Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked keyboard I think


  • This topic is locked This topic is locked
25 replies to this topic

#1 jm6chamb

jm6chamb

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 04 June 2014 - 05:08 AM

Hi All

$d 

gvyrfe

Think I posted in the wrong place before. Above is an example of my problem!

 

I have a massive problem with either virus or malware and I can't get rid of it even though I have tried every malware/spyware program possible as well as AVG.  What happens is it inserts letters such as GRVY all over the place in any application I am using.  Even in my browsers.  I find it attaches itself to programs and I can end the processes which is fine for a while but it always comes back.  Some of the programs it has attached itself to are Groove.exe and just then superantispyware.exe and I can't remember the others!!  Can someone please help.  I have searched and searched for an answer but so far to no avail!

 

Thanks



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 AM

Posted 09 June 2014 - 12:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536584 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 12 June 2014 - 11:09 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.51.2
Run by jchamberlain at 13:58:04 on 2014-06-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.2995.842 [GMT 10:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe
C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe
C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe
C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Fujitsu\Utils\FjLidMon.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBthFtpServer.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\jchamberlain\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [TouchpadBlocker.exe] "c:\program files\touchpad blocker\TouchpadBlocker.exe" -startup
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [OneNoteM] "c:\program files\microsoft office\office14\ONENOTEM.EXE" /tsr
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [FJBATAID2] c:\program files\fujitsu\batteryaid2\BatteryDaemon.exe
mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe
mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe"
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [PSUTility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [IFXSPMGT] "c:\program files\infineon\security platform software\ifxspmgt.exe" /NotifyLogon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [SMART Board Tools] "c:\program files\smart technologies\education software\SMARTBoardTools.exe"
mRun: [sbsdk-server] "c:\program files\smart technologies\education software\sbsdk-server\NodeLauncher.exe"
mRun: [SMART Board Service] "c:\program files\smart technologies\education software\SMARTBoardService.exe" -d
mRun: [SMART Ink] "c:\program files\smart technologies\education software\SMARTInk.exe" -a
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] c:\program files\national instruments\shared\niuninstaller\InstallValidator.exe -s
mRun: [CSRFTP] c:\program files\csr\bluetooth feature pack 5.0\CSRBthFtpServer.exe
mRun: [CSRBIP] c:\program files\csr\bluetooth feature pack 5.0\CSRBipPushResponder.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [AdAwareTray] "c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.1.5354.0\AdAwareTray.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: c:\users\jchamb~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jchamberlain\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jchamb~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\jchamb~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\papercut.lnk - \\ps\pcclient\win\pc-client.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: DisableChangePassword = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{90E88D6E-70B2-4470-90CF-244B1A8ABA50} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{90E88D6E-70B2-4470-90CF-244B1A8ABA50}\14E6E6160264C697E6E62E08993702960586F6E656 : DHCPNameServer = 10.4.182.20 10.4.81.103
TCP: Interfaces\{90E88D6E-70B2-4470-90CF-244B1A8ABA50}\960586F6E656 : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - 
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 27416]
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2013-8-2 12776]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-5-13 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 210200]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-5-26 42272]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-7-20 39712]
R2 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2011-12-16 3567]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-4-9 661960]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-10-19 82816]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-8-2 214696]
R3 EPPVAD2_simple;EPSON Projector ENP Audio Device;c:\windows\system32\drivers\EMP_NSAU.sys [2013-8-5 17792]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-12 109872]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2013-8-2 18816]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2013-8-2 5632]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2013-8-2 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-8-2 209920]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2013-8-2 6755840]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-13 48672]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-7-3 44064]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2013-3-7 8192]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2013-3-7 7680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2014-3-26 12320]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2013-8-2 36648]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-8-30 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2014-3-10 49856]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2011-7-13 9712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-27 110296]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2013-8-6 18944]
S3 NWLowRider;SB480;c:\windows\system32\drivers\NWLowRider.sys [2011-7-13 22768]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2013-8-30 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2013-8-30 53312]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-5 14848]
S3 silabenm;SMART Response Receiver Serial;c:\windows\system32\drivers\silabenm.sys [2011-6-23 49520]
S3 silabser;SMART Response Receiver Driver;c:\windows\system32\drivers\silabser.sys [2011-6-23 69488]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2013-3-7 15872]
S3 TiglUsb;TiglUsb.sys TI-GRAPH / DIRECT LINK USB driver;c:\windows\system32\drivers\TiglUsb.sys [2011-12-16 17024]
S3 TISLEDOS;TI Data Collection Sled OS Update Device Driver;c:\windows\system32\drivers\tisledos.sys [2011-12-15 123520]
S3 TISLEDUSB;TI Data Collection Sled Device Driver;c:\windows\system32\drivers\tisledusb.sys [2011-12-15 122496]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-5 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-8-5 27136]
S3 USBTINSP;TI-Nspire™ Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2011-12-15 122752]
S3 USBTINWB;TI Network Bridge Device Driver;c:\windows\system32\drivers\tinwbusb.sys [2011-12-15 118272]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-06-04 23:13:28 -------- d-----w- c:\users\jchamberlain\appdata\local\adawarebp
2014-06-04 10:23:19 -------- d-----w- c:\windows\ERUNT
2014-06-04 08:27:31 -------- d-----w- C:\Intel
2014-05-30 03:49:51 0 ----a-w- c:\users\jchamberlain\.uc-c21fbaa92c26d4b4d9c788b7627a66ef.jchamberlain.t730tab014.tmp
2014-05-29 06:16:21 273408 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp6de.DLL
2014-05-27 23:10:09 -------- d-----w- c:\users\jchamberlain\appdata\local\Diagnostics
2014-05-27 10:35:18 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-27 10:34:39 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-27 10:34:39 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-27 10:34:39 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-27 10:34:39 -------- d-----w- c:\programdata\Malwarebytes
2014-05-27 10:34:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-27 08:23:08 -------- d-----w- C:\FRST
2014-05-27 07:26:10 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-26 09:59:34 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-05-25 11:12:22 -------- d-----w- c:\users\jchamberlain\appdata\local\VirtualStore
2014-05-25 11:06:32 -------- d-----w- C:\AdwCleaner
2014-05-25 04:37:46 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2014-05-25 04:37:41 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-05-25 04:36:49 -------- d-----w- c:\users\jchamberlain\appdata\local\AVG
2014-05-25 04:36:48 -------- d-----w- c:\users\jchamberlain\appdata\roaming\AVG
2014-05-25 04:32:26 -------- d-----w- c:\programdata\AVG
2014-05-25 04:31:50 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-25 03:40:05 -------- d-----w- c:\users\jchamberlain\appdata\roaming\LavasoftStatistics
2014-05-25 03:35:38 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2014-05-25 03:34:15 -------- d-----w- c:\program files\Lavasoft
2014-05-25 03:33:13 -------- d-----w- c:\program files\common files\Lavasoft
2014-05-25 03:18:53 -------- d-----w- c:\users\jchamberlain\appdata\roaming\AVG2014
2014-05-25 03:15:01 -------- d-----w- c:\programdata\AVG2014
2014-05-25 03:15:01 -------- d-----w- C:\$AVG
2014-05-25 03:13:54 -------- d-----w- c:\program files\AVG
2014-05-25 03:09:40 -------- d-----w- c:\users\jchamberlain\appdata\local\MFAData
2014-05-25 03:09:40 -------- d-----w- c:\users\jchamberlain\appdata\local\Avg2014
2014-05-25 03:09:40 -------- d-----w- c:\programdata\MFAData
2014-05-25 02:14:21 -------- d-----w- c:\users\jchamberlain\appdata\roaming\QuickScan
2014-05-24 10:23:08 98816 ----a-w- c:\windows\sed.exe
2014-05-24 10:23:08 256000 ----a-w- c:\windows\PEV.exe
2014-05-24 10:23:08 208896 ----a-w- c:\windows\MBR.exe
2014-05-23 12:05:20 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-23 02:17:36 -------- d-----w- c:\program files\Enigma Software Group
2014-05-23 02:16:52 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-05-16 01:06:54 -------- d-----w- C:\My Recordings
2014-05-16 00:51:40 530432 ----a-w- c:\windows\system32\comctl32.dll
2014-05-16 00:50:24 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-05-16 00:50:24 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-05-16 00:50:08 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2014-05-16 00:49:26 175104 ----a-w- c:\windows\system32\wintrust.dll
2014-05-16 00:47:51 22016 ----a-w- c:\windows\system32\secur32.dll
2014-05-16 00:47:51 22016 ----a-w- c:\windows\system32\lsass.exe
2014-05-16 00:47:50 99840 ----a-w- c:\windows\system32\sspicli.dll
2014-05-16 00:47:50 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-16 00:47:50 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-05-16 00:47:49 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-05-16 00:47:49 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-05-16 00:47:48 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-05-16 00:47:48 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-16 00:47:48 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-16 00:47:13 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-05-16 00:46:54 163840 ----a-w- c:\windows\system32\scrrun.dll
2014-05-16 00:46:54 141824 ----a-w- c:\windows\system32\wscript.exe
2014-05-16 00:46:54 126976 ----a-w- c:\windows\system32\cscript.exe
2014-05-16 00:46:53 121856 ----a-w- c:\windows\system32\wshom.ocx
2014-05-16 00:46:31 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-05-16 00:46:30 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-05-16 00:46:29 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-05-16 00:46:12 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-05-16 00:45:56 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-16 00:45:40 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-05-16 00:45:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-05-16 00:45:40 26112 ----a-w- c:\windows\system32\lpk.dll
2014-05-16 00:45:40 10240 ----a-w- c:\windows\system32\dciman32.dll
2014-05-16 00:45:39 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-05-16 00:40:57 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-05-16 00:39:33 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-05-16 00:38:21 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-05-16 00:38:07 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-05-16 00:38:05 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-05-16 00:36:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-05-16 00:36:15 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-05-16 00:36:14 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-05-16 00:36:14 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-05-16 00:34:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2014-05-16 00:34:42 1168384 ----a-w- c:\windows\system32\crypt32.dll
2014-05-16 00:34:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
2014-05-16 00:34:18 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-05-16 00:34:17 80896 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2014-05-16 00:34:17 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2014-05-16 00:32:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-05-16 00:27:25 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-05-16 00:24:24 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2014-05-16 00:24:23 -------- d-----w- c:\program files\FREE Hi-Q Recorder
2014-05-15 11:06:50 -------- d-----w- C:\inovative-computer-room-8q3zipns1n0z
2014-05-15 06:46:05 -------- d-----w- c:\users\jchamberlain\appdata\local\Screencast-O-Matic
.
==================== Find3M  ====================
.
2014-05-14 23:21:02 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 23:21:02 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 04:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 04:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 04:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 04:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 04:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 04:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 04:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 04:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-21 04:04:55 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
.
============= FINISH: 13:59:29.48 ===============

