-29 11:51 - 00000000 ____D () C:\FRST
2014-06-03 13:10 - 2012-04-08 13:57 - 00000000 ____D () C:\Users\Debbie\AppData\Local\Temp
2014-06-03 13:08 - 2009-07-13 21:45 - 00013872 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 13:08 - 2009-07-13 21:45 - 00013872 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 13:06 - 2012-04-08 19:06 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\BitComet
2014-06-03 13:01 - 2014-03-26 11:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 13:01 - 2012-12-15 03:43 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-03 13:01 - 2012-12-15 03:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-03 13:01 - 2011-04-21 17:33 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-03 13:00 - 2014-06-03 07:38 - 00016236 _____ () C:\Windows\PFRO.log
2014-06-03 13:00 - 2014-06-01 23:50 - 00000495 _____ () C:\Windows\setupact.log
2014-06-03 13:00 - 2014-02-02 15:29 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 13:00 - 2013-12-08 13:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4d34c2b38d74.job
2014-06-03 12:59 - 2014-02-17 20:41 - 01915778 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 12:59 - 2014-01-21 03:19 - 00000000 ____D () C:\AdwCleaner
2014-06-03 12:58 - 2013-12-08 13:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 12:55 - 2014-06-03 12:55 - 02068992 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2014-06-03 12:54 - 2014-06-03 12:54 - 01327971 _____ () C:\Users\Debbie\Desktop\adwcleaner_3.211.exe
2014-06-03 12:13 - 2012-04-08 21:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 10:24 - 2013-11-16 22:40 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\vlc
2014-06-03 08:57 - 2014-06-03 08:57 - 00001988 _____ () C:\Users\Public\Desktop\Max Recorder.lnk
2014-06-03 08:57 - 2014-06-03 08:57 - 00001710 _____ () C:\Users\Public\Desktop\DFX.lnk
2014-06-03 08:57 - 2014-06-03 08:57 - 00000000 ____D () C:\Users\Debbie\AppData\Local\MaxRecorder
2014-06-03 08:57 - 2014-06-03 08:57 - 00000000 ____D () C:\Users\Debbie\AppData\Local\DFX
2014-06-03 08:57 - 2014-06-03 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2014-06-03 08:57 - 2014-06-03 08:56 - 00000000 ____D () C:\Program Files (x86)\DFX
2014-06-03 08:57 - 2014-04-25 20:37 - 00000000 ____D () C:\Program Files (x86)\Max Recorder
2014-06-03 08:16 - 2012-04-12 07:09 - 00001566 _____ () C:\Users\Debbie\Desktop\Downloads.lnk
2014-06-03 07:43 - 2013-01-14 00:09 - 00000000 ___RD () C:\Users\Debbie\Desktop\System Health
2014-06-03 07:42 - 2012-04-08 15:19 - 00001968 _____ () C:\Users\Debbie\Desktop\Internet Explorer.lnk
2014-06-03 07:39 - 2009-07-13 22:08 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 07:37 - 2014-05-30 22:10 - 00000310 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-06-03 07:37 - 2014-02-04 00:15 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\SoftGrid Client
2014-06-03 05:52 - 2014-06-03 04:17 - 00000000 ____D () C:\Program Files (x86)\SlotsJackpot
2014-06-03 05:51 - 2014-06-03 03:59 - 00000000 ____D () C:\Program Files (x86)\CasinoFiz
2014-06-02 22:44 - 2014-02-25 14:59 - 00000000 ____D () C:\Users\Debbie\Documents\ConvertXtoDVD
2014-06-02 22:43 - 2014-03-03 04:13 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\dvdcss
2014-06-02 21:10 - 2012-12-21 08:45 - 00000000 ____D () C:\Users\Debbie\AppData\Local\SoftGrid Client
2014-06-02 14:22 - 2014-05-30 22:01 - 00000000 ____D () C:\ProgramData\VSO
2014-06-02 12:50 - 2013-11-27 12:35 - 00001952 _____ () C:\Users\Public\Desktop\VLC Media Player.lnk
2014-06-02 07:50 - 2013-01-14 10:42 - 00000000 ____D () C:\Users\Debbie\AppData\Local\SoftThinks
2014-06-02 07:48 - 2012-04-08 22:10 - 00000000 ____D () C:\HOGs
2014-06-02 07:41 - 2012-12-24 23:18 - 00000000 ___RD () C:\Users\Debbie\Desktop\HOGs...in progress
2014-06-02 03:33 - 2012-04-12 10:50 - 00000000 ___RD () C:\Users\Debbie\Desktop\New HOGs
2014-06-02 03:18 - 2013-03-25 11:00 - 00000000 ____D () C:\Intel
2014-06-02 00:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-01 23:50 - 2014-06-01 23:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 23:21 - 2013-04-09 22:31 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-01 23:21 - 2012-04-08 18:53 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-06-01 23:09 - 2014-06-01 23:09 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panopticon Path of Reflections 1.0
2014-06-01 23:05 - 2014-02-15 05:08 - 00000000 ____D () C:\Games
2014-06-01 21:04 - 2012-04-08 13:57 - 00000000 ____D () C:\Users\Debbie
2014-05-31 07:47 - 2013-01-13 16:41 - 00857088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 22:17 - 2014-05-30 22:10 - 00000000 ____D () C:\Users\Debbie\AppData\Local\FreeFixer
