Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infection mimicing Avast! - but removed avast and other virus protections


  • This topic is locked This topic is locked
50 replies to this topic

#1 spudnud

spudnud

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 09 June 2014 - 10:57 PM

I got a pop up that said my virus protection found a bad toolbar and wanted to remove it.  After that my computer kept rebooting.  Finally I was able to debug the boot up and was able to finally use my computer.  My firefox was disabled, so was Maleware Bytes, Avast, and other programs.  I was able to reinstall Maleware Bytes which found one virus (pup.optional.sweetIM.a).  I wasn't able to reinstall Avast! so I installed AVG which didn't find any viruses.  My kids have been using my computer lately and I've had to remove other viruses they accidentally installed.  At this point, I'm pretty sure I still have a problem. 

 

Thank you in advance for your help!

 

DDS Log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by Heather at 21:46:31 on 2014-06-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3055.809 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG2014\Tuneup\TUMICR~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "c:\users\heather\appdata\local\akamai\netsession_win.exe"
uRun: [SmileboxTray] "c:\users\heather\appdata\roaming\smilebox\SmileboxTray.exe"
uRun: [Amazon Cloud Player] "c:\users\heather\appdata\local\amazon cloud player\Amazon Music Helper.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
Trusted Zone: realtyjuggler.com
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.222.222 208.67.220.220 192.168.1.1
TCP: Interfaces\{B25A161D-E0B0-404C-9A44-D67FC80BF4D5} : DHCPNameServer = 208.67.222.222 208.67.220.220 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-6-24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-6-24 180632]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 27416]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-9-24 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-9-24 12464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-12-22 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-12-22 411680]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-5-13 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 210200]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-30 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-22 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-20 68312]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-9 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-9 860472]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-3 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-9 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-6-9 51928]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 avast! Antivirus;avast! Antivirus;"c:\program files\avast software\avast\avastsvc.exe" --> c:\program files\avast software\avast\AvastSvc.exe [?]
S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe --> c:\program files\brother\bradmin professional 3\bratimer.exe [?]
S2 c2cautoupdatesvc;Skype Click to Call Updater;"c:\program files\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe" /service --> c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [?]
S2 c2cpnrsvc;Skype Click to Call PNR Service;"c:\program files\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe" /service --> c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 CrashPlanService;CrashPlan Backup Service;"c:\program files\crashplan\crashplanservice.exe" --> c:\program files\crashplan\CrashPlanService.exe [?]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;"c:\program files\common files\intuit\update service v4\intuitupdateservice.exe" --> c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [?]
S2 Seagate Dashboard Services;Seagate Dashboard Services;"c:\program files\seagate\seagate dashboard 2.0\seagate.dashboard.daswindowsservice.exe" --> c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe --> c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [?]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\western digital\wd drive manager\wdbtnmgrsvc.exe" --> c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [?]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-5-29 49664]
S3 fsssvc;Windows Live Family Safety Service;"c:\program files\windows live\family safety\fsssvc.exe" --> c:\program files\windows live\family safety\fsssvc.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-12 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;"c:\program files\common files\adobe\switchboard\switchboard.exe" --> c:\program files\common files\adobe\switchboard\SwitchBoard.exe [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-30 1343400]
.
=============== Created Last 30 ================
.
2014-06-10 02:49:19 388096 ----a-r- c:\users\heather\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-06-10 02:49:19 -------- d-----w- c:\program files\Trend Micro
2014-06-10 02:42:11 -------- d-----w- c:\users\heather\appdata\roaming\AVG2014
2014-06-10 02:41:37 -------- d-----w- c:\users\heather\appdata\roaming\TuneUp Software
2014-06-10 02:40:38 -------- d--h--w- C:\$AVG
2014-06-10 02:40:38 -------- d-----w- c:\programdata\AVG2014
2014-06-10 02:40:06 -------- d-----w- c:\program files\AVG
2014-06-10 01:51:11 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-10 01:50:55 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-10 01:50:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-10 01:50:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-10 01:23:22 -------- d-----w- c:\users\heather\appdata\local\MFAData
2014-06-10 01:23:22 -------- d-----w- c:\users\heather\appdata\local\Avg2014
2014-06-10 01:23:22 -------- d-----w- c:\programdata\MFAData
2014-06-10 01:03:46 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-06-09 23:49:15 -------- d-sh--w- c:\users\heather\appdata\local\EmieUserList
2014-06-09 23:49:15 -------- d-sh--w- c:\users\heather\appdata\local\EmieSiteList
2014-06-06 10:40:48 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ea955dc6-8c99-4405-90ef-151c48463dc2}\offreg.dll
2014-06-06 09:59:07 8073384 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ea955dc6-8c99-4405-90ef-151c48463dc2}\mpengine.dll
2014-06-01 01:23:59 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-14 09:00:47 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-13 20:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 20:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 20:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 20:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 20:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 20:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 20:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 20:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-05-13 03:56:43 -------- d-----w- c:\users\heather\appdata\local\Skype
.
==================== Find3M  ====================
.
2014-05-15 15:35:08 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 15:35:08 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-14 09:01:12 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 09:01:12 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 13:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-01 03:34:59 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-01 03:34:58 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-01 03:34:58 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400168108172
2014-05-01 03:34:58 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-01 03:34:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-01 03:34:58 43152 ----a-w- c:\windows\avastSS.scr
2014-05-01 03:34:58 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400168108172
2014-05-01 03:34:58 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-15 08:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 15:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:46:57.40 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:45 AM

Posted 10 June 2014 - 02:28 AM

Hello and Welcome on board spudnud :welcome:,
 
my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:
 
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 10 June 2014 - 07:50 PM

Thanks for helping me.  Here is the txt files you asked for:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014
Ran by Heather (administrator) on HEATHER-PC on 10-06-2014 18:43:19
Running from C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIZJKIAC
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Smilebox, Inc.) C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe
() C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Akamai Technologies, Inc) C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc) C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe [3329824 2012-02-02] (Akamai Technologies, Inc)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [SmileboxTray] => C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe [317736 2013-11-04] (Smilebox, Inc.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Amazon Cloud Player] => C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\MountPoints2: {6b69b226-1ccf-11e1-a5d9-00215ac3682f} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06FF198DF93DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.smilebox.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10040&barid={9CBCE4B8-C923-11E2-B688-00215AC3682F}
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.smilebox.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10040&barid={9CBCE4B8-C923-11E2-B688-00215AC3682F}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Winsock: Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Heather\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF SearchPlugin: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\searchplugins\bing-avast.xml
FF Extension: SlingHealth - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\Extensions\slinghealth@slingmedia.com [2011-12-21]
FF Extension: WebSlingPlayer - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-08-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-06-09]