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 13 June 2014 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your DDS log shows that AVG and Symantec Endpoint Protection are enabled.
This can only slowdown your computer. I suggest your disable one of them.
===

If you have ASUS computers you may be interested in reading this article.

http://karpolan.com/software/touchpad-blocker/asus-touchpad.html

It's not quite the problem you are having but it may help.

p.s.
Disable this process and see if the problem persists.
uRun: [TouchpadBlocker.exe] "c:\program files\touchpad blocker\TouchpadBlocker.exe" -startup
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 13 June 2014 - 09:22 PM

# AdwCleaner v3.212 - Report created 14/06/2014 at 11:26:40
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : jchamberlain - T730TAB014
# Running from : C:\Users\jchamberlain\Downloads\adwcleaner_3.212.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater18.1.0
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\jchamberlain\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [2932 octets] - [25/05/2014 21:06:34]
AdwCleaner[R2].txt - [3423 octets] - [27/05/2014 17:28:59]
AdwCleaner[R3].txt - [1256 octets] - [14/06/2014 11:22:10]
AdwCleaner[S1].txt - [3043 octets] - [25/05/2014 21:08:15]
AdwCleaner[S2].txt - [3552 octets] - [27/05/2014 17:30:16]
AdwCleaner[S3].txt - [1192 octets] - [14/06/2014 11:26:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1252 octets] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by jchamberlain (administrator) on T730TAB014 on 14-06-2014 12:07:29
Running from C:\Users\jchamberlain\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\IFXTCS.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
() C:\Program Files\Stronghold AntiMalware\StrongholdAntiMalwareService.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\snuvcdsm.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(Fujitsu Computer Systems Corporation) C:\Program Files\Fujitsu\Utils\FjDspMon.exe
(Fujitsu Computer Systems Corporation) C:\Program Files\Fujitsu\Utils\FjEvents.exe
(Fujitsu Computer Systems) C:\Program Files\Fujitsu\Utils\FjLidMon.exe
(Fujitsu Computer Systems Corporation) C:\Program Files\Fujitsu\Utils\fjmnuico.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Security Stronghold) C:\Program Files\Stronghold AntiMalware\StrongholdAntiMalware.exe
(Dropbox, Inc.) C:\Users\jchamberlain\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
(Infineon Technologies AG) C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-09-24] (Symantec Corporation)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2013-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7862816 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [FJBATAID2] => C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe [107880 2009-10-16] (FUJITSU LIMITED)
HKLM\...\Run: [FjStrtAp] => C:\Program Files\Fujitsu\Utils\FjStrtAp.exe [20480 2009-10-12] (Fujitsu Computer Systems Corp.)
HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [128360 2009-07-23] (FUJITSU LIMITED)
HKLM\...\Run: [ATSwpNav] => "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
HKLM\...\Run: [IndicatorUtility] => C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [144744 2009-07-27] (FUJITSU LIMITED)
HKLM\...\Run: [SSUtility] => C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe [193832 2007-12-14] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-14] (FUJITSU LIMITED)
HKLM\...\Run: [IFXSPMGT] => C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe [1107232 2009-08-04] (Infineon Technologies AG)
HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [24576 2009-05-22] ()
HKLM\...\Run: [SMART Board Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [9279824 2013-01-31] (SMART Technologies ULC)
HKLM\...\Run: [sbsdk-server] => C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62800 2013-03-07] (SMART Technologies)
HKLM\...\Run: [SMART Board Service] => C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2111824 2013-03-07] (SMART Technologies)
HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [99152 2013-03-04] (SMART Technologies)
HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-28] (Lavasoft)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [6699864 2014-06-03] ()
HKLM\...\Run: [Stronghold AntiMalware] => C:\Program Files\Stronghold AntiMalware\StrongholdAntiMalware.exe [6478760 2014-06-13] (Security Stronghold)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-121203421-1191261774-1276206517-2510\...\Policies\system: [DisableChangePassword] 1
HKU\S-1-5-21-121203421-1191261774-1276206517-2510\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-121203421-1191261774-1276206517-2510\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-121203421-1191261774-1276206517-2510\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-121203421-1191261774-1276206517-2510\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-121203421-1191261774-1276206517-2510\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-121203421-1191261774-1276206517-2510\...\Policies\Explorer: [NoNetHood] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jchamberlain\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PaperCut.lnk
ShortcutTarget: PaperCut.lnk -> \\ps\PCClient\win\pc-client.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E038848D99CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {830E757D-9048-42BE-B882-F5923508C72C} URL = 
SearchScopes: HKCU - Google_com URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.775 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.775 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=1.0.0.0 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.775 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @abr.gov.au/KeyMgmtPlugin - C:\Users\jchamberlain\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Drive) - C:\Users\jchamberlain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jchamberlain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (avast! Online Security) - C:\Users\jchamberlain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-13]
CHR Extension: (Adblock Super) - C:\Users\jchamberlain\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-06-06]
CHR Extension: (Google Wallet) - C:\Users\jchamberlain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JCHAMB~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-23]
 