2014-05-30 22:10 - 2014-05-30 22:10 - 00002976 _____ () C:\Windows\System32\Tasks\FreeFixer background scan
2014-05-30 22:10 - 2014-05-30 22:10 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2014-05-30 22:10 - 2014-05-30 22:10 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\FreeFixer
2014-05-30 22:10 - 2014-05-30 22:10 - 00000000 ____D () C:\Program Files\FreeFixer
2014-05-30 22:01 - 2014-05-30 22:01 - 00001194 _____ () C:\Users\Debbie\Desktop\ConvertXToDVD 5.lnk
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Vso
2014-05-30 22:01 - 2014-05-30 22:01 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-05-30 22:01 - 2014-05-30 21:46 - 00099384 _____ () C:\Users\Debbie\AppData\Roaming\inst.exe
2014-05-30 22:01 - 2014-05-30 21:46 - 00082816 _____ (VSO Software) C:\Users\Debbie\AppData\Roaming\pcouffin.sys
2014-05-30 22:01 - 2014-05-30 21:46 - 00007859 _____ () C:\Users\Debbie\AppData\Roaming\pcouffin.cat
2014-05-30 22:01 - 2014-05-30 21:46 - 00000055 _____ () C:\Users\Debbie\AppData\Roaming\pcouffin.log
2014-05-30 22:01 - 2013-10-19 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-05-30 20:11 - 2012-04-08 13:59 - 00000000 ____D () C:\Users\Debbie\AppData\Local\VirtualStore
2014-05-30 17:54 - 2014-04-29 08:32 - 00265528 _____ () C:\Users\Debbie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-30 08:53 - 2014-05-30 08:53 - 00008300 _____ () C:\Users\Debbie\Documents\Coupon.htm
2014-05-30 08:53 - 2014-05-30 08:53 - 00000000 ____D () C:\Users\Debbie\Documents\Coupon_files
2014-05-30 06:28 - 2014-05-30 06:28 - 00000000 ____D () C:\kingsbury
2014-05-30 05:14 - 2014-05-30 05:14 - 01016261 _____ (Thisisu) C:\Users\Debbie\Desktop\JRT.exe
2014-05-30 05:11 - 2013-12-28 23:07 - 00000000 ____D () C:\MGtools
2014-05-30 01:16 - 2014-05-30 01:16 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Elephant Games
2014-05-29 17:14 - 2014-05-29 17:14 - 00000000 _____ () C:\Windows\SysWOW64\shoDEDB.tmp
2014-05-29 09:35 - 2014-05-29 09:35 - 00023840 _____ () C:\Users\Debbie\Desktop\dds.txt
2014-05-29 09:35 - 2014-05-29 09:35 - 00010130 _____ () C:\Users\Debbie\Desktop\attach.txt
2014-05-29 09:32 - 2014-05-29 09:32 - 00688992 ____R (Swearware) C:\Users\Debbie\Desktop\dds.com
2014-05-29 09:14 - 2014-05-29 09:14 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-29 08:32 - 2014-05-29 08:32 - 00000000 ____D () C:\Windows\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-29 08:32 - 2014-05-29 08:32 - 00000000 ____D () C:\Program Files (x86)\Haunted Hotel 6- Ancient Bane Collector's Edition
2014-05-27 20:31 - 2013-05-06 01:11 - 00000000 ____D () C:\Windows\pss
2014-05-26 07:20 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 04:25 - 2014-05-10 01:06 - 00000000 ____D () C:\Downloads [work]
2014-05-26 02:44 - 2013-07-02 03:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-26 02:44 - 2013-07-02 03:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-26 02:44 - 2013-03-15 00:04 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-26 02:44 - 2012-04-16 19:55 - 00000000 ____D () C:\Program Files\Google
2014-05-26 02:44 - 2012-04-16 19:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-26 02:43 - 2012-04-16 19:54 - 00000000 ____D () C:\Users\Debbie\AppData\Local\Google
2014-05-26 02:43 - 2012-04-16 19:54 - 00000000 ____D () C:\ProgramData\Google
2014-05-26 02:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-05-23 00:39 - 2013-06-27 21:42 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-22 07:28 - 2014-03-26 11:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 07:26 - 2014-03-26 11:58 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-22 07:26 - 2014-03-26 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-20 18:39 - 2014-05-20 18:38 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-05-20 18:39 - 2014-05-20 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2014-05-20 18:34 - 2014-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-05-20 18:33 - 2012-04-09 12:32 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-05-18 13:18 - 2014-05-18 13:18 - 00045400 _____ () C:\Windows\SysWOW64\DiscHandler.exe
2014-05-17 00:30 - 2013-12-17 00:17 - 00000000 ____D () C:\Temp
2014-05-15 04:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:29 - 2012-08-18 04:32 - 00000000 ___RD () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 03:29 - 2012-04-08 14:00 - 00000000 ___RD () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 03:26 - 2014-05-15 03:26 - 00000000 _____ () C:\Windows\SysWOW64\sho3682.tmp