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: "hxxp://www.msn.com/?pc=AV01"
CHR DefaultSearchKeyword: start.sweetpacks.com
CHR DefaultSearchProvider: Smilebox powered by Bing
CHR DefaultSearchURL: http://start.smilebox.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10040&barid={9CBCE4B8-C923-11E2-B688-00215AC3682F}
CHR DefaultNewTabURL:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-21]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-25]
CHR Extension: (Skype Click to Call) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-17]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2012-06-25]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [X]
S2 c2cautoupdatesvc; "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [X]
S3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [X]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [X]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [X]
S3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [X]
S2 Seagate Dashboard Services; "C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe" [X]
S2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [X]
S3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S2 WDBtnMgrSvc.exe; "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [X]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-30] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-01-21] (Duplex Secure Ltd.)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]
U3 mbr; \??\C:\Users\Heather\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-10 18:43 - 2014-06-10 18:43 - 00000000 ____D () C:\FRST
2014-06-09 21:47 - 2014-06-09 21:47 - 00013430 _____ () C:\Users\Heather\Desktop\attach.txt
2014-06-09 21:47 - 2014-06-09 21:46 - 00017330 _____ () C:\Users\Heather\Desktop\dds.txt
2014-06-09 20:49 - 2014-06-09 20:49 - 00002973 _____ () C:\Users\Heather\Desktop\HiJackThis.lnk
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-09 20:42 - 2014-06-09 20:42 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\AVG2014
2014-06-09 20:41 - 2014-06-09 20:41 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\TuneUp Software
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-09 20:40 - 2014-06-09 20:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ___HD () C:\$AVG
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ____D () C:\Program Files\AVG
2014-06-09 20:30 - 2014-06-09 20:31 - 94714880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-06-09 19:51 - 2014-06-10 15:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 19:50 - 2014-06-09 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2014-06-09 19:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-09 19:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-09 19:23 - 2014-06-10 17:48 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-09 19:23 - 2014-06-09 20:45 - 00000000 ____D () C:\Users\Heather\AppData\Local\Avg2014
2014-06-09 19:23 - 2014-06-09 19:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\MFAData
2014-06-09 19:04 - 2014-06-09 19:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-09 17:59 - 2014-06-09 17:59 - 00918672 _____ (Google Inc.) C:\Users\Heather\Downloads\GoogleToolbarSetup.exe
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-05-31 19:24 - 2014-05-31 19:23 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 19:23 - 2014-06-09 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 19:20 - 2014-05-31 19:20 - 00918952 _____ (Oracle Corporation) C:\Users\Heather\Downloads\jxpiinstall.exe
2014-05-31 19:18 - 2014-05-31 19:19 - 00003995 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-14 03:00 - 2014-05-05 21:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 03:00 - 2014-05-05 21:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 03:00 - 2014-05-05 20:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-13 22:20 - 2014-05-09 01:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-13 22:20 - 2014-05-09 01:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-13 22:20 - 2014-04-11 20:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 22:20 - 2014-04-11 20:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 22:20 - 2014-04-11 20:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 22:20 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 22:20 - 2014-04-11 20:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 22:20 - 2014-04-11 20:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 22:20 - 2014-04-11 20:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 22:20 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 22:20 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-13 22:20 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 22:20 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 22:20 - 2014-03-04 03:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 21:56 - 2014-05-12 21:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\Skype
2014-05-12 21:56 - 2014-05-12 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-12 21:56 - 2014-05-12 21:56 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2014-06-10 18:43 - 2014-06-10 18:43 - 00000000 ____D () C:\FRST
2014-06-10 18:43 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather\AppData\Local\Temp
2014-06-10 18:04 - 2011-12-01 12:55 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 18:04 - 2011-12-01 12:55 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 18:01 - 2012-04-12 07:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 17:48 - 2014-06-09 19:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-10 15:48 - 2014-06-09 19:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 14:28 - 2011-12-24 00:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\Akamai
2014-06-10 03:31 - 2009-07-13 22:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 03:31 - 2009-07-13 22:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 03:26 - 2011-11-22 15:38 - 02007117 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 21:47 - 2014-06-09 21:47 - 00013430 _____ () C:\Users\Heather\Desktop\attach.txt
2014-06-09 21:46 - 2014-06-09 21:47 - 00017330 _____ () C:\Users\Heather\Desktop\dds.txt
2014-06-09 21:46 - 2012-01-03 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-09 21:46 - 2011-12-31 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-06-09 21:45 - 2014-05-31 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-09 21:45 - 2013-08-14 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-09 21:45 - 2013-05-29 07:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-09 21:45 - 2012-08-31 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-06-09 21:45 - 2011-12-24 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-06-09 21:45 - 2011-12-21 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-06-09 21:35 - 2012-06-24 23:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-09 20:49 - 2014-06-09 20:49 - 00002973 _____ () C:\Users\Heather\Desktop\HiJackThis.lnk
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-09 20:45 - 2014-06-09 19:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\Avg2014
2014-06-09 20:42 - 2014-06-09 20:42 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\AVG2014
2014-06-09 20:42 - 2014-06-09 20:40 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-09 20:41 - 2014-06-09 20:41 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\TuneUp Software
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ___HD () C:\$AVG
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ____D () C:\Program Files\AVG
2014-06-09 20:31 - 2014-06-09 20:30 - 94714880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-06-09 20:31 - 2011-11-29 23:07 - 00176624 _____ () C:\Users\Heather\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 20:29 - 2013-11-27 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-09 20:00 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-09 19:50 - 2014-06-09 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2014-06-09 19:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2012-03-22 09:34 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 19:50 - 2012-01-03 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 19:49 - 2011-12-01 12:54 - 00000000 ____D () C:\Users\Heather\AppData\Local\Google
2014-06-09 19:49 - 2011-12-01 12:54 - 00000000 ____D () C:\Program Files\Google
2014-06-09 19:45 - 2011-11-29 19:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-09 19:45 - 2011-11-29 19:26 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-09 19:45 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-09 19:45 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2014-06-09 19:44 - 2014-03-15 11:32 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-06-09 19:44 - 2014-03-15 11:32 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-06-09 19:44 - 2014-03-15 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-06-09 19:43 - 2011-12-01 12:55 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-09 19:42 - 2011-12-01 12:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-09 19:40 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-09 19:39 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 19:39 - 2009-07-13 22:34 - 00027648 _____ () C:\Windows\system32\umstartup.etl
2014-06-09 19:23 - 2014-06-09 19:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\MFAData
2014-06-09 19:09 - 2011-11-29 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-09 19:07 - 2014-05-10 14:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 19:07 - 2012-07-22 15:19 - 00000000 ___RD () C:\Program Files\Skype
2014-06-09 19:07 - 2011-12-21 11:50 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-06-09 19:04 - 2014-06-09 19:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-09 17:59 - 2014-06-09 17:59 - 00918672 _____ (Google Inc.) C:\Users\Heather\Downloads\GoogleToolbarSetup.exe
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-06-09 17:47 - 2012-09-11 22:43 - 00000000 ____D () C:\Program Files\frontlinesms2
2014-06-09 17:47 - 2011-12-22 14:09 - 00000000 ____D () C:\Program Files\Java
2014-06-09 17:47 - 2011-11-29 23:23 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-06-09 17:47 - 2009-07-13 22:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-09 17:46 - 2011-12-01 12:55 - 00000000 ____D () C:\Program Files\Adobe
2014-06-09 17:46 - 2011-11-30 19:53 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-06-09 02:00 - 2011-12-01 12:55 - 00000000 ____D () C:\Users\Heather\AppData\Local\Adobe
2014-06-01 07:23 - 2012-11-19 04:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-31 19:24 - 2013-12-01 23:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 19:23 - 2014-05-31 19:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 19:20 - 2014-05-31 19:20 - 00918952 _____ (Oracle Corporation) C:\Users\Heather\Downloads\jxpiinstall.exe
2014-05-31 19:19 - 2014-05-31 19:18 - 00003995 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-27 23:09 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather\AppData\Local\VirtualStore
2014-05-27 12:21 - 2013-11-16 18:34 - 00000000 ____D () C:\Users\Heather\AppData\Local\0B68D9BD-3702-4929-B2D2-A7AD417E444C.aplzod
2014-05-27 12:21 - 2011-11-29 23:26 - 00000000 ____D () C:\Users\Heather\Documents\Outlook Files
2014-05-21 22:28 - 2011-12-07 14:40 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-05-19 21:40 - 2014-03-15 11:32 - 00001996 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-15 09:35 - 2014-01-20 13:58 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 09:35 - 2011-12-22 11:57 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 09:35 - 2011-12-22 11:57 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 19:27 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather
2014-05-14 04:01 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-05-14 03:22 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 03:04 - 2013-08-14 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 03:02 - 2011-11-29 19:27 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 03:01 - 2012-04-12 07:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 03:01 - 2011-11-22 14:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-05-12 21:56 - 2014-05-12 21:56 - 00000000 ____D () C:\Users\Heather\AppData\Local\Skype
2014-05-12 21:56 - 2014-05-12 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-12 21:56 - 2014-05-12 21:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-12 21:56 - 2012-07-22 15:19 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-12 21:56 - 2012-07-22 15:19 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Skype
2014-05-12 21:56 - 2012-07-22 15:19 - 00000000 ____D () C:\ProgramData\Skype
2014-05-12 21:50 - 2013-05-30 06:22 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Smilebox
2014-05-12 07:26 - 2014-06-09 19:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-09 19:50 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2012-01-03 12:57 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 00:08