========================== Services (Whitelisted) =================
 
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1824064 2010-04-09] (AuthenTec, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-09-24] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-09-24] (Symantec Corporation)
S4 EMP_NSWLSV; C:\Program Files\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe [98304 2009-10-23] (SEIKO EPSON CORPORATION) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1074480 2013-08-05] (Flexera Software LLC)
R2 IFXSpMgtSrv; C:\Program Files\Infineon\Security Platform Software\ifxspmgt.exe [1107232 2009-08-04] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files\Infineon\Security Platform Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
R2 PersonalSecureDriveService; C:\Program Files\Infineon\Security Platform Software\IfxPsdSv.exe [214304 2009-07-20] (Infineon Technologies AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [62824 2009-07-27] (FUJITSU LIMITED)
S4 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2012-04-10] (Intuit) [File not signed]
S4 QDLService2kSierra; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kSierra.exe [329976 2009-10-01] (QUALCOMM, Inc.)
R2 ServiceSAM; C:\Program Files\Stronghold AntiMalware\StrongholdAntiMalwareService.exe [2265512 2014-06-04] ()
R2 SMARTHelperService; C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe [582992 2013-03-07] (SMART Technologies)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1881368 2010-09-24] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [349512 2010-09-24] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1831024 2010-09-24] (Symantec Corporation)
R2 UNS; C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S4 USBDLM; C:\Program Files\USBDLM\USBDLM.exe [257024 2010-11-06] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
S2 astcc; C:\Windows\system32\ASTSRV.EXE [X]
S2 O2Flash; C:\Windows\system32\o2flash.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-05-26] (AVG Technologies)
R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [82816 2011-04-20] (Fengtao Software Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-12] (Symantec Corporation)
R3 EPPVAD2_simple; C:\Windows\System32\drivers\EMP_NSAU.sys [17792 2009-09-14] (SEIKO EPSON CORPORATION)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-12] (Symantec Corporation)
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40832 2002-06-03] (Creative Technology Ltd.)
R3 Fjbtndrv; C:\Windows\System32\DRIVERS\FjBtnDrv.sys [18816 2009-08-27] (Fujitsu America, Inc.)
R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [12776 2013-08-02] (FUJITSU LIMITED)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [5888 2006-11-01] (FUJITSU LIMITED)
S3 hidkmdf; C:\Windows\system32\drivers\hidkmdf.sys [9712 2011-07-13] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20140610.038\NAVENG.SYS [93272 2014-04-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20140610.038\NAVEX15.SYS [1612376 2014-04-21] (Symantec Corporation)
S3 NWLowRider; C:\Windows\system32\drivers\NWLowRider.sys [22768 2011-07-13] ()
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [39712 2009-07-20] (Infineon Technologies AG)
R2 PortTalk; C:\Windows\system32\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed]
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2013-09-01] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2013-09-01] (microOLAP Technologies LTD)
S3 silabenm; C:\Windows\system32\drivers\silabenm.sys [49520 2011-06-23] (Silicon Laboratories, Inc.)
S3 silabser; C:\Windows\system32\drivers\silabser.sys [69488 2011-06-23] (Silicon Laboratories)
S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [8192 2013-03-07] (SMART Technologies)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [7680 2013-03-07] (SMART Technologies)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [15872 2013-03-07] (SMART Technologies ULC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3487104 2009-09-04] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2010-09-24] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-09-24] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-09-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-09-24] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-08-29] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67472 2010-09-24] (Symantec Corporation)
S3 TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
S3 TiglUsb; C:\Windows\System32\Drivers\TiglUsb.sys [17024 2006-07-09] (The TiLP Team) [File not signed]
S3 TISLEDOS; C:\Windows\system32\drivers\tisledos.sys [123520 2011-12-15] (Texas Instruments)
S3 TISLEDUSB; C:\Windows\system32\drivers\tisledusb.sys [122496 2011-12-15] (Texas Instruments)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 USBTINSP; C:\Windows\system32\drivers\tinspusb.sys [122752 2011-12-15] (Texas Instruments)
S3 USBTINWB; C:\Windows\system32\drivers\tinwbusb.sys [118272 2011-12-15] (Texas Instruments)
R3 WISDPen; C:\Windows\System32\DRIVERS\wisdpen.sys [36648 2009-08-24] (Wacom Technology)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [43336 2010-09-24] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2014-04-21] (Symantec Corporation)
S3 catchme; \??\C:\Users\JCHAMB~1\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 STI2303X; \SystemRoot\System32\Drivers\STI2303X.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-14 12:05 - 2014-06-14 12:06 - 01073152 _____ (Farbar) C:\Users\jchamberlain\Desktop\FRST.exe
2014-06-14 11:44 - 2014-06-14 11:44 - 01333465 _____ () C:\Users\jchamberlain\Downloads\adwcleaner_3.212 (1).exe
2014-06-14 11:21 - 2014-06-14 11:21 - 01333465 _____ () C:\Users\jchamberlain\Downloads\adwcleaner_3.212.exe
2014-06-14 11:20 - 2014-06-14 11:20 - 00000029 _____ () C:\Users\jchamberlain\Desktop\rid of virus instructions.txt
2014-06-14 09:37 - 2014-06-14 09:37 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Lavasoft
2014-06-13 23:45 - 2014-06-14 12:07 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-06-13 23:45 - 2014-06-14 12:07 - 00000000 ____D () C:\ProgramData\Documents\Stronghold AntiMalware
2014-06-13 23:45 - 2014-06-13 23:46 - 00000000 ____D () C:\Program Files\Stronghold AntiMalware
2014-06-13 23:45 - 2014-06-13 23:45 - 00002048 _____ () C:\Users\jchamberlain\Desktop\Stronghold AntiMalware.lnk
2014-06-13 23:45 - 2014-06-13 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2014-06-13 23:44 - 2014-06-13 23:45 - 06207336 _____ (Security Stronghold ) C:\Users\jchamberlain\Downloads\StrongholdAntiMalware.exe
2014-06-13 23:25 - 2014-06-14 11:48 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-13 23:25 - 2014-06-14 11:48 - 00002305 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2014-06-13 23:25 - 2014-06-13 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-13 23:23 - 2014-06-13 23:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-13 23:21 - 2014-06-13 23:21 - 01707144 _____ () C:\Users\jchamberlain\Downloads\Adaware_Installer (1).exe
2014-06-13 18:07 - 2014-06-13 18:08 - 00688992 _____ (Swearware) C:\Users\jchamberlain\Downloads\dds (1).com
2014-06-13 17:40 - 2014-06-13 17:40 - 00003280 ____N () C:\bootsqm.dat
2014-06-13 13:59 - 2014-06-13 13:59 - 00028359 _____ () C:\Users\jchamberlain\Desktop\dds.txt
2014-06-13 13:59 - 2014-06-13 13:59 - 00020302 _____ () C:\Users\jchamberlain\Desktop\attach.txt
2014-06-13 13:57 - 2014-06-13 13:57 - 00688992 ____R (Swearware) C:\Users\jchamberlain\Downloads\dds.com
2014-06-12 12:31 - 2014-06-12 12:31 - 00002976 _____ () C:\Users\jchamberlain\Downloads\Year 7 Robotics Sem 1.csv
2014-06-12 12:30 - 2014-06-12 14:20 - 00003269 _____ () C:\Users\jchamberlain\Documents\Year 7 Robotics Sem 1.csv
2014-06-11 12:47 - 2014-06-11 12:47 - 00002061 _____ () C:\Users\jchamberlain\Downloads\Positive robotics.html
2014-06-11 12:46 - 2014-06-11 12:46 - 00002049 _____ () C:\Users\jchamberlain\Downloads\NegativeRobotics.html
2014-06-11 10:09 - 2014-06-14 11:47 - 00001580 _____ () C:\Windows\PFRO.log