2014-05-15 03:26 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:06 - 2013-07-12 16:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 03:02 - 2012-04-09 08:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 06:13 - 2012-04-08 21:23 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 06:13 - 2012-04-08 21:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 06:13 - 2012-04-08 21:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:04 - 2013-01-09 20:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 08:05 - 2014-05-13 08:05 - 04374528 _____ () C:\Windows\system32\ffdshow.ax
2014-05-13 08:05 - 2014-05-13 08:05 - 04009984 _____ () C:\Windows\system32\ffmpeg.dll
2014-05-13 08:05 - 2014-05-13 08:05 - 00474624 _____ () C:\Windows\system32\ff_kernelDeint.dll
2014-05-13 08:05 - 2014-05-13 08:05 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 01532928 _____ () C:\Windows\system32\ff_samplerate.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00631296 _____ () C:\Windows\system32\TomsMoComp_ff.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00222720 _____ () C:\Windows\system32\ff_libdts.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00190464 _____ () C:\Windows\system32\libmpeg2_ff.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00183296 _____ () C:\Windows\system32\ff_unrar.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00156672 _____ () C:\Windows\system32\ff_libmad.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00116224 _____ () C:\Windows\system32\ff_liba52.dll
2014-05-13 08:04 - 2014-05-13 08:04 - 00114688 _____ () C:\Windows\system32\ff_wmv9.dll
2014-05-13 08:02 - 2014-05-13 08:02 - 03916288 _____ () C:\Windows\SysWOW64\ffmpeg.dll
2014-05-13 08:01 - 2014-05-13 08:01 - 03502592 _____ () C:\Windows\SysWOW64\ffdshow.ax
2014-05-13 08:01 - 2014-05-13 08:01 - 00271360 _____ () C:\Windows\SysWOW64\TomsMoComp_ff.dll
2014-05-13 08:01 - 2014-05-13 08:01 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 01525760 _____ () C:\Windows\SysWOW64\ff_samplerate.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00211968 _____ () C:\Windows\SysWOW64\ff_libdts.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00157184 _____ () C:\Windows\SysWOW64\ff_unrar.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00147456 _____ () C:\Windows\SysWOW64\ff_libmad.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00136704 _____ () C:\Windows\SysWOW64\libmpeg2_ff.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00114688 _____ () C:\Windows\SysWOW64\ff_liba52.dll
2014-05-13 08:00 - 2014-05-13 08:00 - 00099840 _____ () C:\Windows\SysWOW64\ff_wmv9.dll
2014-05-12 07:26 - 2014-03-26 11:58 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:26 - 2013-07-18 20:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2012-09-12 16:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 22:32 - 2014-05-09 22:32 - 01544704 _____ () C:\Windows\is-HGA3B.exe
2014-05-09 22:32 - 2014-05-09 22:32 - 00021031 _____ () C:\Windows\is-HGA3B.msg
2014-05-09 22:32 - 2014-05-09 22:32 - 00000320 _____ () C:\Windows\is-HGA3B.lst
2014-05-09 22:32 - 2013-10-30 20:53 - 00002122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-05-08 23:14 - 2014-05-14 03:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-08 23:11 - 2014-05-14 03:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:54 - 2012-04-16 19:55 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:53 - 2013-07-07 17:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1ce4d34c2b38d74
2014-05-07 18:02 - 2014-05-07 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLAC WAV Converter
2014-05-07 18:02 - 2014-05-07 18:02 - 00000000 ____D () C:\Program Files (x86)\flac-wav-converter
2014-05-06 01:41 - 2014-05-06 01:41 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-06 01:41 - 2014-05-06 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-06 01:41 - 2012-04-08 19:10 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-06 01:20 - 2014-05-06 01:20 - 00000000 ____D () C:\Users\Debbie\AppData\Roaming\WinRAR
2014-05-06 01:15 - 2011-04-21 17:13 - 00000000 ____D () C:\Program Files (x86)\Creative
2014-05-05 21:40 - 2014-05-15 03:08 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-15 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:25 - 2014-05-15 03:08 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:07 - 2014-05-15 03:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:00 - 2014-05-15 03:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-15 03:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 22:52 - 2013-10-22 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-04 21:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors

Some content of TEMP:
====================
C:\Users\Debbie\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-29 17:48

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 04 June 2014 - 07:24 AM


Also, something appeared suddenly in my c:\users\Debbie\appdata\local\virtualstore. It is this: MGLogs.zip. I don't have a clue why it ended up there. Any ideas?
Delete it and keep it in your Recycle bin for one week. If all is well then flush it.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Debbie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR StartupUrls: "https://www.google.com/webhp?source=search_app",
CHR Extension: (Nielsen) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [jgceplfonlgodadnpognljgdjlcnpjnh] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\extension.crx [2014-03-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#5 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:11:25 PM

Posted 04 June 2014 - 10:21 AM

Here are the two reports you asked for:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Debbie at 2014-06-04 08:06:25 Run:2
Running from C:\Users\Debbie\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Debbie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR StartupUrls: "https://www.google.com/webhp?source=search_app",
CHR Extension: (Nielsen) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh [2014-03-30]
CHR HKLM-x32\...\Chrome\Extension: [jgceplfonlgodadnpognljgdjlcnpjnh] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\extension.crx [2014-03-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0 => Key deleted successfully.
C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL not found.
HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => Key deleted successfully.
C:\Users\Debbie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll not found.
CHR StartupUrls: "https://www.google.com/webhp?source=search_app", ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh => Key deleted successfully.
"C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\extension.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

 

 

 Results of screen317's Security Check version 0.99.83 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 Java 7 Update 25 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 04 June 2014 - 10:57 AM

CHR StartupUrls: "https://www.google.com/webhp?source=search_app", ==> The Chrome "Settings" can be used to fix the entry.


Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 25

===

Any remaining issues?

#7 Fhoosa

Fhoosa
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Seabrook, TX
  • Local time:11:25 PM

Posted 04 June 2014 - 12:08 PM

It's  all looking good.

 

Thank you so very much for help and expertise.

 

Have a great week and a better weekend...

 

Fhoosa



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 04 June 2014 - 12:20 PM

Glad we could help.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:25 AM

Posted 04 June 2014 - 12:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users