==================== End Of Log ============================

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-06-2014
Ran by Heather at 2014-06-10 18:44:00
Running from C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIZJKIAC
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe CS6 Design and Web Premium (HKLM\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - )
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
Color LaserJet 2600n (HKLM\...\HP-Color LaserJet 2600n) (Version:  - )
CrashPlan (HKLM\...\{CCA059DE-71F7-4E05-8AF2-0DA4A7949794}) (Version: 3.4.1 - CrashPlan)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EZ Fonts (HKLM\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
GIRDAC Port (HKLM\...\GIRDAC Port) (Version:  - )
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LightScribe System Software (HKLM\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM\...\{797511D8-6C88-4605-B278-552756A3D4C3}) (Version: 2.8.4431.2 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero Backup Drivers (HKLM\...\{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}) (Version: 1.0.11100.8.0 - Nero AG)
Nikon File Uploader 2 (HKLM\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.0.2 - Nikon)
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697 - NVIDIA Corporation) Hidden
PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0814 - ScanSoft, Inc.)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.2 - Nikon)
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealtyJuggler Desktop (HKLM\...\{3149E342-7991-4807-9067-D32FE743CC52}) (Version: 1.0.3 - RealOrganized, Inc.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Seagate Dashboard 2.0 (HKLM\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.29.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smilebox (HKCU\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
TurboTax 2013 WinPerFedFormset (Version: 013.000.1911 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax 2013 wutiper (Version: 013.000.1195 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
ViewNX 2 (HKLM\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.0.2 - Nikon)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Drive Manager (x86) (HKLM\...\{813EE1F0-D251-4F98-AC91-9B98CF22717E}) (Version: 2.115 - Western Digital)
WD FAT32 Formatter (HKLM\...\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}) (Version: 2.0.0 - Western Digital Corp)
WebSlingPlayer ActiveX (HKLM\...\{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}) (Version: 1.5.7158 - Sling Media)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

09-06-2014 01:00:42 Windows Backup
10-06-2014 02:39:45 Installed AVG 2014
10-06-2014 02:40:11 Installed AVG 2014
10-06-2014 02:48:53 Installed HiJackThis

==================== Hosts content: ==========================

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1EE0CEE9-DF2F-4A4A-85DD-1EB6297A8CBC} - System32\Tasks\Heather1 => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {2750F7DE-6051-40C8-87EB-F9DEEEB9E427} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-09] (Google Inc.)
Task: {3D189ABF-04ED-4776-8A87-E27A4C9BDE77} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {669E5B6C-5847-4526-92C5-8C1E523B6771} - System32\Tasks\{D4A29ED2-92BC-42B1-8807-E955BB638F3F} => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {7BDE42E1-B1CC-4EAA-93ED-3DF281CEC7F3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {C4E44486-4388-4D95-A565-87EA32409A18} - System32\Tasks\Heather => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: {C556F06B-70DE-4B57-8748-02A2E0F4A0D1} - System32\Tasks\NCH Software\expresszipShakeIcon => C:\Program Files\NCH Software\ExpressZip\ExpressZip.exe
Task: {CCB2E1E8-90A7-4C74-AF74-2E9E098BF0FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-09] (Google Inc.)
Task: {CE5F3364-2841-40FA-B2F7-F16CA9A722E7} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {D76867F4-C6F7-48CE-A0B3-0330BF3826B0} - System32\Tasks\Heather DBAgent 2 0 => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: {EB2A2DB1-60C6-457C-8FA1-E5CA6821168F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F5CE75BF-CD8B-4E17-BBE3-058B18F854C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {FFC573D9-8D39-4679-89AB-6AF7B06B72FB} - System32\Tasks\AdobeAAMUpdater-1.0-Heather-PC-Heather => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-08 18:06 - 2013-11-24 11:56 - 03139072 _____ () C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Seagate Central NAS 1D
Description: Seagate Central NAS 1D
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2014 02:28:04 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/10/2014 02:27:44 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/10/2014 09:31:40 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/10/2014 09:31:19 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/10/2014 04:33:24 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/10/2014 04:33:04 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/09/2014 11:41:29 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/09/2014 11:41:09 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (06/09/2014 07:41:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 07:41:33 PM) (Source: MsiInstaller) (EventID: 11500) (User: Heather-PC)
Description: Product: Microsoft Office Proof (French) 2010 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.