2014-06-09 18:36 - 2014-06-09 18:36 - 00325406 _____ () C:\Users\jchamberlain\Downloads\June 10th.pptx
2014-06-06 11:53 - 2014-06-06 11:53 - 00298074 _____ () C:\Users\jchamberlain\Downloads\00005F2C (1).WAV
2014-06-06 11:51 - 2014-06-06 11:51 - 00300122 _____ () C:\Users\jchamberlain\Downloads\00005FBA.WAV
2014-06-05 09:13 - 2014-06-05 09:14 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\adawarebp
2014-06-04 23:18 - 2014-06-04 23:18 - 00298074 _____ () C:\Users\jchamberlain\Downloads\00005F2C.WAV
2014-06-04 20:39 - 2014-06-04 20:39 - 00001192 _____ () C:\Users\jchamberlain\Desktop\JRT.txt
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 20:22 - 2014-06-04 20:22 - 01016261 _____ (Thisisu) C:\Users\jchamberlain\Downloads\JRT.exe
2014-06-04 19:41 - 2014-06-04 19:41 - 00000000 ____D () C:\Users\jchamberlain\Desktop\FRST-OlderVersion
2014-06-04 18:29 - 2014-06-14 11:46 - 00500186 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 18:27 - 2014-06-04 18:27 - 00000000 ____D () C:\Intel
2014-06-04 18:25 - 2014-06-14 11:47 - 00001064 _____ () C:\Windows\setupact.log
2014-06-04 18:25 - 2014-06-04 18:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 13:49 - 2014-05-30 13:49 - 00000000 _____ () C:\Users\jchamberlain\.uc-c21fbaa92c26d4b4d9c788b7627a66ef.jchamberlain.t730tab014.tmp
2014-05-29 17:23 - 2014-05-29 17:23 - 00013767 _____ () C:\Users\jchamberlain\Downloads\sem1 exam ttables (2).xlsx
2014-05-29 14:44 - 2014-05-29 14:55 - 00405504 _____ () C:\Users\jchamberlain\Documents\Database12.accdb
2014-05-29 09:53 - 2014-05-29 09:53 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable (3).xlsx
2014-05-29 09:34 - 2014-05-29 09:34 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable (2).xlsx
2014-05-29 09:33 - 2014-05-29 09:33 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable (1).xlsx
2014-05-28 09:29 - 2014-05-28 09:29 - 00000194 _____ () C:\Windows\wininit.ini
2014-05-27 20:34 - 2014-05-27 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 20:33 - 2014-05-27 20:33 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\jchamberlain\Desktop\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-05-27 18:48 - 2014-06-04 14:33 - 00003038 _____ () C:\Users\jchamberlain\Desktop\Rkill.txt
2014-05-27 18:48 - 2014-05-27 18:48 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\jchamberlain\Desktop\rkill.exe
2014-05-27 18:43 - 2014-05-27 18:44 - 00486273 _____ () C:\Users\jchamberlain\Downloads\vba32arkiten.chm
2014-05-27 18:42 - 2014-05-27 18:42 - 00000000 ____D () C:\Users\jchamberlain\Desktop\vba32arkit
2014-05-27 18:41 - 2009-11-05 17:32 - 00004473 _____ () C:\Users\jchamberlain\Desktop\readme.ru
2014-05-27 18:41 - 2009-11-05 17:22 - 00501345 _____ () C:\Users\jchamberlain\Desktop\Vba32ArkitEN.chm
2014-05-27 18:41 - 2009-11-05 17:22 - 00489413 _____ () C:\Users\jchamberlain\Desktop\Vba32ArkitRU.chm
2014-05-27 18:41 - 2009-11-04 18:17 - 00671032 _____ (VirusBlokAda Ltd.) C:\Users\jchamberlain\Desktop\Vba32arkit.exe
2014-05-27 18:41 - 2009-11-04 18:17 - 00308032 _____ (VirusBlokAda Ltd.) C:\Users\jchamberlain\Desktop\Vba32ar.dll
2014-05-27 18:41 - 2009-11-04 18:17 - 00089416 _____ (VirusBlokAda Ltd.) C:\Users\jchamberlain\Desktop\Vba32arch.dll
2014-05-27 18:41 - 2002-10-13 21:06 - 00011536 _____ (Microsoft Corporation) C:\Users\jchamberlain\Desktop\sporder.dll
2014-05-27 18:40 - 2014-05-27 18:40 - 01472131 _____ () C:\Users\jchamberlain\Desktop\vba32arkit.zip
2014-05-27 18:25 - 2014-05-27 18:27 - 00057987 _____ () C:\Users\jchamberlain\Desktop\Addition.txt
2014-05-27 18:23 - 2014-06-14 12:07 - 00026388 _____ () C:\Users\jchamberlain\Desktop\FRST.txt
2014-05-27 18:23 - 2014-06-14 12:07 - 00000000 ____D () C:\FRST
2014-05-27 17:39 - 2014-05-27 17:39 - 00000780 _____ () C:\Users\jchamberlain\Desktop\avg.csv
2014-05-27 17:26 - 2014-05-27 17:26 - 00033961 _____ () C:\ComboFix.txt
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\anderson\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-05-27 13:56 - 2014-06-04 15:42 - 00010756 _____ () C:\Users\jchamberlain\Desktop\avgrep.txt
2014-05-27 13:42 - 2014-05-27 16:04 - 00003396 _____ () C:\Users\jchamberlain\Desktop\aswMBR.txt
2014-05-27 13:42 - 2014-05-27 16:04 - 00000512 _____ () C:\Users\jchamberlain\Desktop\MBR.dat
2014-05-27 13:39 - 2014-05-27 13:40 - 04745728 _____ (AVAST Software) C:\Users\jchamberlain\Desktop\aswMBR.exe
2014-05-26 20:31 - 2014-05-26 20:32 - 00131911 _____ () C:\Users\jchamberlain\Downloads\Bullying quiz ppt.zip
2014-05-26 19:59 - 2014-05-26 19:57 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-05-26 14:05 - 2014-05-26 14:05 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable.xlsx
2014-05-26 13:58 - 2014-05-26 13:58 - 00015005 _____ () C:\Users\jchamberlain\Downloads\sem1 exam ttables (1).xlsx
2014-05-26 13:50 - 2014-05-26 13:51 - 00017141 _____ () C:\Users\jchamberlain\Downloads\sem1 exam ttables.xlsx
2014-05-26 11:34 - 2014-05-26 11:34 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Mozilla
2014-05-25 21:12 - 2014-05-27 18:43 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\VirtualStore
2014-05-25 21:06 - 2014-06-14 11:46 - 00000000 ____D () C:\AdwCleaner
2014-05-25 14:36 - 2014-05-25 14:36 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\AVG
2014-05-25 14:36 - 2014-05-25 14:36 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\AVG
2014-05-25 14:32 - 2014-05-25 14:59 - 00000000 ____D () C:\ProgramData\AVG
2014-05-25 14:31 - 2014-06-04 14:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-25 14:28 - 2014-05-25 14:29 - 70431144 _____ (AVG) C:\Users\jchamberlain\Downloads\avg_tuht_stf_all_2014_423.exe
2014-05-25 13:40 - 2014-05-25 13:40 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\LavasoftStatistics
2014-05-25 13:35 - 2014-06-14 12:01 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-05-25 13:34 - 2014-06-13 23:24 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-25 13:31 - 2014-05-25 13:31 - 01727624 _____ () C:\Users\jchamberlain\Downloads\Adaware_Installer.exe
2014-05-25 13:31 - 2014-05-25 13:31 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-25 13:29 - 2014-05-25 13:29 - 22210632 _____ (Bitdefender LLC) C:\Users\jchamberlain\Downloads\RemovalToolUnifiedLauncher_tdl4_ext.exe
2014-05-25 13:18 - 2014-05-25 13:18 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\AVG2014
2014-05-25 13:16 - 2014-05-25 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-25 13:16 - 2014-05-25 13:16 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-25 13:16 - 2014-05-25 13:16 - 00000935 _____ () C:\ProgramData\Desktop\AVG 2014.lnk
2014-05-25 13:15 - 2014-05-25 13:17 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-25 13:15 - 2014-05-25 13:15 - 00000000 ____D () C:\$AVG
2014-05-25 13:13 - 2014-06-13 20:21 - 00000000 ____D () C:\Program Files\AVG
2014-05-25 13:12 - 2014-05-25 13:12 - 21727312 _____ (Bitdefender LLC) C:\Users\jchamberlain\Downloads\RemovalToolUnifiedLauncher_sirefef.exe
2014-05-25 13:09 - 2014-06-14 09:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-25 13:09 - 2014-05-25 14:28 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Avg2014
2014-05-25 13:09 - 2014-05-25 13:09 - 04487232 _____ (AVG Technologies) C:\Users\jchamberlain\Downloads\avg_free_stb_all_2014_4592_free.exe
2014-05-25 13:09 - 2014-05-25 13:09 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\MFAData
2014-05-25 13:01 - 2014-05-25 13:01 - 00388267 _____ () C:\Users\jchamberlain\AppData\Local\census.cache
2014-05-25 13:00 - 2014-05-25 13:00 - 00192249 _____ () C:\Users\jchamberlain\AppData\Local\ars.cache
2014-05-25 12:20 - 2014-05-25 12:20 - 00000036 _____ () C:\Users\jchamberlain\AppData\Local\housecall.guid.cache
2014-05-25 12:19 - 2014-05-25 12:19 - 02002944 _____ (Trend Micro Inc.) C:\Users\jchamberlain\Downloads\HousecallLauncher.exe
2014-05-25 12:14 - 2014-05-27 17:41 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\QuickScan
2014-05-24 21:09 - 2014-05-24 21:09 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\jchamberlain\Downloads\tdsskiller.exe
2014-05-24 20:23 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-24 20:23 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-24 20:23 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-24 20:23 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-24 20:23 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-24 20:23 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-24 20:23 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-24 20:23 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-24 20:21 - 2014-05-27 17:26 - 00000000 ____D () C:\Qoobox
2014-05-24 20:20 - 2014-05-24 20:48 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 20:19 - 2014-05-24 20:19 - 05200426 ____R (Swearware) C:\Users\jchamberlain\Downloads\ComboFix.exe
2014-05-23 22:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-23 12:17 - 2014-05-23 12:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-23 12:16 - 2014-05-27 13:26 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-05-23 12:15 - 2014-05-23 12:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jchamberlain\Downloads\SpyHunter-Installer.exe
2014-05-23 09:18 - 2014-05-23 09:18 - 00139102 _____ () C:\Users\jchamberlain\Downloads\PastedGraphic-2.tiff
2014-05-23 09:12 - 2014-05-23 09:12 - 00014691 _____ () C:\Users\jchamberlain\Downloads\sem1 yr12 exam ttable.xlsx
2014-05-21 18:35 - 2014-05-21 18:35 - 00018867 _____ () C:\Users\jchamberlain\Desktop\house repay.xlsx
2014-05-21 12:28 - 2014-05-21 12:28 - 00524288 _____ () C:\Users\jchamberlain\Downloads\DVD Database for Year 8 (3).accdb
2014-05-21 12:27 - 2014-05-21 12:51 - 00573440 _____ () C:\Users\jchamberlain\Downloads\DVD Database for Year 8 (2).accdb
2014-05-16 11:06 - 2014-05-16 15:19 - 00000000 ____D () C:\My Recordings
2014-05-16 10:51 - 2013-07-04 21:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-05-16 10:50 - 2013-07-09 14:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-05-16 10:50 - 2013-07-03 13:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-05-16 10:50 - 2013-07-03 13:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-05-16 10:49 - 2013-07-09 14:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-05-16 10:47 - 2013-10-19 11:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-16 10:47 - 2013-09-25 12:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 10:47 - 2013-09-25 12:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 10:47 - 2013-09-25 11:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 10:47 - 2013-09-25 11:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 10:47 - 2013-09-25 11:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 10:47 - 2013-09-25 11:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 10:47 - 2013-09-25 11:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-05-16 10:47 - 2013-09-25 10:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 10:47 - 2013-09-25 10:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 10:47 - 2013-07-04 22:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-16 10:46 - 2013-10-12 12:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-16 10:46 - 2013-10-12 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-16 10:46 - 2013-10-12 11:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-16 10:46 - 2013-10-12 11:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-16 10:46 - 2013-08-01 21:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-05-16 10:46 - 2013-07-09 15:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-16 10:46 - 2013-07-09 15:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 10:46 - 2013-07-09 14:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-16 10:45 - 2013-07-20 20:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-16 10:45 - 2013-06-06 14:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-05-16 10:45 - 2013-06-06 14:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-05-16 10:45 - 2013-06-06 14:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-05-16 10:45 - 2013-06-06 13:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-05-16 10:45 - 2013-06-06 13:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-05-16 10:40 - 2013-07-06 15:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-16 10:39 - 2013-07-25 18:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-05-16 10:38 - 2013-10-30 11:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-16 10:38 - 2013-10-04 11:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-16 10:38 - 2013-10-04 11:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-16 10:36 - 2013-10-12 12:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-05-16 10:36 - 2013-10-12 12:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-05-16 10:36 - 2013-10-12 12:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-05-16 10:36 - 2013-10-03 11:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-05-16 10:34 - 2013-10-06 05:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-05-16 10:34 - 2013-07-12 20:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-05-16 10:34 - 2013-07-12 20:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-05-16 10:34 - 2013-07-12 20:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-05-16 10:34 - 2013-07-09 14:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-05-16 10:34 - 2013-07-09 14:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-05-16 10:33 - 2013-10-25 14:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 10:33 - 2013-10-25 14:45 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 10:33 - 2013-10-25 14:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 10:33 - 2013-10-25 14:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 10:33 - 2013-10-25 14:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 10:33 - 2013-10-25 13:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 10:33 - 2013-10-25 12:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 10:33 - 2013-06-26 08:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-05-16 10:32 - 2013-08-02 11:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-16 10:32 - 2013-08-02 11:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-16 10:32 - 2013-08-02 11:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 10:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-05-16 10:32 - 2013-08-02 10:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 10:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 10:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-05-16 10:32 - 2013-08-02 10:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-05-16 10:27 - 2013-06-15 13:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-05-16 10:24 - 2014-05-16 10:24 - 00000956 _____ () C:\Users\jchamberlain\Desktop\FREE Hi-Q Recorder.lnk
2014-05-16 10:24 - 2014-05-16 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE Hi-Q Recorder
2014-05-16 10:24 - 2014-05-16 10:24 - 00000000 ____D () C:\Program Files\FREE Hi-Q Recorder
2014-05-16 10:24 - 2004-08-10 04:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\system32\msvbvm50.dll
2014-05-16 10:22 - 2014-05-16 10:23 - 03101184 _____ () C:\Users\jchamberlain\Downloads\freehiqrec.exe
2014-05-15 21:06 - 2014-05-15 21:07 - 04539634 _____ () C:\Users\jchamberlain\Downloads\keyelementsofanoperationssystemindifferent-121105144226-phpapp01.pptx
2014-05-15 21:06 - 2014-05-15 21:06 - 00000000 ____D () C:\inovative-computer-room-8q3zipns1n0z
2014-05-15 20:43 - 2014-05-15 20:48 - 74498619 _____ () C:\inovative-computer-room-8q3zipns1n0z.zip
2014-05-15 16:52 - 2014-05-15 16:52 - 78401114 _____ () C:\Users\jchamberlain\Desktop\May15 0452.wmv
2014-05-15 16:46 - 2014-05-16 15:27 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Screencast-O-Matic
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2014-05-15 16:45 - 2014-05-15 16:45 - 28609640 _____ () C:\Users\jchamberlain\Downloads\InstallScreencastOMatic-v1.4.exe
2014-05-15 10:57 - 2014-05-15 10:57 - 00013123 _____ () C:\Users\jchamberlain\Downloads\NAPLAN ttable 2014 (1).xlsx
 