System errors:
=============
Error: (06/09/2014 07:42:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WD Drive Manager Service service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CrashPlan Backup Service service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call PNR Service service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error:
%%2

Error: (06/09/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Brother BRAdminPro Scheduler service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (06/10/2014 02:28:04 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2014 02:27:44 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2014 09:31:40 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2014 09:31:19 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2014 04:33:24 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2014 04:33:04 AM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 11:41:29 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 11:41:09 PM) (Source: MsiInstaller) (EventID: 11310) (User: Heather-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Heather\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/09/2014 07:41:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 07:41:33 PM) (Source: MsiInstaller) (EventID: 11500) (User: Heather-PC)
Description: Product: Microsoft Office Proof (French) 2010 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)

CodeIntegrity Errors:
===================================
  Date: 2012-06-25 06:56:34.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:51:53.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:47:10.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:42:28.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:37:53.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:33:13.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:28:26.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:23:39.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:18:57.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-06-25 06:14:22.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3055.34 MB
Available physical RAM: 1529.54 MB
Total Pagefile: 6108.97 MB
Available Pagefile: 4144.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.01 GB) (Free:21.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:10.04 GB) (Free:5.23 GB) NTFS
Drive f: (My Book) (Fixed) (Total:931.5 GB) (Free:599.67 GB) NTFS
Drive g: (Public) (Network) (Total:3706.37 GB) (Free:3187.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: FFC3FFC3)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
Partition 1: (Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: B9CA1481)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:45 AM

Posted 11 June 2014 - 03:10 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 12 June 2014 - 09:37 PM

Adware Cleaner:

# AdwCleaner v3.212 - Report created 12/06/2014 at 20:32:10
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Heather - HEATHER-PC
# Running from : C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIZJKIAC\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Heather\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\prefs.js ]

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v35.0.1916.153

*************************

AdwCleaner[R0].txt - [5887 octets] - [12/06/2014 20:24:39]
AdwCleaner[S0].txt - [5701 octets] - [12/06/2014 20:32:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5761 octets] ##########



#6 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 12 June 2014 - 10:22 PM

MalwareBytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/12/2014
Scan Time: 8:39:50 PM
Logfile: MWAB.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.13.01
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Heather

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273026
Time Elapsed: 7 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Junkware:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Heather on Thu 06/12/2014 at 21:11:03.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\Heather\AppData\Roaming\mozilla\firefox\profiles\c8e37c61.default\minidumps [122 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/12/2014 at 21:15:52.52
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 12 June 2014 - 10:26 PM