==================== One Month Modified Files and Folders =======
 
2014-06-14 12:09 - 2014-05-27 18:23 - 00026388 _____ () C:\Users\jchamberlain\Desktop\FRST.txt
2014-06-14 12:09 - 2013-08-05 16:53 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Temp
2014-06-14 12:07 - 2014-06-13 23:45 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2014-06-14 12:07 - 2014-06-13 23:45 - 00000000 ____D () C:\ProgramData\Documents\Stronghold AntiMalware
2014-06-14 12:07 - 2014-05-27 18:23 - 00000000 ____D () C:\FRST
2014-06-14 12:06 - 2014-06-14 12:05 - 01073152 _____ (Farbar) C:\Users\jchamberlain\Desktop\FRST.exe
2014-06-14 12:03 - 2013-08-15 14:41 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Dropbox
2014-06-14 12:02 - 2014-04-30 11:05 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\DropboxMaster
2014-06-14 12:02 - 2013-08-15 14:44 - 00000000 ___RD () C:\Users\jchamberlain\Dropbox
2014-06-14 12:01 - 2014-06-04 18:29 - 00500186 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 12:01 - 2014-05-25 13:35 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-06-14 12:01 - 2013-12-29 15:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 12:01 - 2013-08-05 16:54 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\WTablet
2014-06-14 11:51 - 2013-12-29 15:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 11:48 - 2014-06-13 23:25 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-06-14 11:48 - 2014-06-13 23:25 - 00002305 _____ () C:\ProgramData\Desktop\Ad-Aware Antivirus.lnk
2014-06-14 11:47 - 2014-06-11 10:09 - 00001580 _____ () C:\Windows\PFRO.log
2014-06-14 11:47 - 2014-06-04 18:25 - 00001064 _____ () C:\Windows\setupact.log
2014-06-14 11:47 - 2009-07-14 14:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 11:46 - 2014-05-25 21:06 - 00000000 ____D () C:\AdwCleaner
2014-06-14 11:46 - 2009-07-14 14:34 - 00029408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 11:46 - 2009-07-14 14:34 - 00029408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 11:44 - 2014-06-14 11:44 - 01333465 _____ () C:\Users\jchamberlain\Downloads\adwcleaner_3.212 (1).exe
2014-06-14 11:21 - 2014-06-14 11:21 - 01333465 _____ () C:\Users\jchamberlain\Downloads\adwcleaner_3.212.exe
2014-06-14 11:20 - 2014-06-14 11:20 - 00000029 _____ () C:\Users\jchamberlain\Desktop\rid of virus instructions.txt
2014-06-14 11:18 - 2013-08-05 11:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 09:39 - 2014-05-25 13:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-14 09:37 - 2014-06-14 09:37 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Lavasoft
2014-06-13 23:46 - 2014-06-13 23:45 - 00000000 ____D () C:\Program Files\Stronghold AntiMalware
2014-06-13 23:45 - 2014-06-13 23:45 - 00002048 _____ () C:\Users\jchamberlain\Desktop\Stronghold AntiMalware.lnk
2014-06-13 23:45 - 2014-06-13 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold AntiMalware
2014-06-13 23:45 - 2014-06-13 23:44 - 06207336 _____ (Security Stronghold ) C:\Users\jchamberlain\Downloads\StrongholdAntiMalware.exe
2014-06-13 23:25 - 2014-06-13 23:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-13 23:24 - 2014-05-25 13:34 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-13 23:23 - 2014-06-13 23:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-13 23:21 - 2014-06-13 23:21 - 01707144 _____ () C:\Users\jchamberlain\Downloads\Adaware_Installer (1).exe
2014-06-13 20:21 - 2014-05-25 13:13 - 00000000 ____D () C:\Program Files\AVG
2014-06-13 18:08 - 2014-06-13 18:07 - 00688992 _____ (Swearware) C:\Users\jchamberlain\Downloads\dds (1).com
2014-06-13 18:00 - 2013-08-22 12:20 - 00000000 ____D () C:\Users\jchamberlain\Documents\Bluetooth FTP Share
2014-06-13 17:40 - 2014-06-13 17:40 - 00003280 ____N () C:\bootsqm.dat
2014-06-13 14:02 - 2013-08-05 14:50 - 00000000 ____D () C:\Data Personal
2014-06-13 13:59 - 2014-06-13 13:59 - 00028359 _____ () C:\Users\jchamberlain\Desktop\dds.txt
2014-06-13 13:59 - 2014-06-13 13:59 - 00020302 _____ () C:\Users\jchamberlain\Desktop\attach.txt
2014-06-13 13:57 - 2014-06-13 13:57 - 00688992 ____R (Swearware) C:\Users\jchamberlain\Downloads\dds.com
2014-06-13 13:16 - 2013-08-05 16:56 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Deployment
2014-06-12 16:41 - 2011-08-29 11:06 - 00863902 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 16:37 - 2011-09-06 12:51 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-12 16:33 - 2013-08-05 16:54 - 00001753 _____ () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Drosophila Genetics Lab.lnk
2014-06-12 16:33 - 2013-08-05 16:54 - 00001735 _____ () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Ultimate Maths Invaders.lnk
2014-06-12 16:33 - 2013-08-05 16:54 - 00001691 _____ () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Maths300.lnk
2014-06-12 16:33 - 2013-08-05 16:54 - 00001598 _____ () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Read&Write 10.lnk
2014-06-12 16:33 - 2013-08-05 16:54 - 00001573 _____ () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra (School Network).lnk
2014-06-12 16:33 - 2013-08-05 16:54 - 00001555 _____ () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\PaperCut.lnk
2014-06-12 14:20 - 2014-06-12 12:30 - 00003269 _____ () C:\Users\jchamberlain\Documents\Year 7 Robotics Sem 1.csv
2014-06-12 12:31 - 2014-06-12 12:31 - 00002976 _____ () C:\Users\jchamberlain\Downloads\Year 7 Robotics Sem 1.csv
2014-06-11 12:47 - 2014-06-11 12:47 - 00002061 _____ () C:\Users\jchamberlain\Downloads\Positive robotics.html
2014-06-11 12:46 - 2014-06-11 12:46 - 00002049 _____ () C:\Users\jchamberlain\Downloads\NegativeRobotics.html
2014-06-10 18:24 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-06-10 14:30 - 2011-12-14 12:43 - 00000000 ____D () C:\Datafiles
2014-06-09 18:36 - 2014-06-09 18:36 - 00325406 _____ () C:\Users\jchamberlain\Downloads\June 10th.pptx
2014-06-06 19:16 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-06 11:53 - 2014-06-06 11:53 - 00298074 _____ () C:\Users\jchamberlain\Downloads\00005F2C (1).WAV
2014-06-06 11:51 - 2014-06-06 11:51 - 00300122 _____ () C:\Users\jchamberlain\Downloads\00005FBA.WAV
2014-06-05 10:18 - 2013-09-24 12:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-05 09:14 - 2014-06-05 09:13 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\adawarebp
2014-06-04 23:18 - 2014-06-04 23:18 - 00298074 _____ () C:\Users\jchamberlain\Downloads\00005F2C.WAV
2014-06-04 20:39 - 2014-06-04 20:39 - 00001192 _____ () C:\Users\jchamberlain\Desktop\JRT.txt
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\Windows\ERUNT
2014-06-04 20:22 - 2014-06-04 20:22 - 01016261 _____ (Thisisu) C:\Users\jchamberlain\Downloads\JRT.exe
2014-06-04 19:41 - 2014-06-04 19:41 - 00000000 ____D () C:\Users\jchamberlain\Desktop\FRST-OlderVersion
2014-06-04 18:27 - 2014-06-04 18:27 - 00000000 ____D () C:\Intel
2014-06-04 18:25 - 2014-06-04 18:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-04 18:13 - 2013-08-30 13:39 - 00000941 _____ () C:\Windows\asfbinwin.INI
2014-06-04 15:42 - 2014-05-27 13:56 - 00010756 _____ () C:\Users\jchamberlain\Desktop\avgrep.txt
2014-06-04 14:33 - 2014-05-27 18:48 - 00003038 _____ () C:\Users\jchamberlain\Desktop\Rkill.txt
2014-06-04 14:01 - 2014-05-25 14:31 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-06-04 14:01 - 2014-03-04 13:31 - 00000000 __HDC () C:\ProgramData\{6AE5A5A8-F3EA-43CC-BCD9-36E56E3C1F2F}
2014-06-04 14:01 - 2013-12-03 15:09 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-06-04 14:01 - 2013-09-02 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools Word Recovery
2014-06-04 14:01 - 2013-08-30 19:26 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Downloaded Installations
2014-06-04 14:01 - 2011-10-13 13:34 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2014-05-30 13:49 - 2014-05-30 13:49 - 00000000 _____ () C:\Users\jchamberlain\.uc-c21fbaa92c26d4b4d9c788b7627a66ef.jchamberlain.t730tab014.tmp
2014-05-30 13:49 - 2013-08-05 16:52 - 00000000 ____D () C:\Users\jchamberlain
2014-05-29 17:23 - 2014-05-29 17:23 - 00013767 _____ () C:\Users\jchamberlain\Downloads\sem1 exam ttables (2).xlsx
2014-05-29 16:16 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\system32\spool
2014-05-29 14:55 - 2014-05-29 14:44 - 00405504 _____ () C:\Users\jchamberlain\Documents\Database12.accdb
2014-05-29 09:53 - 2014-05-29 09:53 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable (3).xlsx
2014-05-29 09:34 - 2014-05-29 09:34 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable (2).xlsx
2014-05-29 09:34 - 2013-08-05 16:56 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Apps\2.0
2014-05-29 09:33 - 2014-05-29 09:33 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable (1).xlsx
2014-05-28 09:29 - 2014-05-28 09:29 - 00000194 _____ () C:\Windows\wininit.ini
2014-05-28 09:29 - 2013-08-15 14:44 - 00001000 _____ () C:\Users\jchamberlain\Desktop\Dropbox.lnk
2014-05-28 09:29 - 2013-08-15 14:42 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 20:34 - 2014-05-27 20:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 20:33 - 2014-05-27 20:33 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\jchamberlain\Desktop\mbam-setup-majorgeeks-2.0.2.1012.exe