Step 4 completed:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by Heather (administrator) on HEATHER-PC on 12-06-2014 21:25:04
Running from C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUOQ5WSD
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Akamai Technologies, Inc) C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
(Smilebox, Inc.) C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe
() C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Akamai Technologies, Inc) C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUOQ5WSD\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe [3329824 2012-02-02] (Akamai Technologies, Inc)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [SmileboxTray] => C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe [317736 2013-11-04] (Smilebox, Inc.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Amazon Cloud Player] => C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\MountPoints2: {6b69b226-1ccf-11e1-a5d9-00215ac3682f} - G:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06FF198DF93DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Winsock: Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Heather\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF SearchPlugin: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\searchplugins\bing-avast.xml
FF Extension: SlingHealth - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\Extensions\slinghealth@slingmedia.com [2011-12-21]
FF Extension: WebSlingPlayer - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-08-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-06-09]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [X]
S2 c2cautoupdatesvc; "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [X]
S3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [X]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [X]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [X]
S3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [X]
S2 Seagate Dashboard Services; "C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe" [X]
S2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [X]
S3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S2 WDBtnMgrSvc.exe; "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [X]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-30] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-06-12] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-01-21] () [File not signed]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-12 21:06 - 2014-06-12 21:06 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 21:05 - 2014-06-12 21:05 - 00001084 _____ () C:\MWAB.txt
2014-06-12 20:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-12 20:24 - 2014-06-12 20:32 - 00000000 ____D () C:\AdwCleaner
2014-06-12 20:20 - 2014-06-12 20:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar
2014-06-12 20:20 - 2014-06-12 20:19 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-06-11 05:51 - 2014-06-12 21:08 - 00000168 _____ () C:\Windows\setupact.log
2014-06-11 05:51 - 2014-06-12 20:33 - 00002180 _____ () C:\Windows\PFRO.log
2014-06-10 23:16 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 23:16 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 23:16 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 23:16 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 23:16 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 23:16 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 23:16 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 23:16 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 23:16 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 23:16 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 23:16 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 23:16 - 2014-05-30 02:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 23:16 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 23:16 - 2014-05-30 02:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 23:16 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 23:16 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 23:16 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 23:16 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 23:16 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 23:16 - 2014-05-30 01:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 23:16 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 23:16 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 23:16 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 23:16 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 23:16 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 23:16 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 23:16 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 23:16 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 23:15 - 2014-06-08 02:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 23:15 - 2014-06-08 02:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 23:15 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 23:15 - 2014-04-04 20:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 23:15 - 2014-04-04 20:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 23:15 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 23:15 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 23:15 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 23:15 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 22:22 - 2014-06-10 22:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 22:22 - 2014-06-10 22:22 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 18:43 - 2014-06-12 21:25 - 00000000 ____D () C:\FRST
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-09 20:42 - 2014-06-09 20:42 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\AVG2014
2014-06-09 20:41 - 2014-06-09 20:41 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\TuneUp Software
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-09 20:40 - 2014-06-09 20:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ___HD () C:\$AVG
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ____D () C:\Program Files\AVG
2014-06-09 20:30 - 2014-06-09 20:31 - 94714880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-06-09 19:51 - 2014-06-12 21:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 19:50 - 2014-06-12 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2014-06-12 20:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-09 19:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-09 19:23 - 2014-06-12 17:36 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-09 19:23 - 2014-06-09 20:45 - 00000000 ____D () C:\Users\Heather\AppData\Local\Avg2014
2014-06-09 19:23 - 2014-06-09 19:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\MFAData
2014-06-09 19:04 - 2014-06-09 19:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-09 17:59 - 2014-06-09 17:59 - 00918672 _____ (Google Inc.) C:\Users\Heather\Downloads\GoogleToolbarSetup.exe
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-05-31 19:24 - 2014-05-31 19:23 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 19:23 - 2014-06-09 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 19:20 - 2014-05-31 19:20 - 00918952 _____ (Oracle Corporation) C:\Users\Heather\Downloads\jxpiinstall.exe
2014-05-31 19:18 - 2014-05-31 19:19 - 00003995 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-13 22:20 - 2014-04-11 20:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-13 22:20 - 2014-04-11 20:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-13 22:20 - 2014-04-11 20:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-13 22:20 - 2014-04-11 20:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-13 22:20 - 2014-04-11 20:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-13 22:20 - 2014-04-11 20:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-13 22:20 - 2014-04-11 20:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-13 22:20 - 2014-03-24 20:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-13 22:20 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-13 22:20 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-13 22:20 - 2014-03-04 03:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-13 22:20 - 2014-03-04 03:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-13 22:20 - 2014-03-04 03:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-06-12 21:25 - 2014-06-10 18:43 - 00000000 ____D () C:\FRST
2014-06-12 21:25 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather\AppData\Local\Temp
2014-06-12 21:15 - 2009-07-13 22:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 21:15 - 2009-07-13 22:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 21:10 - 2014-06-09 19:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 21:10 - 2011-12-01 12:55 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 21:08 - 2014-06-11 05:51 - 00000168 _____ () C:\Windows\setupact.log
2014-06-12 21:08 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 21:06 - 2014-06-12 21:06 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 21:06 - 2011-11-22 15:38 - 01146632 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 21:05 - 2014-06-12 21:05 - 00001084 _____ () C:\MWAB.txt
2014-06-12 21:04 - 2011-12-01 12:55 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 21:01 - 2012-04-12 07:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 20:38 - 2014-06-09 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 20:38 - 2014-06-09 19:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-12 20:38 - 2012-03-22 09:34 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 20:33 - 2014-06-12 20:20 - 00000000 ____D () C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar
2014-06-12 20:33 - 2014-06-11 05:51 - 00002180 _____ () C:\Windows\PFRO.log
2014-06-12 20:32 - 2014-06-12 20:24 - 00000000 ____D () C:\AdwCleaner
2014-06-12 20:19 - 2014-06-12 20:20 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-06-12 18:11 - 2011-12-24 00:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\Akamai
2014-06-12 17:36 - 2014-06-09 19:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-11 06:33 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-06-11 05:51 - 2011-12-01 12:54 - 00000000 ____D () C:\Program Files\Google
2014-06-11 05:51 - 2009-07-13 22:33 - 03929328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-11 03:19 - 2009-07-13 22:34 - 00036864 _____ () C:\Windows\system32\umstartup.etl
2014-06-11 03:18 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 03:03 - 2011-11-29 19:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:02 - 2013-08-14 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:01 - 2011-11-29 19:27 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 02:00 - 2011-12-01 12:55 - 00000000 ____D () C:\Users\Heather\AppData\Local\Adobe
2014-06-10 22:22 - 2014-06-10 22:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 22:22 - 2014-06-10 22:22 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 22:22 - 2011-12-01 12:55 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-10 22:22 - 2011-12-01 12:55 - 00000000 ____D () C:\Program Files\Adobe
2014-06-10 22:20 - 2010-11-20 15:01 - 00803042 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 21:46 - 2012-01-03 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-09 21:46 - 2011-12-31 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-06-09 21:45 - 2014-05-31 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-09 21:45 - 2013-08-14 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-09 21:45 - 2013-05-29 07:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-09 21:45 - 2012-08-31 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-06-09 21:45 - 2011-12-24 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-06-09 21:45 - 2011-12-21 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-06-09 21:35 - 2012-06-24 23:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-09 20:49 - 2014-06-09 20:49 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-09 20:45 - 2014-06-09 19:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\Avg2014
2014-06-09 20:42 - 2014-06-09 20:42 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\AVG2014
2014-06-09 20:42 - 2014-06-09 20:40 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-09 20:41 - 2014-06-09 20:41 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\TuneUp Software
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ___HD () C:\$AVG
2014-06-09 20:40 - 2014-06-09 20:40 - 00000000 ____D () C:\Program Files\AVG
2014-06-09 20:31 - 2014-06-09 20:30 - 94714880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-06-09 20:31 - 2011-11-29 23:07 - 00176624 _____ () C:\Users\Heather\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 20:29 - 2013-11-27 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-09 20:00 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-09 19:50 - 2012-01-03 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 19:49 - 2011-12-01 12:54 - 00000000 ____D () C:\Users\Heather\AppData\Local\Google
2014-06-09 19:45 - 2011-11-29 19:26 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-09 19:45 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-09 19:45 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2014-06-09 19:44 - 2014-03-15 11:32 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-06-09 19:44 - 2014-03-15 11:32 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-06-09 19:44 - 2014-03-15 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-06-09 19:42 - 2011-12-01 12:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-09 19:40 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-09 19:23 - 2014-06-09 19:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\MFAData
2014-06-09 19:09 - 2011-11-29 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-09 19:07 - 2014-05-10 14:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 19:07 - 2012-07-22 15:19 - 00000000 ___RD () C:\Program Files\Skype
2014-06-09 19:07 - 2011-12-21 11:50 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-06-09 19:04 - 2014-06-09 19:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-09 17:59 - 2014-06-09 17:59 - 00918672 _____ (Google Inc.) C:\Users\Heather\Downloads\GoogleToolbarSetup.exe
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-06-09 17:47 - 2012-09-11 22:43 - 00000000 ____D () C:\Program Files\frontlinesms2
2014-06-09 17:47 - 2011-12-22 14:09 - 00000000 ____D () C:\Program Files\Java
2014-06-09 17:47 - 2011-11-29 23:23 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-06-09 17:47 - 2009-07-13 22:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-09 17:46 - 2011-11-30 19:53 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-06-08 02:48 - 2014-06-10 23:15 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 02:43 - 2014-06-10 23:15 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-01 07:23 - 2012-11-19 04:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-31 19:24 - 2013-12-01 23:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 19:23 - 2014-05-31 19:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 19:20 - 2014-05-31 19:20 - 00918952 _____ (Oracle Corporation) C:\Users\Heather\Downloads\jxpiinstall.exe
2014-05-31 19:19 - 2014-05-31 19:18 - 00003995 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 03:18 - 2014-06-10 23:16 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 03:02 - 2014-06-10 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 03:02 - 2014-06-10 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 02:44 - 2014-06-10 23:16 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 02:43 - 2014-06-10 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 02:42 - 2014-06-10 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 02:38 - 2014-06-10 23:16 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 02:34 - 2014-06-10 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 02:33 - 2014-06-10 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 02:30 - 2014-06-10 23:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 02:28 - 2014-06-10 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 02:28 - 2014-06-10 23:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 02:27 - 2014-06-10 23:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 02:21 - 2014-06-10 23:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 02:16 - 2014-06-10 23:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 02:10 - 2014-06-10 23:16 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 02:06 - 2014-06-10 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 02:04 - 2014-06-10 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 02:02 - 2014-06-10 23:16 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 01:57 - 2014-06-10 23:16 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 01:56 - 2014-06-10 23:16 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 01:54 - 2014-06-10 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 01:50 - 2014-06-10 23:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 01:49 - 2014-06-10 23:16 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 01:40 - 2014-06-10 23:16 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 01:21 - 2014-06-10 23:16 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 01:15 - 2014-06-10 23:16 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 01:13 - 2014-06-10 23:16 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-27 23:09 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather\AppData\Local\VirtualStore
2014-05-27 12:21 - 2013-11-16 18:34 - 00000000 ____D () C:\Users\Heather\AppData\Local\0B68D9BD-3702-4929-B2D2-A7AD417E444C.aplzod
2014-05-27 12:21 - 2011-11-29 23:26 - 00000000 ____D () C:\Users\Heather\Documents\Outlook Files
2014-05-21 22:28 - 2011-12-07 14:40 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-05-19 21:40 - 2014-03-15 11:32 - 00001996 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-15 09:35 - 2014-01-20 13:58 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 09:35 - 2011-12-22 11:57 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 09:35 - 2011-12-22 11:57 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 19:27 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather
2014-05-14 03:01 - 2012-04-12 07:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 03:01 - 2011-11-22 14:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT

Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 00:08

==================== End Of Log ============================



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:45 AM

Posted 13 June 2014 - 03:42 AM

I notice that you have multiple anti virus programs installed on your system. If more than one program is running real time protection, then there is a very high chance of conflicts being created. This could cause the programs to 'fight' against eachother and they may render the other useless, hence reducing your protection. It is very important to ensure that you are only running one anti virus program at the same time.

Please remove AVG2014 before we continue. I recommend AVAST for the main AntiVirus on your computer. If you are unsure about how to do this, a list of removal tools can be found here:

http://kb.eset.com/esetkb/index?page=content&id=SOLN146

 

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:


e922iil8.png

  • Click Run ESET Online Scanner

    4e3svhbd.png
  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

    p35jbmyy.png
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

    p3b9meru.png
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 June 2014 - 01:50 PM

I had a problem with Avast! in the beginning of my mess so I added AVG to have some sort of virus detector.  I just removed AVG as you stated but needed to install Avast! again because it isn't on my computer anymore (even though my logs must say it is there).  So, I went to CNET and downloaded Avast! and started to install it.  I got this message (which is the message I've gotten since I got into this mess). 

 

Process trust

Fatal error: current avast! installer is not trusted by avast! Self Defense module.  Try to launch the installer again.  I can choose two options: View log or ok. 

 

The avast! Log Viewer comes up with nothing in it (blank).  This is one of my huge problems that started the mess.  I think I found a virus that is mimicking avast!.  It wiped out a bunch of my programs.  I lost firefox (which is the browser I would usually use).  Avast is gone and I can't reinstall (which is why I tried AVG).  When I open my explorer most of the icons no longer work.  When I click on the Avast folder it says empty.  Under the games folder all the games are listed but the icons are gone and the links do not work.  Java appears to be gone.  The startup folder is empty.  For some reason I still have Microsoft office.  I had to reinstall Adobe Reader (it was gone).  Please help me get Avast back on my computer.

 

 

So, as of right now, I only have Malwarebytes as a virus detection, no Avast, no AVG (since I just removed it).  I'll continue with your steps and post my results, but I want you to know what is going on with my words and not just my logs.



#10 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 June 2014 - 02:11 PM

FRST:

 

I did what you said to do.  I put the FRST.exe and the fixlist.txt in the same folder and ran FRST.  It came up, appeared to run, and then closed down.  In its place it put FRSt.exe into a new folder FRST - OlderVersion.  It didn't have my click fix.  The only log I see appears to be the same fix log you had me download (fixlist):  I'll try downloading FRST again and your fix log again and try it again and see if I get any different result.

 

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\MountPoints2: {6b69b226-1ccf-11e1-a5d9-00215ac3682f} - G:\LaunchU3.exe -a
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
2014-06-12 20:20 - 2014-06-12 20:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe



#11 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 June 2014 - 02:18 PM

Ok, that worked better, downloading FRST again.  I got the log this time.  Here is the result:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:12-06-2014 02
Ran by Heather at 2014-06-13 13:16:48 Run:1
Running from C:\Users\Heather\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\MountPoints2: {6b69b226-1ccf-11e1-a5d9-00215ac3682f} - G:\LaunchU3.exe -a
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll No File
2014-06-12 20:20 - 2014-06-12 20:33 - 00000000 ____D () C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
'HKU\S-1-5-21-1102464934-671112430-3389638868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b69b226-1ccf-11e1-a5d9-00215ac3682f}' => Key deleted successfully.
'HKCR\CLSID\{6b69b226-1ccf-11e1-a5d9-00215ac3682f}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.
'HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}' => Key deleted successfully.
'HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}' => Key deleted successfully.
'HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}' => Key deleted successfully.
'HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\intu-help-qb2' => Key deleted successfully.
'HKCR\CLSID\{84D77A00-41B5-4b8b-8ADF-86486D72E749}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\livecall' => Key deleted successfully.
'HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\msnim' => Key deleted successfully.
'HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}'=> Key not found.
'HKCR\PROTOCOLS\Handler\skype-ie-addon-data' => Key deleted successfully.
'HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\wlmailhtml' => Key deleted successfully.
'HKCR\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\wlpg' => Key deleted successfully.
'HKCR\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}' => Key deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
'HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0' => Key deleted successfully.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll not found.
'HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin' => Key deleted successfully.
C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll not found.
'HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf' => Key deleted successfully.
C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll not found.
'HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin' => Key deleted successfully.
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll not found.
'HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2' => Key deleted successfully.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
'HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2' => Key deleted successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
'HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0' => Key deleted successfully.
C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll not found.
'HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205' => Key deleted successfully.
C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll not found.
'HKLM\Software\MozillaPlugins\@nvidia.com/3DVision' => Key deleted successfully.
C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll not found.
'HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming' => Key deleted successfully.
C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll not found.
'HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf' => Key deleted successfully.
C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll not found.
C:\Users\Heather\AppData\Local\AVG SafeGuard toolbar => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\Heather\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

 

On to step two...



#12 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 June 2014 - 02:21 PM

Step 2: FRST Scan this time:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by Heather (administrator) on HEATHER-PC on 13-06-2014 13:19:27
Running from C:\Users\Heather\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Akamai Technologies, Inc) C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
(Smilebox, Inc.) C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe
() C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Akamai Technologies, Inc) C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Heather\AppData\Local\Akamai\netsession_win.exe [3329824 2012-02-02] (Akamai Technologies, Inc)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [SmileboxTray] => C:\Users\Heather\AppData\Roaming\Smilebox\SmileboxTray.exe [317736 2013-11-04] (Smilebox, Inc.)
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Amazon Cloud Player] => C:\Users\Heather\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKU\S-1-5-21-1102464934-671112430-3389638868-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06FF198DF93DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} http://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Winsock: Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default
FF DefaultSearchEngine: Microsoft (Bing)
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Heather\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\searchplugins\bing-avast.xml
FF Extension: SlingHealth - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\Extensions\slinghealth@slingmedia.com [2011-12-21]
FF Extension: WebSlingPlayer - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\c8e37c61.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-08-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-06-09]

========================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 BRA_Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [X]
S2 c2cautoupdatesvc; "C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [X]
S3 fsssvc; "C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [X]
S3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 LightScribeService; "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [X]
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [X]
S3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [X]
S2 Seagate Dashboard Services; "C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe" [X]
S2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [X]
S3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S2 WDBtnMgrSvc.exe; "C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe" [X]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-30] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-06-12] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-01-21] () [File not signed]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-13 13:19 - 2014-06-13 13:19 - 00012182 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-06-13 13:15 - 2014-06-13 13:15 - 01073152 _____ (Farbar) C:\Users\Heather\Desktop\FRST.exe
2014-06-12 21:06 - 2014-06-12 21:06 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 21:05 - 2014-06-12 21:05 - 00001084 _____ () C:\MWAB.txt
2014-06-12 20:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-12 20:24 - 2014-06-12 20:32 - 00000000 ____D () C:\AdwCleaner
2014-06-12 20:20 - 2014-06-12 20:19 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-06-11 05:51 - 2014-06-13 12:24 - 00000224 _____ () C:\Windows\setupact.log
2014-06-11 05:51 - 2014-06-13 12:23 - 00029220 _____ () C:\Windows\PFRO.log
2014-06-10 23:16 - 2014-05-30 03:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 23:16 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 23:16 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 23:16 - 2014-05-30 02:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 23:16 - 2014-05-30 02:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 23:16 - 2014-05-30 02:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 23:16 - 2014-05-30 02:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 23:16 - 2014-05-30 02:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 23:16 - 2014-05-30 02:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 23:16 - 2014-05-30 02:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 23:16 - 2014-05-30 02:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 23:16 - 2014-05-30 02:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 23:16 - 2014-05-30 02:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 23:16 - 2014-05-30 02:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 23:16 - 2014-05-30 02:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 23:16 - 2014-05-30 02:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 23:16 - 2014-05-30 02:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 23:16 - 2014-05-30 02:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 23:16 - 2014-05-30 02:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 23:16 - 2014-05-30 01:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 23:16 - 2014-05-30 01:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 23:16 - 2014-05-30 01:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 23:16 - 2014-05-30 01:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 23:16 - 2014-05-30 01:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 23:16 - 2014-05-30 01:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 23:16 - 2014-05-30 01:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 23:16 - 2014-05-30 01:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 23:16 - 2014-05-30 01:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 23:15 - 2014-06-08 02:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 23:15 - 2014-06-08 02:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 23:15 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 23:15 - 2014-04-04 20:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 23:15 - 2014-04-04 20:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 23:15 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 23:15 - 2014-03-26 08:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 23:15 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 23:15 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 22:22 - 2014-06-10 22:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 22:22 - 2014-06-10 22:22 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 18:43 - 2014-06-13 13:19 - 00000000 ____D () C:\FRST
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\TuneUp Software
2014-06-09 20:30 - 2014-06-09 20:31 - 94714880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-06-09 19:51 - 2014-06-13 12:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 19:50 - 2014-06-12 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2014-06-12 20:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-09 19:50 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-09 19:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-09 19:04 - 2014-06-09 19:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-09 17:59 - 2014-06-09 17:59 - 00918672 _____ (Google Inc.) C:\Users\Heather\Downloads\GoogleToolbarSetup.exe
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-05-31 19:24 - 2014-05-31 19:23 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 19:23 - 2014-06-09 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 19:20 - 2014-05-31 19:20 - 00918952 _____ (Oracle Corporation) C:\Users\Heather\Downloads\jxpiinstall.exe
2014-05-31 19:18 - 2014-05-31 19:19 - 00003995 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log