2014-05-27 18:48 - 2014-05-27 18:48 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\jchamberlain\Desktop\rkill.exe
2014-05-27 18:44 - 2014-05-27 18:43 - 00486273 _____ () C:\Users\jchamberlain\Downloads\vba32arkiten.chm
2014-05-27 18:43 - 2014-05-25 21:12 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\VirtualStore
2014-05-27 18:42 - 2014-05-27 18:42 - 00000000 ____D () C:\Users\jchamberlain\Desktop\vba32arkit
2014-05-27 18:40 - 2014-05-27 18:40 - 01472131 _____ () C:\Users\jchamberlain\Desktop\vba32arkit.zip
2014-05-27 18:27 - 2014-05-27 18:25 - 00057987 _____ () C:\Users\jchamberlain\Desktop\Addition.txt
2014-05-27 17:41 - 2014-05-25 12:14 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\QuickScan
2014-05-27 17:39 - 2014-05-27 17:39 - 00000780 _____ () C:\Users\jchamberlain\Desktop\avg.csv
2014-05-27 17:36 - 2014-01-28 18:43 - 00000000 ___RD () C:\Users\jchamberlain\Google Drive
2014-05-27 17:26 - 2014-05-27 17:26 - 00033961 _____ () C:\ComboFix.txt
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\anderson\AppData\Local\temp
2014-05-27 17:26 - 2014-05-27 17:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-05-27 17:26 - 2014-05-24 20:21 - 00000000 ____D () C:\Qoobox
2014-05-27 17:24 - 2009-07-14 12:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 16:04 - 2014-05-27 13:42 - 00003396 _____ () C:\Users\jchamberlain\Desktop\aswMBR.txt
2014-05-27 16:04 - 2014-05-27 13:42 - 00000512 _____ () C:\Users\jchamberlain\Desktop\MBR.dat
2014-05-27 13:40 - 2014-05-27 13:39 - 04745728 _____ (AVAST Software) C:\Users\jchamberlain\Desktop\aswMBR.exe
2014-05-27 13:26 - 2014-05-23 12:16 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-05-27 09:53 - 2013-08-05 16:53 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stop Motion Pro V7
2014-05-27 09:53 - 2011-09-02 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-05-26 20:32 - 2014-05-26 20:31 - 00131911 _____ () C:\Users\jchamberlain\Downloads\Bullying quiz ppt.zip
2014-05-26 19:57 - 2014-05-26 19:59 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-05-26 14:05 - 2014-05-26 14:05 - 00014777 _____ () C:\Users\jchamberlain\Downloads\sem1 yr11 exam ttable.xlsx
2014-05-26 13:58 - 2014-05-26 13:58 - 00015005 _____ () C:\Users\jchamberlain\Downloads\sem1 exam ttables (1).xlsx
2014-05-26 13:51 - 2014-05-26 13:50 - 00017141 _____ () C:\Users\jchamberlain\Downloads\sem1 exam ttables.xlsx
2014-05-26 11:34 - 2014-05-26 11:34 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Mozilla
2014-05-25 19:58 - 2014-05-25 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-25 14:59 - 2014-05-25 14:32 - 00000000 ____D () C:\ProgramData\AVG
2014-05-25 14:36 - 2014-05-25 14:36 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\AVG
2014-05-25 14:36 - 2014-05-25 14:36 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\AVG
2014-05-25 14:29 - 2014-05-25 14:28 - 70431144 _____ (AVG) C:\Users\jchamberlain\Downloads\avg_tuht_stf_all_2014_423.exe
2014-05-25 14:28 - 2014-05-25 13:09 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Avg2014
2014-05-25 13:40 - 2014-05-25 13:40 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\LavasoftStatistics
2014-05-25 13:31 - 2014-05-25 13:31 - 01727624 _____ () C:\Users\jchamberlain\Downloads\Adaware_Installer.exe
2014-05-25 13:31 - 2014-05-25 13:31 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-25 13:29 - 2014-05-25 13:29 - 22210632 _____ (Bitdefender LLC) C:\Users\jchamberlain\Downloads\RemovalToolUnifiedLauncher_tdl4_ext.exe
2014-05-25 13:18 - 2014-05-25 13:18 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\AVG2014
2014-05-25 13:17 - 2014-05-25 13:15 - 00000000 ____D () C:\ProgramData\AVG2014
2014-05-25 13:16 - 2014-05-25 13:16 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-05-25 13:16 - 2014-05-25 13:16 - 00000935 _____ () C:\ProgramData\Desktop\AVG 2014.lnk
2014-05-25 13:16 - 2013-12-03 15:11 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\TuneUp Software
2014-05-25 13:15 - 2014-05-25 13:15 - 00000000 ____D () C:\$AVG
2014-05-25 13:12 - 2014-05-25 13:12 - 21727312 _____ (Bitdefender LLC) C:\Users\jchamberlain\Downloads\RemovalToolUnifiedLauncher_sirefef.exe
2014-05-25 13:09 - 2014-05-25 13:09 - 04487232 _____ (AVG Technologies) C:\Users\jchamberlain\Downloads\avg_free_stb_all_2014_4592_free.exe
2014-05-25 13:09 - 2014-05-25 13:09 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\MFAData
2014-05-25 13:01 - 2014-05-25 13:01 - 00388267 _____ () C:\Users\jchamberlain\AppData\Local\census.cache
2014-05-25 13:00 - 2014-05-25 13:00 - 00192249 _____ () C:\Users\jchamberlain\AppData\Local\ars.cache
2014-05-25 12:20 - 2014-05-25 12:20 - 00000036 _____ () C:\Users\jchamberlain\AppData\Local\housecall.guid.cache
2014-05-25 12:19 - 2014-05-25 12:19 - 02002944 _____ (Trend Micro Inc.) C:\Users\jchamberlain\Downloads\HousecallLauncher.exe
2014-05-24 21:09 - 2014-05-24 21:09 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\jchamberlain\Downloads\tdsskiller.exe
2014-05-24 20:51 - 2009-07-14 12:37 - 00000000 __RHD () C:\Users\Default
2014-05-24 20:51 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\Public
2014-05-24 20:48 - 2014-05-24 20:20 - 00000000 ____D () C:\Windows\erdnt
2014-05-24 20:19 - 2014-05-24 20:19 - 05200426 ____R (Swearware) C:\Users\jchamberlain\Downloads\ComboFix.exe
2014-05-23 12:17 - 2014-05-23 12:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-23 12:16 - 2011-10-13 16:10 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-05-23 12:15 - 2014-05-23 12:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\jchamberlain\Downloads\SpyHunter-Installer.exe
2014-05-23 09:18 - 2014-05-23 09:18 - 00139102 _____ () C:\Users\jchamberlain\Downloads\PastedGraphic-2.tiff
2014-05-23 09:12 - 2014-05-23 09:12 - 00014691 _____ () C:\Users\jchamberlain\Downloads\sem1 yr12 exam ttable.xlsx
2014-05-22 17:38 - 2014-03-10 17:50 - 00000000 ____D () C:\Users\jchamberlain\Tracing
2014-05-22 17:36 - 2013-08-26 19:24 - 00000000 ____D () C:\Windows\Minidump
2014-05-22 17:36 - 2011-08-30 04:56 - 00000000 ____D () C:\Windows\Panther
2014-05-21 18:35 - 2014-05-21 18:35 - 00018867 _____ () C:\Users\jchamberlain\Desktop\house repay.xlsx
2014-05-21 12:51 - 2014-05-21 12:27 - 00573440 _____ () C:\Users\jchamberlain\Downloads\DVD Database for Year 8 (2).accdb
2014-05-21 12:28 - 2014-05-21 12:28 - 00524288 _____ () C:\Users\jchamberlain\Downloads\DVD Database for Year 8 (3).accdb
2014-05-18 12:15 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\rescache
2014-05-16 15:27 - 2014-05-15 16:46 - 00000000 ____D () C:\Users\jchamberlain\AppData\Local\Screencast-O-Matic
2014-05-16 15:19 - 2014-05-16 11:06 - 00000000 ____D () C:\My Recordings
2014-05-16 11:33 - 2009-07-14 12:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 11:02 - 2013-08-06 09:51 - 02425672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 10:53 - 2011-08-29 16:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-16 10:51 - 2011-09-02 10:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 10:42 - 2011-08-29 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-16 10:24 - 2014-05-16 10:24 - 00000956 _____ () C:\Users\jchamberlain\Desktop\FREE Hi-Q Recorder.lnk
2014-05-16 10:24 - 2014-05-16 10:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE Hi-Q Recorder
2014-05-16 10:24 - 2014-05-16 10:24 - 00000000 ____D () C:\Program Files\FREE Hi-Q Recorder
2014-05-16 10:23 - 2014-05-16 10:22 - 03101184 _____ () C:\Users\jchamberlain\Downloads\freehiqrec.exe
2014-05-15 21:07 - 2014-05-15 21:06 - 04539634 _____ () C:\Users\jchamberlain\Downloads\keyelementsofanoperationssystemindifferent-121105144226-phpapp01.pptx
2014-05-15 21:06 - 2014-05-15 21:06 - 00000000 ____D () C:\inovative-computer-room-8q3zipns1n0z
2014-05-15 20:48 - 2014-05-15 20:43 - 74498619 _____ () C:\inovative-computer-room-8q3zipns1n0z.zip
2014-05-15 16:52 - 2014-05-15 16:52 - 78401114 _____ () C:\Users\jchamberlain\Desktop\May15 0452.wmv
2014-05-15 16:46 - 2014-05-15 16:46 - 00000000 ____D () C:\Users\jchamberlain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2014-05-15 16:45 - 2014-05-15 16:45 - 28609640 _____ () C:\Users\jchamberlain\Downloads\InstallScreencastOMatic-v1.4.exe
2014-05-15 10:57 - 2014-05-15 10:57 - 00013123 _____ () C:\Users\jchamberlain\Downloads\NAPLAN ttable 2014 (1).xlsx
2014-05-15 09:21 - 2013-08-05 11:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 09:21 - 2011-08-29 15:33 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\jchamberlain\AppData\Local\Temp\closeui.exe
C:\Users\jchamberlain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvem7y.dll
C:\Users\jchamberlain\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\jchamberlain\AppData\Local\Temp\Quarantine.exe
C:\Users\jchamberlain\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\jchamberlain\AppData\Local\Temp\srtUnin.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-09 17:17
 