==================== One Month Modified Files and Folders =======

2014-06-13 13:19 - 2014-06-13 13:19 - 00012182 _____ () C:\Users\Heather\Desktop\FRST.txt
2014-06-13 13:19 - 2014-06-10 18:43 - 00000000 ____D () C:\FRST
2014-06-13 13:19 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather\AppData\Local\Temp
2014-06-13 13:15 - 2014-06-13 13:15 - 01073152 _____ (Farbar) C:\Users\Heather\Desktop\FRST.exe
2014-06-13 13:04 - 2012-12-19 19:11 - 00000000 ____D () C:\Users\Heather\Downloads\Chugga Choo Train.... YA!
2014-06-13 13:04 - 2011-12-01 12:55 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 13:01 - 2012-04-12 07:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 12:48 - 2014-06-09 19:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 12:31 - 2009-07-13 22:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 12:31 - 2009-07-13 22:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 12:27 - 2011-12-01 12:55 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 12:24 - 2014-06-11 05:51 - 00000224 _____ () C:\Windows\setupact.log
2014-06-13 12:24 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 12:23 - 2014-06-11 05:51 - 00029220 _____ () C:\Windows\PFRO.log
2014-06-13 12:23 - 2011-11-22 15:38 - 01169876 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 12:10 - 2011-12-24 00:23 - 00000000 ____D () C:\Users\Heather\AppData\Local\Akamai
2014-06-12 21:06 - 2014-06-12 21:06 - 00000000 ____D () C:\Windows\ERUNT
2014-06-12 21:05 - 2014-06-12 21:05 - 00001084 _____ () C:\MWAB.txt
2014-06-12 20:38 - 2014-06-09 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 20:38 - 2014-06-09 19:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-12 20:38 - 2012-03-22 09:34 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 20:32 - 2014-06-12 20:24 - 00000000 ____D () C:\AdwCleaner
2014-06-12 20:19 - 2014-06-12 20:20 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-06-11 06:33 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-06-11 05:51 - 2011-12-01 12:54 - 00000000 ____D () C:\Program Files\Google
2014-06-11 05:51 - 2009-07-13 22:33 - 03929328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-11 03:19 - 2009-07-13 22:34 - 00036864 _____ () C:\Windows\system32\umstartup.etl
2014-06-11 03:18 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 03:03 - 2011-11-29 19:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:02 - 2013-08-14 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:01 - 2011-11-29 19:27 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 02:00 - 2011-12-01 12:55 - 00000000 ____D () C:\Users\Heather\AppData\Local\Adobe
2014-06-10 22:22 - 2014-06-10 22:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 22:22 - 2014-06-10 22:22 - 00001949 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 22:22 - 2011-12-01 12:55 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-06-10 22:22 - 2011-12-01 12:55 - 00000000 ____D () C:\Program Files\Adobe
2014-06-10 22:20 - 2010-11-20 15:01 - 00803042 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-09 21:46 - 2011-12-31 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-06-09 21:45 - 2014-05-31 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-09 21:45 - 2013-08-14 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-09 21:45 - 2013-05-29 07:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-06-09 21:45 - 2012-08-31 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
2014-06-09 21:45 - 2011-12-24 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-06-09 21:45 - 2011-12-21 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-06-09 21:35 - 2012-06-24 23:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-09 20:41 - 2014-06-09 20:41 - 00000000 ____D () C:\Users\Heather\AppData\Roaming\TuneUp Software
2014-06-09 20:31 - 2014-06-09 20:30 - 94714880 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-06-09 20:31 - 2011-11-29 23:07 - 00176624 _____ () C:\Users\Heather\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 20:29 - 2013-11-27 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-09 20:00 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-09 19:50 - 2012-01-03 12:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 19:49 - 2011-12-01 12:54 - 00000000 ____D () C:\Users\Heather\AppData\Local\Google
2014-06-09 19:45 - 2011-11-29 19:26 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-09 19:45 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-09 19:45 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2014-06-09 19:44 - 2014-03-15 11:32 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-06-09 19:44 - 2014-03-15 11:32 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-06-09 19:44 - 2014-03-15 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-06-09 19:42 - 2011-12-01 12:55 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-09 19:40 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-09 19:09 - 2011-11-29 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-09 19:07 - 2014-05-10 14:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-09 19:07 - 2012-07-22 15:19 - 00000000 ___RD () C:\Program Files\Skype
2014-06-09 19:07 - 2011-12-21 11:50 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2014-06-09 19:04 - 2014-06-09 19:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-06-09 19:03 - 2014-06-09 19:03 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-09 17:59 - 2014-06-09 17:59 - 00918672 _____ (Google Inc.) C:\Users\Heather\Downloads\GoogleToolbarSetup.exe
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-06-09 17:49 - 2014-06-09 17:49 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-06-09 17:47 - 2012-09-11 22:43 - 00000000 ____D () C:\Program Files\frontlinesms2
2014-06-09 17:47 - 2011-12-22 14:09 - 00000000 ____D () C:\Program Files\Java
2014-06-09 17:47 - 2011-11-29 23:23 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-06-09 17:47 - 2009-07-13 22:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-09 17:46 - 2011-11-30 19:53 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-06-08 02:48 - 2014-06-10 23:15 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 02:43 - 2014-06-10 23:15 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-01 07:23 - 2012-11-19 04:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-31 19:24 - 2013-12-01 23:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-31 19:23 - 2014-05-31 19:24 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-31 19:23 - 2014-05-31 19:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-31 19:20 - 2014-05-31 19:20 - 00918952 _____ (Oracle Corporation) C:\Users\Heather\Downloads\jxpiinstall.exe
2014-05-31 19:19 - 2014-05-31 19:18 - 00003995 _____ () C:\Windows\system32\jupdate-1.7.0_60-b19.log
2014-05-30 03:18 - 2014-06-10 23:16 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 03:02 - 2014-06-10 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 03:02 - 2014-06-10 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 02:44 - 2014-06-10 23:16 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 02:43 - 2014-06-10 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 02:42 - 2014-06-10 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 02:38 - 2014-06-10 23:16 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 02:34 - 2014-06-10 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 02:33 - 2014-06-10 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 02:30 - 2014-06-10 23:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 02:28 - 2014-06-10 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 02:28 - 2014-06-10 23:16 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 02:27 - 2014-06-10 23:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 02:21 - 2014-06-10 23:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 02:16 - 2014-06-10 23:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 02:10 - 2014-06-10 23:16 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 02:06 - 2014-06-10 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 02:04 - 2014-06-10 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 02:02 - 2014-06-10 23:16 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 01:57 - 2014-06-10 23:16 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 01:56 - 2014-06-10 23:16 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 01:54 - 2014-06-10 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 01:50 - 2014-06-10 23:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 01:49 - 2014-06-10 23:16 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 01:40 - 2014-06-10 23:16 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 01:21 - 2014-06-10 23:16 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 01:15 - 2014-06-10 23:16 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 01:13 - 2014-06-10 23:16 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-27 23:09 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather\AppData\Local\VirtualStore
2014-05-27 12:21 - 2013-11-16 18:34 - 00000000 ____D () C:\Users\Heather\AppData\Local\0B68D9BD-3702-4929-B2D2-A7AD417E444C.aplzod
2014-05-27 12:21 - 2011-11-29 23:26 - 00000000 ____D () C:\Users\Heather\Documents\Outlook Files
2014-05-19 21:40 - 2014-03-15 11:32 - 00001996 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-15 09:35 - 2014-01-20 13:58 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 09:35 - 2011-12-22 11:57 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 09:35 - 2011-12-22 11:57 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-14 19:27 - 2011-11-22 14:48 - 00000000 ____D () C:\Users\Heather
2014-05-14 03:01 - 2012-04-12 07:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 03:01 - 2011-11-22 14:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 00:08

==================== End Of Log ============================



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:45 AM

Posted 13 June 2014 - 02:26 PM

OK I will wait for the other logs. We will fix the AVAST issue later.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 June 2014 - 04:24 PM

Is this really the log you want?  This is all that was in the log and it was from time that I started the scan.  The pictures you listed for ESET were not the pictures/pop ups that I saw, but I followed the directions.  It found 12 things from the scan.  I found the log under c:program files\ESET\ESET Online Scanner\log.txt . I don't think this is what you want.

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
 



#15 spudnud

spudnud
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 13 June 2014 - 10:03 PM

Ok, instead of following your steps, this time I ran the ESET scanner and clicked on show scan results and copy results to clipboard.  This is what I got:

 

C:\$Recycle.Bin\S-1-5-21-1102464934-671112430-3389638868-1000\$R0HANSA\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\ProgramData\Microsoft\Windows\DRM\B51E.tmp a variant of Win32/Kryptik.AHTD trojan
C:\Users\All Users\Microsoft\Windows\DRM\B51E.tmp a variant of Win32/Kryptik.AHTD trojan
C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\63d48c42-3f07583d a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\271c0b7f-51f314f8 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Heather\Downloads\burnsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Heather\Downloads\cbsidlm-tr1_6-ImgBurn-10847481.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Heather\Downloads\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Heather\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\HEATHER-PC\Backup Set 2014-06-08 190002\Backup Files 2014-06-08 190002\Backup files 47.zip a variant of Java/TrojanDownloader.Agent.NDJ Trojan

 

 

It looks like there is some work that needs to be done...
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users