==================== End Of Log ============================
 


#6 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 13 June 2014 - 09:25 PM

Have attached addition.txt

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 14 June 2014 - 09:12 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
ShortcutTarget: PaperCut.lnk -> \\ps\PCClient\win\pc-client.exe (No File)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
S3 catchme; \??\C:\Users\JCHAMB~1\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 STI2303X; \SystemRoot\System32\Drivers\STI2303X.sys [X]
C:\Users\jchamberlain\AppData\Local\Temp\closeui.exe
C:\Users\jchamberlain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvem7y.dll
C:\Users\jchamberlain\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\jchamberlain\AppData\Local\Temp\Quarantine.exe
C:\Users\jchamberlain\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\jchamberlain\AppData\Local\Temp\srtUnin.dll
Task: {A72C10D8-5785-444B-BE40-33E539223707} - \WPD\SqmUpload_S-1-5-21-1787998975-794508736-3345908659-500 No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what problem persists.

#8 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 14 June 2014 - 05:41 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014 02
Ran by jchamberlain at 2014-06-15 08:31:53 Run:1
Running from C:\Users\jchamberlain\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
ShortcutTarget: PaperCut.lnk -> \\ps\PCClient\win\pc-client.exe (No File)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
S3 catchme; \??\C:\Users\JCHAMB~1\AppData\Local\Temp\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 STI2303X; \SystemRoot\System32\Drivers\STI2303X.sys [X]
C:\Users\jchamberlain\AppData\Local\Temp\closeui.exe
C:\Users\jchamberlain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvem7y.dll
C:\Users\jchamberlain\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\jchamberlain\AppData\Local\Temp\Quarantine.exe
C:\Users\jchamberlain\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\jchamberlain\AppData\Local\Temp\srtUnin.dll
Task: {A72C10D8-5785-444B-BE40-33E539223707} - \WPD\SqmUpload_S-1-5-21-1787998975-794508736-3345908659-500 No Task File <==== ATTENTION
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
ShortcutTarget: PaperCut.lnk -> \\ps\PCClient\win\pc-client.exe (No File) not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}' => Key deleted successfully.
'HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}' => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => value deleted successfully.
'HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}' => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\fmconverter@gmail.com => value deleted successfully.
C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ => Moved successfully.
catchme => Service deleted successfully.
esgiguard => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
STI2303X => Service deleted successfully.
C:\Users\jchamberlain\AppData\Local\Temp\closeui.exe => Moved successfully.
C:\Users\jchamberlain\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvem7y.dll => Moved successfully.
C:\Users\jchamberlain\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\jchamberlain\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\jchamberlain\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\jchamberlain\AppData\Local\Temp\srtUnin.dll => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A72C10D8-5785-444B-BE40-33E539223707}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A72C10D8-5785-444B-BE40-33E539223707}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1787998975-794508736-3345908659-500' => Key deleted successfully.
 
==== End of Fixlog ====


#9 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 14 June 2014 - 05:53 PM

Results of screen317's Security Check version 0.99.84  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
Ad-Aware Antivirus                
Symantec Endpoint Protection      
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 CCleaner     
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 6.0 Firefox out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.2.5952.0\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.2.5952.0\AdAwareTray.exe 
 Stronghold AntiMalware StrongholdAntiMalwareService.exe   
 Stronghold AntiMalware StrongholdAntiMalware.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log`````````````````````` 


#10 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 15 June 2014 - 03:02 AM

sadly I still have the problem!!

 

gvyrfgvyrfthe children  - this happened in while I was googling!



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 15 June 2014 - 08:01 AM

For now let see if Google/Chrome is the issues.

I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

Keep me posted.

#12 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 17 June 2014 - 05:35 AM

Still have the problems!!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 17 June 2014 - 07:04 AM

Perform a Clean Startup.
You might be able to find out what problem is causing this.

Follow the instructions on this page.
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

+++

p.s.
Do you run a child security program?

#14 jm6chamb

jm6chamb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 18 June 2014 - 05:06 AM

gvyrfcgvyrcfhgvyrf No I dont run child security



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 18 June 2014 - 09:05 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======


I do not think that this is caused by malware.

By performing a Clean Startup you may be able to find out if a running program is causing this issues.
Follow the instructions on this page.
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users